-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support CryptoProvider
like plugin mechanism
#228
Comments
Ah I missed #208 which is a step in the direction (sort of) |
I personally think this makes sense to implement and see #208 and #223 as steps in that general direction. I think there are some other old issues that would benefit from a solution here too (e.g. #60, #74) Are you interesting in contributing a PR for something analogous to the rustls |
I would like to work on this. Does it make sense to share (part of) this trait with the rustls? For example |
What is your motivation to work on this/what's the use case/what problem are you trying to solve? |
My motivation is basically #60. Latest time I used rcgen, it was unable to create certificate with some specific crypto algorithm, so I kept a C++ dependency which I want to remove in long term and replace it with rcgen. |
Having the ability to add support for unknown algorithms is a different use case from wanting this plugin mechanism to use one specific crypto implementation. I think the best way forward is to ask the aws_lc_rs bindings crate to extend the API to the algorithms you require, and rcgen can then add support for those algorithms in the main branch. |
@HKalbasi which algorithm(s) do you need? |
I thought this issue is precondition to using aws_lc_rs in rcgen. It has been a while since latest time I tried rcgen, now that aws_lc_rs is supported, it might be possible that now my problem is resolved. I will retry and ask the |
rustls/rustls#1540 in rustls provides a mechanism to plug in arbitrary crypto providers. While the in-tree ones only have
ring
andaws_lc_rs
, mirroring rcgen, there are out of tree providers that can be used. However, if an application depends onrcgen
, these benefits are negated (assuming a project requires all crypto to be done by a specific implementation).It would be nice to have a pluggable model.
The text was updated successfully, but these errors were encountered: