-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] feat: implement support for raw public keys in TLS #2937
base: main
Are you sure you want to change the base?
Conversation
Documentation for this PR has been generated and is available at: https://n0-computer.github.io/iroh/pr/2937/docs/iroh/ Last updated: 2024-12-06T16:35:06Z |
For a hot minute I was imagining a feature on rustls to disable all non-RPK paths, imagining that we could get rid of ASN.1/DER parsing code. |
iroh-net/src/tls/resolver.rs
Outdated
use crate::tls::Authentication; | ||
|
||
#[derive(Debug)] | ||
pub(crate) struct AlwaysResolvesCert { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kind of annoying that rustls
has all the implementations for ResolvesClientCert
and ResolvesServerCert
that we need, but they're not all exposed.
There's
AlwaysResolvesClientCert
AlwaysResolvesServerCert
AlwaysResolvesClientRawPublicKeyCert
AlwaysResolvesServerRawPublicKeyCert
I'd rather not have to implement a trait outside the crate where it's defined, but eh.
Also it's super annoying that they split it up into client/server like that.
Going to wait with pushing this forward until we know if rustls/rustls#2258 might happen |
This is step 1 to land #2798
and first failing test
ed3d590
to
e44d964
Compare
Description
This is step one of #2798. This introduces the configuration of the TLS authentication method, allowing to enable the usage of raw public keys, which will lead to us being able to remove the hack of using self signed certificates.
TODOs
iroh-net
iroh
Breaking Changes
Notes & open questions
Depends on #2934 for my own sanity
Change checklist