fabruic icon indicating copy to clipboard operation
fabruic copied to clipboard

Published 20 hours ago verified publisher icon khonsulabs

Added ability to use ResolvesServerCert directly

Open ecton opened this issue 3 years ago • 3 comments

Sorry for throwing this idea at you randomly -- happy to refactor if you'd like to see this done in a different way. It just hit me when pondering issues in BonsaiDb that this might be easy to implement -- and sure enough, it was very easy.

This would be a perfect thing for BonsaiDb, as it would completely negate the workaround I did for khonsulabs/bonsaidb#115 -- if I could provide the cert resolver that ACME powers for HTTP, it would support all the features requested in #27. That being said, we may still want to address #27 differently with an easier to use API. But for BonsaiDb, this lower-level feature would be a perfect addition.

What do you think? @daxpedda

ecton avatar Dec 16 '21 00:12 ecton

I was hoping that we could use the rustls Acceptor API, but apparently it's not in quinn, will explore this further and come back to you.

daxpedda avatar Dec 16 '21 00:12 daxpedda

So I checked this out a bit yesterday, apparently rustls needs more contributions to make the Acceptor API available for QUIC, which shouldn't actually be too hard. In the mean-time this looks like a good alternative solution.

I will review this soon!

daxpedda avatar Dec 16 '21 11:12 daxpedda

I just remembered to remove the rust-toolchain file from this commit based on the message in Discord -- that's what the force push was.

ecton avatar Dec 16 '21 21:12 ecton