Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add builtin-roots option to SecurityContext constructor #24693

Closed
whesse opened this issue Oct 22, 2015 · 2 comments

Comments

@whesse
Copy link
Member

commented Oct 22, 2015

We should expose a way to construct new SecurityContext objects that contain the built-in CA roots that SecurityContext.defaultContext contains. If people want to modify this context, they should be able to create a new one which can be modified independently of the global one. Adding client certificates is an example of a modification people would want to do to this context.

@jakobr-google

This comment has been minimized.

Copy link
Contributor

commented Nov 14, 2017

This is even more important now, given that supported protocols for ALPN are also registered on the SecurityContext.

I need this for gRPC, where I have to declare support for h2 in ALPN, and at the same time trust the built-in roots. The only way to do that currently is through SecurityContext.defaultContext, but that causes all other unrelated connections to also negotiate h2, breaking other libraries.

Exposing trustBuiltinRoots() (or with a better name) on SecurityContext instances should fix this. I'm hoping it's possible to port the fix to stable as well.

@zanderso

This comment has been minimized.

Copy link
Member

commented Nov 14, 2017

https://dart-review.googlesource.com/#/c/sdk/+/20580/ Adds an optional named boolean parameter withTrustedRoots to the SecurityContext constructor.

@whesse whesse closed this in 0af5298 Nov 14, 2017

whesse added a commit that referenced this issue Dec 13, 2017
[dart:io] Adds optional withTrustedRoots parameter to SecurityContext()
The parameter defaults to false. This enables creating a
SecurityContext that includes the trusted root certificates that can
be modified per-connection.

fixes #24693

Change-Id: I22e5736838755ce4055f77b1b17aeb5176329240
Reviewed-on: https://dart-review.googlesource.com/20580
Reviewed-by: William Hesse <whesse@google.com>
Commit-Queue: Zach Anderson <zra@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.