Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added ability to use ResolvesServerCert directly #36

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ecton
Copy link
Member

@ecton ecton commented Dec 16, 2021

Sorry for throwing this idea at you randomly -- happy to refactor if you'd like to see this done in a different way. It just hit me when pondering issues in BonsaiDb that this might be easy to implement -- and sure enough, it was very easy.

This would be a perfect thing for BonsaiDb, as it would completely negate the workaround I did for khonsulabs/bonsaidb#115 -- if I could provide the cert resolver that ACME powers for HTTP, it would support all the features requested in #27. That being said, we may still want to address #27 differently with an easier to use API. But for BonsaiDb, this lower-level feature would be a perfect addition.

What do you think? @daxpedda

@daxpedda
Copy link
Member

I was hoping that we could use the rustls Acceptor API, but apparently it's not in quinn, will explore this further and come back to you.

@daxpedda
Copy link
Member

So I checked this out a bit yesterday, apparently rustls needs more contributions to make the Acceptor API available for QUIC, which shouldn't actually be too hard. In the mean-time this looks like a good alternative solution.

I will review this soon!

This allows specifying the server certificate resolver either via a
KeyPair or by using the underlying rustls interface directly. Under the
hood, rustls' `with_single_cert` uses `with_cert_resolver` using an
internal private type as the resolver.

This seemed like the cleanest implementation given how the builder is
currently implemented.

Also added a rust-toolchain file to ensure local users are running
nightly as per Discord.
@ecton ecton force-pushed the dynamic-certificate-resolver branch from afeaf2c to b3b037c Compare December 16, 2021 21:36
@ecton
Copy link
Member Author

ecton commented Dec 16, 2021

I just remembered to remove the rust-toolchain file from this commit based on the message in Discord -- that's what the force push was.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants