Skip to content

Comments

feat(tls): Add ability to add multiple ca certificates#1724

Merged
djc merged 2 commits intohyperium:masterfrom
tottoto:multiple-ca-certificates
Jun 15, 2024
Merged

feat(tls): Add ability to add multiple ca certificates#1724
djc merged 2 commits intohyperium:masterfrom
tottoto:multiple-ca-certificates

Conversation

@tottoto
Copy link
Collaborator

@tottoto tottoto commented Jun 12, 2024

Resolves #1629.

@tottoto tottoto force-pushed the multiple-ca-certificates branch 4 times, most recently from bd66035 to c3f9ae5 Compare June 13, 2024 10:03
djc
djc approved these changes Jun 13, 2024
View reviewed changes
Copy link
Contributor

@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the next step here to get rid of the Certificate abstraction around CertificateDer<'_>? Would be nice!

@tottoto
Copy link
Collaborator Author

tottoto commented Jun 14, 2024

I would think that Certificate interface cannot be removed to support PEM encoded certificate file.

@djc
Copy link
Contributor

djc commented Jun 14, 2024

Well, the caller would rely on rustls-pemfile so it's one less mandatory dependency to carry within tonic.

@tottoto
Copy link
Collaborator Author

tottoto commented Jun 14, 2024

Considering rustls-pemfile has major version release, I would think it would be acceptable to depend on the crate for the purpose of easiness to use.

@tottoto
Copy link
Collaborator Author

tottoto commented Jun 15, 2024

Added a method to add multiple ca certificates at once, which is useful when having some sets of certificates.

@tottoto tottoto force-pushed the multiple-ca-certificates branch from 8781f15 to 9e76a66 Compare June 15, 2024 09:27
@tottoto tottoto force-pushed the multiple-ca-certificates branch from 9e76a66 to 0837c0b Compare June 15, 2024 10:27
djc
djc approved these changes Jun 15, 2024
View reviewed changes
tonic/src/transport/channel/tls.rs Outdated
}

/// Sets the multiple CA Certificates against which to verify the server's TLS certificate.
pub fn ca_certificates(self, ca_certificates: Vec<Certificate>) -> Self {
Copy link
Contributor

@djc djc Jun 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's take an impl IntoIterator<Item = Certificate> here, instead?

Copy link
Collaborator Author

@tottoto tottoto Jun 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me. Updated to use it.

@tottoto tottoto force-pushed the multiple-ca-certificates branch from 0837c0b to 2c3ebee Compare June 15, 2024 12:09
@djc djc added this pull request to the merge queue Jun 15, 2024
Merged via the queue into hyperium:master with commit 3457f92 Jun 15, 2024
@tottoto tottoto deleted the multiple-ca-certificates branch June 15, 2024 12:25
@djc djc mentioned this pull request Jun 18, 2024
Merged
@LucioFranco LucioFranco mentioned this pull request Jun 20, 2024
Merged
@lalitb lalitb mentioned this pull request Aug 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@djc djc djc approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: permit multiple ca_certificates

2 participants

@tottoto @djc