Rocket icon indicating copy to clipboard operation
Rocket copied to clipboard
verified publisher icon rwf2

[mTLS] ca_certs option seems to be a bundle, not necessarily a chain

Open FaustXVI opened this issue 9 months ago • 0 comments

What kind of documentation problem are you reporting?

Undocumented Feature

Where is the issue found?

https://rocket.rs/guide/v0.5/configuration/#mutual-tls

What's wrong?

Let's say you have two partners that you want to authenticate with mtls. Partner A gives you a certificate chain file chain_A.pem and partner B gives chain_B.pem. Both chains are distinct : they have no certificate in common. Rocket will work if you parameterize tls.mutual.ca_certs to a file containing the concatenation of both chains.

This type file is called a bundle.

The code found at https://github.com/rwf2/Rocket/blob/f9de1bf4671100b2f9c9bea6ce206fc4748ca999/core/lib/src/mtls/config.rs#L171 seems to confirm that the file is manipulated as a bundle more than a chain.

I think the documentation should talk about bundle file more than chain file or at least explicitly say that you can combine chains in the file given to rocket.

System Checks

  • [x] I confirmed that the issue still exists on master on GitHub.
  • [x] I was unable to find a previous report of this problem.

FaustXVI avatar May 05 '25 15:05 FaustXVI