Comments (13)
I still think it is a mistake to expose those details in your API since rumqtt doesn't need those details to work, but if you insist I will do it your way.
Here is my reasoning.
Even If you let the user specify the key type and we handle them correctly there will still be cases like this one:
Let's say we generate an RSA key with the following command
$ openssl version
OpenSSL 3.1.2 1 Aug 2023 (Library: OpenSSL 3.1.2 1 Aug 2023)
$ openssl genrsa -out client.key 2048
Although this is an RSA key, it is encoded in PKCS#8
format. Thus it will not work with Key::RSA
as that variant assumes PKCS#1
encoding.. The user has to know to select either Key::ECC
or Key::PKCS
instead to make it work. Which is very hard to figure out if you're not that deep into TLS (it took me quite a while to understand why I got Err(Tls(NoValidCertInChain))
).
So why not let Rustls deal with this instead of wrapping it in an extra layer that does not abstract anything.
For example the MongoDB rust driver also uses rustls and they accept any type of key even though they impose way more restrictions on how to certificates and keys are generated. The user does not need to specify which type they provide.
from rumqtt.
good catch, I was dealing with lot of PRs at once so lost context of "c" & "d" haha.
Please feel free to open PR!
btw for rumqttc, can we use read_one fn as we did in mentioned PR? ( Instead of introducing new variants ) Or is it better the to introduce new variant? update: after seeing the code, introducing mew variant is the best option as you suggested!
Thank you so much 😁
from rumqtt.
PR #752 is merged now, will close this issue, thank you!
from rumqtt.
Hey, this issue will be resolved with PR #743 ! Please have a look once, thank you 😁
from rumqtt.
That PR only touches rumqttd, not rumqttc. But I guess both could benefit from full rustls support.
from rumqtt.
Ah I just implemented it using read_one
. Let me know which way you prefer.
from rumqtt.
Ah I just implemented it using
read_one
. Let me know which way you prefer.
As users explicitly specify which key type they are using while adding key, let's stick with existing code and add an variant 🚀
from rumqtt.
Okay, I went with a hybrid approach. I have added the variant as a way of documenting support for the different key types, but I also kept the read_one() approach of handling the key as it is much cleaner. See #752 .
from rumqtt.
Okay, I went with a hybrid approach. I have added the variant as a way of documenting support for the different key types, but I also kept the read_one() approach of handling the key as it is much cleaner. See #752 .
Issue with the approach is that if I specify an RSA key using Key::EC(..)
, it will still work normally. This isn't what we intend right?
from rumqtt.
Yes that would still work, I agree it is a bit weird. Perhaps makes more sense to get rid of the Key
enum as the current variants were flawed anyway (ECC
didn't work for many ECC keys), but that would be a (small) breaking change.
If you want to make it error on 'wrong key format' you are burdening the user with stuff that actually works automatically but just chose to make more hard to use.
from rumqtt.
If you want to make it error on 'wrong key format' you are burdening the user with stuff that actually works automatically but just chose to make more hard to use.
That was the case due to incorrect use of function, after we correct it, this should not be a problem right?
I believe letting users specify which Key format they actually want to use it good, and as it's how it is rn, it won't cause a big breaking change as you mentioned.
wdyt?
from rumqtt.
As per your reasoning, it does make sense to remove the Key and handle reading internally.
Though I'm not much familiar with this TLS related things, so @henil & @de-sh could suggest it better!
Thank you for understanding 😊
from rumqtt.
I have removed the Key
enum now.
from rumqtt.
Related Issues (20)
- (help wanted) Reconnection has no delay/happens too frequently. HOT 1
- Wrong README installation command for rumqttc HOT 1
- vulnerability in ws_stream_tungstenite > tungstenite-rs HOT 3
- rumqttc: Include clientId, username and password in the websocket requests HOT 1
- rumqttc: port number is not used in websockets connection HOT 1
- 0.23.0 compilation error on RPi400 (stable-armv7-unknown-linux-gnueabihf) HOT 4
- Internal leakage occurs when the broker is established and the client is used to listen HOT 11
- rumqttc: add TLS using OpenSSL, without going through `native-tls` HOT 8
- rumqttd: Configurable or "smart" RusTLS options. HOT 10
- rumqttd: client certs should be configurable HOT 7
- Publish request completes after keep-alive ping message HOT 7
- Wildcard passed as topic panics HOT 1
- rumqttd usage with prebuild binary & systemd service file HOT 1
- Cannot receive message sent in another thread HOT 5
- v5::EventLoop not Send when websocket is enabled HOT 3
- Feature: Shutdown HOT 21
- RFC: rumqttc publish subscribe API design HOT 24
- rumqttd: disconnect notification does not fire for non-graceful disconnects. HOT 2
- rumqttd: Non graceful disconnects do not send last will HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rumqtt.