Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DTLS] allow providing custom certificates #168

Closed
melekes opened this issue Mar 19, 2022 · 2 comments · Fixed by #204
Closed

[DTLS] allow providing custom certificates #168

melekes opened this issue Mar 19, 2022 · 2 comments · Fixed by #204
Labels
enhancement New feature or request

Comments

@melekes
Copy link
Contributor

melekes commented Mar 19, 2022
edited

Hey! I'm building a webrtc server for Parity's light client called smoldot (https://github.com/paritytech/smoldot). The server's identity is fixed, meaning server's certificate does not change.

In the current API, one can provide a certificate, BUT there seems to be no way to actually "load" existing certificate (from pem) because

pub struct RTCCertificate {
    pub(crate) certificate: dtls::crypto::Certificate,
    pub(crate) stats_id: String,
    pub(crate) x509_cert: rcgen::Certificate,
    pub(crate) expires: SystemTime,
}

rcgen::Certificate can only be used for generating new certificates (no way to construct an existing one). Am I missing something? Thanks

Maybe we can replace x509_cert rcgen::Certificate with pem string? I don't think it's used for anything other than serialising certificate to pem. See melekes@04acecb What do you think?
melekes added a commit to melekes/webrtc that referenced this issue Mar 21, 2022
@melekes
peer_connection: replace x509_cert with pem field
04acecb 
also, make `pem` and `expires` fields private
and add `RTCCertificate::new` method, which gives a way to construct a
`RTCCertificate` using an already generated certificate (as opposed to
generating a new one using `from_params` or `from_key_pair` methods).

Fixes webrtc-rs#168
melekes added a commit to melekes/webrtc that referenced this issue Mar 30, 2022
@melekes
peer_connection: replace x509_cert with pem field
16a3cbe 
also, make `pem` and `expires` fields private
and add `RTCCertificate::new` method, which gives a way to construct a
`RTCCertificate` using an already generated certificate (as opposed to
generating a new one using `from_params` or `from_key_pair` methods).

Fixes webrtc-rs#168
@melekes melekes mentioned this issue Apr 26, 2022
Merged
4 tasks
melekes added a commit to melekes/webrtc that referenced this issue Apr 27, 2022
@melekes
peer_connection: replace x509_cert with pem field
edbc9cc 
also, make `pem` and `expires` fields private
and add `RTCCertificate::new` method, which gives a way to construct a
`RTCCertificate` using an already generated certificate (as opposed to
generating a new one using `from_params` or `from_key_pair` methods).

Fixes webrtc-rs#168
@k0nserv k0nserv added the enhancement New feature or request label May 23, 2022
melekes added a commit to melekes/webrtc that referenced this issue May 26, 2022
@melekes
peer_connection: replace x509_cert with pem field
124ab0a 
also, make `pem` and `expires` fields private
and add `RTCCertificate::new` method, which gives a way to construct a
`RTCCertificate` using an already generated certificate (as opposed to
generating a new one using `from_params` or `from_key_pair` methods).

Fixes webrtc-rs#168
@melekes
Copy link
Contributor Author

melekes commented Jun 20, 2022

fyi there's no way to do ^ in Pion: https://github.com/pion/webrtc/blob/master/certificate.go

melekes added a commit to melekes/webrtc that referenced this issue Jun 21, 2022
@melekes
peer_connection: replace x509_cert with pem field
5ac6c23 
also, make `pem` and `expires` fields private
and add `RTCCertificate::new` method, which gives a way to construct a
`RTCCertificate` using an already generated certificate (as opposed to
generating a new one using `from_params` or `from_key_pair` methods).

Fixes webrtc-rs#168
@melekes melekes mentioned this issue Jun 21, 2022
Merged
@melekes
Copy link
Contributor Author

melekes commented Jun 21, 2022

opened #204

melekes added a commit that referenced this issue Jul 4, 2022
@melekes
[peer_connection] allow persistent certificates (#204)
46fd086 
Closes #168 

This PR adds `RTCCertificate::from_existing` method, which constructs `RTCCertificate` from an existing  DTLS certificate. An existing certificate might be needed in cases like [this](libp2p/rust-libp2p#2622) where you need DTLS identity to be fixed for some period of time (whole duration of the certificate or some part of it).

* peer_connection: replace x509_cert with pem field

also, make `pem` and `expires` fields private
and add `RTCCertificate::from_existing` method, which gives a way to construct a
`RTCCertificate` using an already generated certificate (as opposed to
generating a new one using `from_params` or `from_key_pair` methods).

* make RTCConfiguration clonable

otherwise, it's not possible to reuse the same config across N peer
connections.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[peer_connection] allow persistent certificates melekes/webrtc
2 participants
@melekes @k0nserv