Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: add method for retrieving client certificates #35

Closed
wants to merge 1 commit into from
Closed

server: add method for retrieving client certificates #35

wants to merge 1 commit into from

Conversation

FlorianUekermann
Copy link

Fixes #33

@nacardin
Copy link

Is anything preventing this from getting merged?

Dessix
Dessix suggested changes Oct 21, 2020
View reviewed changes
src/server.rs
@@ -21,6 +21,15 @@ pub struct TlsStream<IO> {
pub(crate) state: TlsState,
}

impl<IO> TlsStream<IO> {
pub fn peer_certificates(&self) -> Option<Vec<Vec<u8>>> {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change this to return the Certificates either directly or by reference.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving #39 which does this already.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was already a pull request for returning the certificates directly ( #25 ) which was rejected in part because @skade didn't want to expose rustls. I think he has a point. A rustls certificate is just a Vec anyway.

Regarding references. I guess we could consider returning an iterator over &Vec here if you want to avoid copying the whole vector by default.

The commit adding documentation by @nacardin in #39 should be added though.

@skade
Copy link
Collaborator

skade commented Dec 4, 2020

Similar to #33, I'm not interested in a design that exposes the client certificate raw. async-tls was rather initially designed to implement high level operations on TLS connections ("Client authentication" rather than "here's the client certificate, implement client auth").

I know I'm away from this goal, as I was sidelined, which is the reason why I put a maintenance notice out, showing a path to a structured handover to new maintainers. It's important to me though that the above design is taken over along with it.

@skade skade closed this Dec 4, 2020
@FlorianUekermann FlorianUekermann mentioned this pull request Dec 7, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dessix Dessix Dessix requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

We need a method to get TlsStream's client cert
4 participants
@FlorianUekermann @nacardin @skade @Dessix