Skip to content

Server selects certificate based on client's support #17

New issue
New issue
Closed as not planned
Closed as not planned
Server selects certificate based on client's support#17
Assignees
tegefaulkes
Labels
developmentStandard developmentr&d:polykey:core activity 4End to End Networking behind Consumer NAT Devices
@tegefaulkes

Description

@tegefaulkes
tegefaulkes
opened on Apr 26, 2023

Specification

We need the ability to provide an alternative certificate if the ed25519 certificate is not supported by the client. We will need this if we want to serve web pages to web browsers.

This may be implemented using the following boring SSL config options.

  1. https://docs.rs/boring/latest/boring/ssl/struct.SslContextBuilder.html#method.set_verify_algorithm_prefs
  2. https://docs.rs/boring/latest/boring/ssl/struct.SslContextBuilder.html#method.set_select_certificate_callback

Some other options may be needed. I'll need to look into this more.

Additional context

Tasks

  1. Determine if it's possible to select server certificate based on client's support for it.
  2. Implement a method for providing an alternative certificate if ed25519 is not supported.

Metadata

Metadata

Assignees

Labels

developmentStandard developmentr&d:polykey:core activity 4End to End Networking behind Consumer NAT Devices

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions