-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add client authentication support for rustls #2129
base: main
Are you sure you want to change the base?
Conversation
0ad10d0
to
addae1c
Compare
Note that it is already possible to do client authentication in s2n-quic using rustls. Here's an example of how it's done: https://github.com/aws/s2n-quic/tree/main/examples/rustls-mtls. It involves implementing a TLS provider in order to enable client auth in rustls. Is there some reason why that example doesn't work for you/why you need to add this feature to the s2n-quic-rustls crate? Edit: Actually, we should probably enable client auth in rustls without having to impl the TLS provider. The rustls client auth example we have is a bit heavy handed. |
Of course anyone can use their own Provider to implement mTLS, but why not to make it into the s2n-quic-rustls, so that it can be as easy as using s2n-quic-tls? |
We're wanting to update the rustls dependency first (see #2143) and then we can get this change in |
addae1c
to
4d756b0
Compare
The rustls-mtls example was updated to demonstrate the stuffes introduced in this PR. Some off-topic thoughts: |
Regarding #1957, correct me if I'm wrong, but it seems not only an issue for rustls, but also applies to s2n-tls. Some change to |
Description of changes:
This PR adds support of client authentication to s2n-quic-rustls
Call-outs:
Testing:
I can write an example for it, but I'm not sure how it's tested automatically yet.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.