Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for reading PEM-encoded CA Certificates from a PEM-encoded String #1190

Open
barafael opened this issue Jan 4, 2024 · 1 comment
Labels
proposal Enhancement idea or proposal

Comments

@barafael
Copy link
Contributor

barafael commented Jan 4, 2024

Proposed change

Support passing certificates directly to the ConnectOptions as a String or Vec<u8> additionally to the existing support for file paths.

Use case

On systems without access to the file system (like cloud-hosted container images), it can be difficult to pass certificates as files to ConnectOptions::add_root_certificates. As a user of the application, you may have no filesystem access, even though you have admin access to the application itself.

Contribution

We are interested in contributing to this.

@barafael barafael added the proposal Enhancement idea or proposal label Jan 4, 2024
@Jarema
Copy link
Member

Jarema commented Jan 8, 2024

I understand your need, however this has a drawback: it does not allow reloading certs during the lifetime of the application.

I would consider using a similar callback we have for auth - one that is called every time conneciton is re-established (or established for the first time).

It will complicate the codebase a bit, but if this approach is also used for file-based certs as a provided implementation for library, maybe it would be ok.

Would be best to experiment with this idea before making the call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
proposal Enhancement idea or proposal
Projects
None yet
Development

No branches or pull requests

2 participants