feat: support custom root certificates in WASM bindings#1119
Open
feat: support custom root certificates in WASM bindings#1119
Conversation
heeckhau
force-pushed
the
feat/custom-root-certs
branch
from
c321b60 to
5c6a917
Compare
Add `root_certs` option to `ProverConfig` and `VerifierConfig` in sdk-core and WASM bindings, allowing custom DER-encoded root certificates for TLS server verification. When not provided, Mozilla root certificates are used as the default. - Add `root_certs: Option<Vec<Vec<u8>>>` to sdk-core configs with builder methods - Add `mozilla-certs` feature flag to sdk-core for conditional fallback - Wire custom root certs through WASM prover/verifier config layers - Remove stale `tests.rs` and unused `test` feature from wasm crate - Clean up unused wasm dependencies (tlsn, tlsn-core, tlsn-tls-core, tlsn-server-fixture-certs) - Add `sdk_core` harness test plugin exercising the full MPC-TLS flow with custom root certs Closes #618
heeckhau
force-pushed
the
feat/custom-root-certs
branch
from
5c6a917 to
f870a70
Compare
…builders - ProverConfigBuilder::build and VerifierConfigBuilder::build now return Result, resolving root certificates eagerly instead of at protocol time. Missing certs without mozilla-certs feature is now caught at config construction. - Custom DER certificates are validated via webpki::anchor_from_trusted_cert so invalid bytes produce a clear error with index, not a cryptic TLS handshake failure. - Added unit tests for invalid DER rejection, mozilla fallback, and missing-certs error path.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
root_certs: Option<Vec<Vec<u8>>>toProverConfigandVerifierConfigin sdk-core and WASM bindings, allowing custom DER-encoded root certificates for TLS server verificationmozilla-certsfeature)tests.rsand unusedtestfeature from wasm crate, along with unused dependenciessdk_coreharness test plugin exercising the full MPC-TLS flow with custom root certsCloses #618
JS usage
Test plan
cargo check --workspacepassescargo test -p tlsn-sdk-core— 28 tests passcargo test -p tlsn -- --ignored— full integration test passessdk_coretest on native target (./bin/runner test --name sdk_core)sdk_coretest on browser target (./bin/runner --target browser test --name sdk_core)🤖 Generated with Claude Code