Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(tls): Add ability to add multiple ca certificates #1724

Merged
merged 2 commits into from
Jun 15, 2024
Merged

feat(tls): Add ability to add multiple ca certificates #1724

merged 2 commits into from
Jun 15, 2024

Conversation

tottoto
Copy link
Collaborator

@tottoto tottoto commented Jun 12, 2024

Resolves #1629.

@tottoto tottoto force-pushed the multiple-ca-certificates branch 4 times, most recently from bd66035 to c3f9ae5 Compare June 13, 2024 10:03
djc
djc approved these changes Jun 13, 2024
View reviewed changes
Copy link
Contributor

@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the next step here to get rid of the Certificate abstraction around CertificateDer<'_>? Would be nice!

@tottoto
Copy link
Collaborator Author

tottoto commented Jun 14, 2024

I would think that Certificate interface cannot be removed to support PEM encoded certificate file.

@djc
Copy link
Contributor

djc commented Jun 14, 2024

Well, the caller would rely on rustls-pemfile so it's one less mandatory dependency to carry within tonic.

@tottoto
Copy link
Collaborator Author

tottoto commented Jun 14, 2024

Considering rustls-pemfile has major version release, I would think it would be acceptable to depend on the crate for the purpose of easiness to use.

@tottoto
Copy link
Collaborator Author

tottoto commented Jun 15, 2024

Added a method to add multiple ca certificates at once, which is useful when having some sets of certificates.

@tottoto tottoto force-pushed the multiple-ca-certificates branch from 8781f15 to 9e76a66 Compare June 15, 2024 09:27
@tottoto tottoto force-pushed the multiple-ca-certificates branch from 9e76a66 to 0837c0b Compare June 15, 2024 10:27
djc
djc approved these changes Jun 15, 2024
View reviewed changes
tonic/src/transport/channel/tls.rs Outdated
@@ -51,6 +51,13 @@ impl ClientTlsConfig {
ClientTlsConfig { certs, ..self }
}

/// Sets the multiple CA Certificates against which to verify the server's TLS certificate.
pub fn ca_certificates(self, ca_certificates: Vec<Certificate>) -> Self {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's take an impl IntoIterator<Item = Certificate> here, instead?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me. Updated to use it.

@tottoto tottoto force-pushed the multiple-ca-certificates branch from 0837c0b to 2c3ebee Compare June 15, 2024 12:09
@djc djc added this pull request to the merge queue Jun 15, 2024
Merged via the queue into hyperium:master with commit 3457f92 Jun 15, 2024
16 checks passed
@tottoto tottoto deleted the multiple-ca-certificates branch June 15, 2024 12:25
@djc djc mentioned this pull request Jun 18, 2024
Merged
@LucioFranco LucioFranco mentioned this pull request Jun 20, 2024
Merged
@lalitb lalitb mentioned this pull request Aug 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: permit multiple ca_certificates
2 participants
@tottoto @djc