nats.rs
nats.rs copied to clipboard
Support for reading PEM-encoded CA Certificates from a PEM-encoded String
Proposed change
Support passing certificates directly to the ConnectOptions
as a String
or Vec<u8>
additionally to the existing support for file paths.
Use case
On systems without access to the file system (like cloud-hosted container images), it can be difficult to pass certificates as files to ConnectOptions::add_root_certificates
. As a user of the application, you may have no filesystem access, even though you have admin access to the application itself.
Contribution
We are interested in contributing to this.
I understand your need, however this has a drawback: it does not allow reloading certs during the lifetime of the application.
I would consider using a similar callback we have for auth - one that is called every time conneciton is re-established (or established for the first time).
It will complicate the codebase a bit, but if this approach is also used for file-based certs as a provided implementation for library, maybe it would be ok.
Would be best to experiment with this idea before making the call.