tiny icon indicating copy to clipboard operation
tiny copied to clipboard
verified publisher icon osa1

Added support for SASL EXTERNAL

Open trevarj opened this issue 4 years ago • 2 comments

A user can now generate a x509 certificate, register it with a server, and provide the PEM file to tiny for use over TLS.

Closes #196

Overview:

  1. Bumped rustls crates
  2. Added configuration for SASL EXTERNAL, where a user specifies a path to a PEM file with a certificate inside (generated with instructions from server).
  3. Use user provided certificate in TLS connector config for client authorization (crates/libtiny_client/src/stream.rs)

trevarj avatar Nov 14 '21 08:11 trevarj

Native TLS using openssl is waiting on https://github.com/sfackler/rust-native-tls/pull/209, which will make it much more convenient to add the user's certificate.

trevarj avatar Nov 14 '21 08:11 trevarj

Are you currently using this? I didn't test it myself.

Yes, I think I will continue once merged too.

trevarj avatar Nov 15 '21 18:11 trevarj

Fixed conflicts after pass cmd feature.

Needs testing still.

trevarj avatar Dec 18 '22 20:12 trevarj

@osa1 Tested using new password commands and SASL EXTERNAL. Both working as expected! If you still want to merge this, it should be a fairly quick code review.

trevarj avatar Dec 19 '22 10:12 trevarj

I will have to read a bit about SASL EXTERNAL

Links that I also put in code comments: https://ircv3.net/docs/sasl-mechs https://www.alphachat.net/sasl.xhtml

trevarj avatar Dec 19 '22 16:12 trevarj

@osa1 Updated CHANGELOG. I created a stub page on the wiki to add configuration details later.

trevarj avatar Dec 31 '22 08:12 trevarj