[GODRIVER-366] Use certificate store for certificate lookup Created: 16/Apr/18  Updated: 24/Jul/20  Resolved: 24/Jul/20

Status: Closed
Project: Go Driver
Component/s: Options & Configuration
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Gregory McKeon (Inactive) Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

On Mac OS X, the server allows users to look up a certificate from the certificate store rather than from a PEM file. We should provide a similar capability – or at least the ability to provide such a cert via an option, as the tools project will need that to match the server and we'd like to avoid needing a custom dialer once we switch to the Go driver.



 Comments   
Comment by David Golden [ 01/May/18 ]

As the server has moved to using native TLS on OS X (Secure Transport), it has added command line options to let users select keys from the user/system keychain certificate store. Because the command line tools try to match server command line options for configuration, the server tools will likely provide a similar capability.

The driver currently only supports providing SSLClientCertificateKeyFile and SSLClientCertificateKeyPassword options and is oblivious to the keychain certificate store.

If the driver implements the ability to get certs/keys from the certificate store, then the tools can delegate this work to the driver. If the driver does not implement this capability, then the tools will have to implement both the capability and a custom TLS dialer to user such certificates/keys.

As a middle ground, if the driver allows certs/keys to be provided in byte form rather than a file name, the tools can implement the cert store lookup and the driver can consume the resulting bytes. (That doesn't change the amount of code to be written – it only partitions this ticket across two projects.)

Generated at Thu Feb 08 08:34:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.