Add Rust bindings method to create certs without private keys #3860
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lrstewart
force-pushed
the
binding_cert_min
branch
from
d6d4780 to
3414ded
Compare
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
There are two mutually exclusive approaches to configuring certs in s2n-tls. You can either set a single "s2n-owned" certificate of each type on the config via s2n_config_add_cert_chain_and_key, or you can set a variable number of "application-owned" certificates of each type via s2n_cert_chain_and_key_new and s2n_config_add_cert_chain_and_key_to_store. s2n-tls will manage the lifecycle of "s2n-owned" certs, but the application is responsible for managing "application-owned" certificates. s2n-tls currently prefers "application-owned", and the "s2n-owned" methods are marked deprecated.
The current method to load a certificate without a private key is only available from the "application-owned" approach: s2n_cert_chain_and_key_load_public_pem_bytes. However, the s2n-tls Rust bindings currently only use "s2n-owned" certificates, and don't offer the CertChainAndKey structure that would be required to support "application-owned" certificates.
Adding "application-owned" certificates to the bindings wouldn't be particularly easy. We'd need to add some C methods to retrieve the certificates associated with a config in order to properly implement Drop for CertChainAndKey. We'd also need to replace the current "s2n-owned" implementation of the existing methods, because you can't mix "s2n-owned" and "application-owned" so supporting both would be a bit of a foot gun. We'd either need to remove set_ocsp_data, accept that it's a sharp edge and will fail when combined with setting more than one cert, or find a way to make it inaccessible if the Config builder has a second cert set.
So as a faster, simpler solution, I've chosen to add an API to allow "s2n-owned" certificates to be created without public keys. I made it internal, so we should be able to remove it when/if we switch the bindings to "application-owned" certificates. However, there wouldn't really be any harm in adding it to the public API, so I could do that instead.
Testing:
Basic unit test for the new C method.
Switched the async pkey tests to use the new Rust method.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.