malloy icon indicating copy to clipboard operation
malloy copied to clipboard

Consider using Botan for host certificate store access

Open Tectu opened this issue 2 years ago • 4 comments

Currently, we're using certify for accessing the host's certificate store. It might be worth considering using Botan instead (https://github.com/randombit/botan).

Tectu avatar Apr 24 '24 16:04 Tectu

Perhaps, you could even consider using Botan as your (alternative) TLS provider, which then includes certificate validation with its system certificate store adapters, of course. I see you're using asio's ssl_stream that uses OpenSSL underneath. Botan provides a "more-or-less" drop in replacement for this. 🙂

reneme avatar Apr 25 '24 05:04 reneme

That's a good suggestion - Thanks for pointing that out!

Ideally we'd make this options so users can pick one or the other.

Tectu avatar Apr 26 '24 01:04 Tectu