HTTPS connector support #490
Comments
|
Hello @tony-iqlusion , I might be off-topic so I'd like a little bit more explanations about what you try to achieve with the https connector ? For instance, I'm working to have an mTLS server that allows People with a signed certificate inside the yubikey to authenticate. I couldn't see any documentation nor issue related to this, on any library until now. And I'm asking you this because the "mTLS" authentication i'm talking about is actually an https client. Right now it's done with a mere curl that I provided openssl engine with. It's working but it's very heavy to reproduce on other machines because it depends a lot on dynamic configuration and versions. Especially on Macos, which you are provided with libressl and not openssl by default. And you can't have engine with libressl. And once it's done you must configure the curl to use the openssl you provided, to have all the engine... By any chance, do you have any insights about this, a working library that can achieve that, or maybe, the curent topic you did an issue for that i'm currently answering to ? Regards, PS: I might really be off-topic because i'm not exactly using an yubihsm but a Yubikey 5c which also supports PIV and that are usb c. |
|
There aren't any specific plans for this feature. FWIW our usages at @iqlusioninc are entirely via the USB driver. I would expect that initial support would largely resemble the YubiHSM SDK, with the client capable of initiating an HTTPS connection to a process like Note I'm not planning on working on this, but if someone would like to add |
Presently the HTTP connector uses a bespoke minimalist HTTP client embedded in this crate which does not support SSL/TLS:
yubihsm.rs/src/connector/http/client.rs
Line 2 in 016d1c6
It could potentially be replaced by a crate like
ureqwhich supports HTTPS via e.g. rustlsThe text was updated successfully, but these errors were encountered: