Skip to content

No example or function to create an SSLConfig where you need a cert as a client #237

Description

@fchorney

I recently had to use HTTP.jl and MbedTLS.jl to set up a situation where I was a client trying to submit a post request to an endpoint. The issue was that I needed to have a certificate to do this. There is a function the code base which sets this up when you want to act as a server (https://github.com/JuliaLang/MbedTLS.jl/blob/master/src/MbedTLS.jl#L108-L120) but not a client.

It would be nice if there was a similar function for when you want to act as a client. I ended up using the following:

    # Create SSL RNG
    entropy = MbedTLS.Entropy()
    rng = MbedTLS.CtrDrbg()
    MbedTLS.seed!(rng, entropy)

    # Read in the certificate files
    cert = MbedTLS.crt_parse_file(ssl_cert_path)
    key = MbedTLS.parse_keyfile(ssl_key_path)

    # Create SSLConfig with our pulled in certificate
    conf = MbedTLS.SSLConfig()
    MbedTLS.config_defaults!(conf)
    MbedTLS.rng!(conf, rng)
    MbedTLS.own_cert!(conf, cert, key)
    MbedTLS.ca_chain!(conf)

    return conf

On that note, similar to #231 it would be nice if MbedTLS could accept a singular pfx file instead of having to break it up into cert and key.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions