Custom TLS config #4032
Custom TLS config #4032
Conversation
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
| } | ||
|
|
||
| /// Build a new [TlsContext] | ||
| pub fn build(self) -> Result<TlsContext, BoxError> { |
There was a problem hiding this comment.
Do we want a custom error type here?
There was a problem hiding this comment.
Yeah, we probably should.
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
| /// This may be called more than once to add multiple certificates. | ||
| /// NOTE: PEM certificate contents are not validated until passed to the configured | ||
| /// TLS provider. | ||
| pub fn with_pem_certificate(mut self, pem_bytes: &[u8]) -> Self { |
There was a problem hiding this comment.
Maybe impl AsRef<u8> or Into<Vec<u8>>?
There was a problem hiding this comment.
Maybe we should have this and add_pem_certificate return a Result to allow for validation errors in the future to be pulled forward?
There was a problem hiding this comment.
Maybe we should have this and add_pem_certificate return a Result to allow for validation errors in the future to be pulled forward?
I think that is reasonable, and likely much easier to debug for a user than succeeding here and failing in rustls
There was a problem hiding this comment.
Maybe impl AsRef or Into<Vec>?
I probably prefer the latter since that's being honest about the function needing an owned value.
There was a problem hiding this comment.
Yeah it's only that way really because we have to store it until we convert it to either rustls or s2n configuration objects. I think if we were able to move to a common format and validate up front it maybe wouldn't be required to own it. Not 100% sure it will/would work out that way though.
There was a problem hiding this comment.
I think that is reasonable, and likely much easier to debug for a user than succeeding here and failing in rustls
Theres no way to move this forward (this being the possible validation errors). I'm going to leave it as is and if we ever have that capability we can at least validate in TlsContextBuilder::build() that the trust store configured is valid.
| /// This may be called more than once to add multiple certificates. | ||
| /// NOTE: PEM certificate contents are not validated until passed to the configured | ||
| /// TLS provider. | ||
| pub fn with_pem_certificate(mut self, pem_bytes: &[u8]) -> Self { |
There was a problem hiding this comment.
Maybe we should have this and add_pem_certificate return a Result to allow for validation errors in the future to be pulled forward?
I think that is reasonable, and likely much easier to debug for a user than succeeding here and failing in rustls
| } | ||
|
|
||
| /// Build a new [TlsContext] | ||
| pub fn build(self) -> Result<TlsContext, BoxError> { |
There was a problem hiding this comment.
Yeah, we probably should.
| /// This may be called more than once to add multiple certificates. | ||
| /// NOTE: PEM certificate contents are not validated until passed to the configured | ||
| /// TLS provider. | ||
| pub fn with_pem_certificate(mut self, pem_bytes: &[u8]) -> Self { |
There was a problem hiding this comment.
Maybe impl AsRef or Into<Vec>?
I probably prefer the latter since that's being honest about the function needing an owned value.
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
Motivation and Context
Description
Introduces a new
TlsContextthat can be used to customize TLS configuration. Currently that only includes supplying custom root certificates. This PR also refactors the way caching works. Previously we cached complete connectors with default resolver when the connector settings were known to be defaulted. The reason given in code and past commits for this caching resolves around the fact thathyper-rustlswith_native_roots()configuration option re-loads platform root certificates on each invocation. Rather than cache the connector, instead I've switched the caching to only cache loading the certificates. This reduces a bit of complexity and required context to understand when we can cache.Questions/Discussion
unwrap/expectin this code. It was this way previously but I've introduced a few more. This stems from building a connector not returning a result. I don't know that I love this but I also suppose I can understand why we chose this. Now is the time to consider whether we'd approach it differently or not though or we are simply saying a valid HTTPS configuration.rustls-pki-types) provides a way to actually parse and load the certs as an independent configuration object (trust store). The issue is it converts them to DER format which makes using this for s2n not possible. It would be nice if we could load and validate certs before passing them off to rustls/s2n in a uniform way.TlsContextand/orTrustStoreprovider builders? Currently they just self mutate which is a pattern we use in some places (e.g. stalled stream protection config comes to mind).Testing
New unit tests + existing TLS tests
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.