Tim Epkes

One thing to add. I believe even though the image is running, state is definitely not stored. Started up a new one via infrakit, then checked it via vagrant and...

Thank you @iron3oxide I'll check that out

For additional context, here is the code snippet let client_identity = ClientIdentity::new( Path::new("/opt/mysql/certs/client.pem"), Path::new("/opt/mysql/certs/client.key") ); let ssl_opts = SslOpts::default() .with_root_cert_path(Some(Path::new("/opt/mysql/certs/ca.crt"))) .with_client_identity(Some(client_identity)); let opts = OptsBuilder::new() .ip_or_hostname(Some("mysql.somedomain.com")) .user(Some("someuser")) .pass(Some("somepass")) .tcp_port(3306u16) .db_name(Some("mydb"))...

We found that in the code. We use RSA and pem format. We did convert our pem to der and got the same problem. Interesting aside my coworker is using...

another note, we switched out rustls back to default and it works. I'd like to see this work with rustls as it seems to be pretty most used. We wanted...

So we figured it out, based on your above questions. This triggered my co-worker to question what format we actually had. Turns out we were pkcs8, thus we converted to...

We dug into the code and when it comes to the mysql library calling rustls, it seems the call is statically defined for pkcs1. So as that was the way...

Just an update, openssl now gens by default pkcs8 and it was mentioned on a google forum that the -traditional switch (which takes a pkcs8 and converts to pkcs1 is...

A Quantum Safe certificate is just a standard x509 certificate, that uses a different algorithm. You have to compile the oqsprovider (found at https://github.com/open-quantum-safe/oqs-provider ). And then configure openssl to...

Just an update, in testing I find oqsprovider has a few issues. I filed a ticket for one and piled onto another, although it was closed so not sure they...