๐Ÿ’พ Archived View for station.martinrue.com โ€บ ethereal โ€บ 6d9224256dae4203a1e28bf562149a3d captured on 2023-01-29 at 06:09:13. Gemini links have been rewritten to link to archived content

View Raw

More Information

โฌ…๏ธ Previous capture (2022-07-16)

โžก๏ธ Next capture (2023-03-20)

๐Ÿšง View Differences

-=-=-=-=-=-=-

๐Ÿ‘ฝ ethereal

"TLS" is not making the protocol super complicated

My fucking ass

First I tried rust-native-tls, but it had *no* support for client certificates.

Then I tried rustls, this time things looked a lot more promising. In general I actually quite like the way that it has been designed.

But as it turned out, it relies on webpki, which has no support for v1 certificates, which are the default certificates used by Lagrange (and probably others).

At this point I feel like I am better off just implementing the TLS protocol myself (or maybe abandoning the idea of doing it in rust and just going back to C)

1 year ago ยท ๐Ÿ‘ skyfaller

Actions

๐Ÿ‘‹ Join Station

3 Replies

๐Ÿ‘ฝ defunct

and then you could just terminate ssl in haproxy ๐Ÿ™ˆ which is what I am doing and then route via SNI. I am not missing anything ยท 1 year ago

๐Ÿ‘ฝ ethereal

I might have overreacted a bit.

I ended up importing a v3 cert into lagrange which works. It seems gemserv uses "rust-openssl" and if indeed they have gotten that to work with lagrange and user certs, I might just switch.

Thank you :) ยท 1 year ago

๐Ÿ‘ฝ kevinsan

I feel your pain. You might glean useful information from the gemserv project. It's written in rust, supports client certificates, and works with lagrange. ยท 1 year ago