💾 Archived View for station.martinrue.com › ethereal › 6d9224256dae4203a1e28bf562149a3d captured on 2023-09-28 at 17:30:28. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-03-20)

➡️ Next capture (2024-08-18)

-=-=-=-=-=-=-

👽 ethereal

"TLS" is not making the protocol super complicated

My fucking ass

First I tried rust-native-tls, but it had *no* support for client certificates.

Then I tried rustls, this time things looked a lot more promising. In general I actually quite like the way that it has been designed.

But as it turned out, it relies on webpki, which has no support for v1 certificates, which are the default certificates used by Lagrange (and probably others).

At this point I feel like I am better off just implementing the TLS protocol myself (or maybe abandoning the idea of doing it in rust and just going back to C)

2 years ago · 👍 skyfaller

Actions

👋 Join Station

3 Replies

👽 defunct

and then you could just terminate ssl in haproxy 🙈 which is what I am doing and then route via SNI. I am not missing anything · 2 years ago

👽 ethereal

I might have overreacted a bit.

I ended up importing a v3 cert into lagrange which works. It seems gemserv uses "rust-openssl" and if indeed they have gotten that to work with lagrange and user certs, I might just switch.

Thank you :) · 2 years ago

👽 kevinsan

I feel your pain. You might glean useful information from the gemserv project. It's written in rust, supports client certificates, and works with lagrange. · 2 years ago