feat(transport): Add system root anchors for TLS #114
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jen20
force-pushed
the
jen20/tls-trust-roots
branch
from
10d0532
to
5f0e7e9
Compare
LucioFranco
reviewed
Nov 4, 2019
jen20
force-pushed
the
jen20/tls-trust-roots
branch
from
5f0e7e9
to
4b49811
Compare
LucioFranco
reviewed
Nov 4, 2019
LucioFranco
reviewed
Nov 4, 2019
jen20
force-pushed
the
jen20/tls-trust-roots
branch
2 times, most recently
from
34a9677
to
9fe4224
Compare
jen20
changed the title
jen20
force-pushed
the
jen20/tls-trust-roots
branch
from
9fe4224
to
bc5c962
Compare
|
I've updated this in light of the new |
jen20
force-pushed
the
jen20/tls-trust-roots
branch
from
bc5c962
to
68462d2
Compare
|
Fixes #101. |
LucioFranco
approved these changes
Nov 9, 2019
As per hyperium#101, it is sometimes desirable to use standard web PKI roots for gRPC clients. This commit adds a method to ClientTlsConfig to add the trust roots from the system certificate store: - OpenSSL uses `openssl-probe` to search the system for roots. - Rustls uses `rustls-native-certs` to load the system roots. Enabling the `openssl-roots` or `rustls-roots` feature for `tonic` in `Cargo.toml` will add system roots by default when configuring a gRPC client.
jen20
force-pushed
the
jen20/tls-trust-roots
branch
from
68462d2
to
565e650
Compare
|
Docs for the new feature flags are now added in |
LucioFranco
approved these changes
Nov 9, 2019
LucioFranco
changed the title
rabbitinspace
pushed a commit
to satelit-project/tonic
that referenced
this pull request
Jan 1, 2020
As per hyperium#101, it is sometimes desirable to use standard web PKI roots for gRPC clients. This commit adds a method to ClientTlsConfig to add the trust roots from the system certificate store: - OpenSSL uses `openssl-probe` to search the system for roots. - Rustls uses `rustls-native-certs` to load the system roots. Enabling the `openssl-roots` or `rustls-roots` feature for `tonic` in `Cargo.toml` will add system roots by default when configuring a gRPC client.
brentalanmiller
pushed a commit
to brentalanmiller/tonic
that referenced
this pull request
Oct 6, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As per #101, it is sometimes desirable to use standard web PKI roots for gRPC clients. This commit adds a method to
ClientTlsConfigto allow this. The behaviour differs per TLS library:openssl-probeto search the system for roots and add them.Rustls adds the Mozilla-supplied roots from thewebpki-rootscrate.This is not feature flagged, as there appears to be no convenient way to gate a dependency on multiple conditions.