Skip to content

Allow configuring the accepted CA certificates #103

Description

@sashee

Currently, dumbpipe uses iroh with the default TLS config which is a built-in set of CAs from Mozilla (https://github.com/n0-computer/iroh/blob/908ddf5d7c15259de88129af26d4dce7481e1e69/iroh-relay/src/tls.rs#L59). I'd like to be able to define my custom CA certificates that will be used for relay connection. Ideally, dumbpipe should configure iroh to use the system-wide certificates (https://github.com/n0-computer/iroh/blob/908ddf5d7c15259de88129af26d4dce7481e1e69/iroh-relay/src/tls.rs#L41), but even adding an extra certificate would help me. These are already supported in iroh, but not exposed in dumbpipe.

Why do I need this?

I'm writing a NixOS configuration where a machine's SSH is accessible via iroh and I want to have tests for this. These tests are running without internet connectivity, so they can't use the live relays. What I can do instead is to run a fake relay in the test and have it intercept all requests destined for the normal relays. But since dumbpipe configures iroh to use the hardcoded Mozilla certificates (the default), it will reject connecting to this surrogate relay.

For now, I can work around this by extracting the relevant parts from dumbpipe and adding the certificate handling. But it would help if it had built-in support for this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    🚑 Needs Triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions