You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, our infrastructure configures the vault server to require mTLS connections, which requires configuring client certificates for the http connection.
Also, our client certificates are encrypted with a passphrase, so they need to be decrypted before configuring them in the reqwest builder.
We started a contribution to this project (now closed), but soon we realised that it was not enough and the implementation was a bit trickier than expected, so we decided to use a custom Client in our side until this feature is fully supported here.
We are still aiming at helping with that, but it definitively requires some guidance from the maintainers:
How can we decrypt the certificates when the rustls feature is enabled?
In case that we leave the decryption out of this lib, is it ok to change String to be a Vec<u8> for the settings involving the client cert, key and passphrase? That would allow the client decrypt them and pass the raw bytes to the lib.
What about changing the ca_cert into a Vec<u8> in case we leave the reading of the CA stack to the user too?
Thanks!
The text was updated successfully, but these errors were encountered:
Hi, our infrastructure configures the vault server to require mTLS connections, which requires configuring client certificates for the http connection.
Also, our client certificates are encrypted with a passphrase, so they need to be decrypted before configuring them in the reqwest builder.
We started a contribution to this project (now closed), but soon we realised that it was not enough and the implementation was a bit trickier than expected, so we decided to use a custom
Clientin our side until this feature is fully supported here.We are still aiming at helping with that, but it definitively requires some guidance from the maintainers:
rustlsfeature is enabled?Stringto be aVec<u8>for the settings involving the client cert, key and passphrase? That would allow the client decrypt them and pass the raw bytes to the lib.ca_certinto aVec<u8>in case we leave the reading of the CA stack to the user too?Thanks!
The text was updated successfully, but these errors were encountered: