cloudflare
Feat: impl `rustls` server certificate bundle + SNI based resolver
I just added the CertAndKey::Custom(_) to be able to accept any rustls custom resolver. This makes it possible to accept in-memory certs, or to implement hot-reloading.
My original idea was to also add some code I wrote for one of my other projects and basically copy & paste it, which would make it possible to have watched, hot-reloaded certs out of the box, but I was not sure if this would maybe be too high level at this point. I will release it as a separate crate anyway, because it was too high level to be implemented into rustls directly. The CertAndKey::Custom(_) makes it possible to use this external crate for instance directly, if someone wants to.
@drcaramelsyrup it's ready for review. I don't have any "request review" button I can press and I thought having it not marked as a draft would be an indicator. Anyway, it's ready and a review would be nice. :)
I think the TlsSettings::intermediate_bundle feature from this PR is extremely useful, since it allows Pingora proxies to act just like haproxy and automatically select based on SNI.
Any blockers to it's merge? Any way I can help?
Seconded, I'm not strong with Rust yet so I can't offer review but this would be handy.
I just crossed with this very same need. Any chance a maintainer could review it?
