Joe Birr-Pixton
Joe Birr-Pixton
> > Whenever possible I used the SubjectPublicKeyInfoDer type. However, sometimes the best option seems casting to a CertificateDer type. For example in AlwaysResolvesClientRawPublicKeys::new(). > > I'm curious what other...
> there is a decode error when running the example against openssl with `--verify 1`. However, this only happens when using tls1.2 not tls1.3. Reading the logs it seems to...
I guess that was just one example. To completely avoid putting an RPK into a `CertificateDer` in the public API, we'd also need to provide RPK variants of: 1. `sign::CertifiedKey`...
> One thing I don't understand yet is why this is different in TLS1.2 and TLS1.3 TLS1.3 has a `CertificateEntry` struct in the way, and ensuring there is only one...
Could you say which targets these are?
Thanks! I could see two routes for this: 1. Globally, replace all uses of Arc with a crate-local Arc type alias. For these targets, that alias would be Rc. Remove...
I think this is entirely blocked on https://github.com/rust-lang/rust/issues/32838 and https://github.com/rust-lang/wg-allocators
You will want to start at https://docs.rs/tokio-rustls/latest/tokio_rustls/struct.LazyConfigAcceptor.html rather than `rustls::server::Acceptor`.
Since PKCS#11 can't do trust decisions[^1] this would be more along the lines of rustls-native-certs (which hooks up assorted sources of root certs suitable for server authentication) than rustls-platform-verifier (which...
Thanks for the report -- could you provide any more info, eg a packet capture when this happens?