-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce a way to resolve certificates on the fly #137
Comments
Sounds like a great idea to me! |
Do you have any preferences whether it ends up being rustls'like with a new trait in the Another option is to add additional functions to the provider, along the lines of I think I am leaning towards the implied resolution in |
I don't, I think you're in a better position to make that judgement really.
Yeah, I think that approach is the best path forward. If it turns out not to be, we can always change it. |
This is a follow-up to #135
Currently, the
TlsConfig
holds CA, Device Certificate and Private Key in memory, basically for the full lifetime of the TLS connection, even though they are only used during the handshake.This can be very costly on the RAM usage for no reason at all.
I would like to introduce some sort of resolver, that can load the certificates on the fly in the handshake, and then drop them again when no longer needed.
It could be something along the lines of rustls's resolves traits:
I am not quite sure if these should be part of the
TlsConfig
or if it would make more sense to have them as part of the provider implementation somehow:Similarly, the
Verifier
could resolve theCA
, left is only something to resolve theClientCertificate
?Not sure if i am missing something obvious here though?
The text was updated successfully, but these errors were encountered: