acme-lib icon indicating copy to clipboard operation
acme-lib copied to clipboard

Published 20 hours ago verified publisher icon algesten

Consider changing openssl

Open joepio opened this issue 2 years ago • 3 comments

Hi there! Thanks for creating and maintaining this.

Since this crate depends on openssl, it is not fully self-contained. I've already encoutered a bunch of problems because of either lacking or mismatching openssl versions.

I don't think openssl is needed. I suppose a crate like ring has most of the crypto capabilities that we need here. Perhaps rustls could also help?

Not sure if I can help here, but wanted to drop the request anyways!

joepio avatar Feb 02 '23 20:02 joepio

I think openssl is mainly used for creating private keys and certificate requests. https://github.com/algesten/acme-lib/blob/master/src/cert.rs

There can definitely be better ways of doing that. PRs welcome!

algesten avatar Feb 02 '23 20:02 algesten

I tried making a start for migrating OpenSSL to Ring, but it looks like ring doesn't have support for PEM encoding. Since the PEM encoding is used everywhere in this repo, I'm not quite sure how to deal with this. Perhaps simply using the pem crate?

Anyways, it looks like a bit too much new stuff for me to dive into now. Sorry.

joepio avatar Feb 04 '23 19:02 joepio

I may take a look into swapping things over to another self-contained crate if I have the time, would a pull request doing this be accepted @joepio?

Jaffa-Cakes avatar May 13 '23 03:05 Jaffa-Cakes