Skip to content

Cert-based authentication #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 5, 2022
Merged

Cert-based authentication #48

merged 2 commits into from
Jan 5, 2022

Conversation

zugzwang
Copy link
Collaborator

@zugzwang zugzwang commented Jan 3, 2022

No description provided.

@zugzwang zugzwang changed the title Cert-based authentication WIP: Cert-based authentication Jan 4, 2022
@zugzwang
Cert-based authentication
84c8e12 
Read FORTANIX_PKCS12_ID for the PKCS12 file, unlock with a password
prompt.
@zugzwang zugzwang changed the title WIP: Cert-based authentication Cert-based authentication Jan 4, 2022
@xinyufort
Copy link

Aside (no need to address this right now): do you think it would be good to, in the future, support certificate-based auth using a PKCS 8 private key and a X.509 certificate, instead of requiring a PKCS 12 bundle? (There's an open PR in rust-native-tls that may prove helpful: sfackler/rust-native-tls#209 -- which I admittedly need to contribute to)

xinyufort
xinyufort approved these changes Jan 5, 2022
View reviewed changes
Copy link

@xinyufort xinyufort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catching of the verbosity errors!

@zugzwang zugzwang merged commit 95fdd9a into main Jan 5, 2022
@zugzwang zugzwang deleted the cert-based-auth branch January 5, 2022 07:20
@zugzwang
Copy link
Collaborator Author

zugzwang commented Jan 5, 2022

do you think it would be good to, in the future, support certificate-based auth using a PKCS 8 private key and a X.509 certificate, instead of requiring a PKCS 12 bundle?

Yes, definitely, thanks for the link, I will follow it! I am not fancy of forcing the user to play around with private keys and introduce dependencies, even if it is only to create the PKCS12 identity (e.g. openssl pkcs12 -export ...).

@zugzwang zugzwang linked an issue Jan 6, 2022 that may be closed by this pull request
Support other authentication methods #37
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xinyufort xinyufort xinyufort approved these changes

@darktower darktower Awaiting requested review from darktower

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support other authentication methods
2 participants
@zugzwang @xinyufort