pub fn refresh_native_roots() -> Result<Arc<RootCertStore>, NativeRootsError>Expand description
Re-read the OS trust store and atomically swap the cached snapshot when the load succeeds.
Long-lived daemons call this on a periodic timer or in response to an operator-triggered mgmt verb so OS-side CA updates land without a process restart. On failure the previous snapshot is preserved and a warning is logged — operators still see a working trust store while the load error surfaces in the warn record.
§Errors
Returns the new load attempt’s error verbatim. The cached value
is not replaced with the error in that case; subsequent
native_roots callers continue to see whichever outcome was
last cached (typically the prior successful store).