visibility of OwnedTrustAnchor

[dingelish]

Hi ctz,

Our team is using rustls to terminate TLS connections under the spiffe framework. rustls works pretty well and we all like it! The only problem in our implementation is that we have to use OwnedTrustAnchor::to_trust_anchor to verify certificates, while OwnedTrustAnchor is not a pubed structure. We're using an internal fork of rustls and wonder if you can make it public. It'll be the best if we can use it directly from crates.io and we don't mind feature gating. Really appreciate your help. Thanks!

Best,
Yu

[ctz]

I've added a test in 1b99071 that checks that this is usable outside the crate already -- could you look at the test and tell me if I've misunderstood what you're asking for?

[nightkr]

@ctz Both the struct and method are pub, but the struct is unreachable (since the anchors module isn't pub, and OwnedTrustAnchor isn't covered by the same pub use as RootCertStore.

[blaggacao]

@ctz @dingelish Would it be conceivable to add yours as a sort of contrib implementation of the SPIFFE protocol to rustls?

[dingelish]

@ctz @dingelish Would it be conceivable to add yours as a sort of contrib implementation of the SPIFFE protocol to rustls?

@blaggacao sgtm. thanks!

[blaggacao]

Breadcrumb trail — See also discussion at: https://www.mail-archive.com/openssl-users@openssl.org/msg88596.html

And probably: rwf2/Rocket#1448