Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: allow generating TLS key pairs for use outside of libp2p #1538

Closed
peterargue opened this issue Nov 5, 2021 · 2 comments · Fixed by #1481
Closed

tls: allow generating TLS key pairs for use outside of libp2p #1538

peterargue opened this issue Nov 5, 2021 · 2 comments · Fixed by #1481

Comments

@peterargue
Copy link
Contributor

We have a use case where we'd like to authenticate a node's gRPC interface using the same identity as the node's libp2p interface. This is currently possible by extracting the key pair from the Identity struct generated in crypto.go, however, the default certificate generated does not contain all of the fields required by 3rd party TLS implementations to verify the peer. See libp2p/go-libp2p-tls#97

Given this is not a standard use case, it may not make sense to build in special support for custom certificate options. However, we could implement that easily if the keyToCertificate method was exported along with a new method that returns the signed pkix.Extension.

@marten-seemann
Copy link
Contributor

We have a use case where we'd like to authenticate a node's gRPC interface using the same identity as the node's libp2p interface.

Why don't you just run gRPC over a libp2p stream?

@peterargue
Copy link
Contributor Author

peterargue commented Nov 11, 2021

we chose to not use libp2p streams because our gRPC interface is public and

  1. we don't want to require all gRPC clients to use libp2p libraries
  2. we want to allow node operators to use off the shelf services for TLS termination (e.g. a sidecar proxy that terminates ssl and handles rate limiting)

@marten-seemann marten-seemann changed the title Allow generating TLS key pairs for use outside of libp2p tls: allow generating TLS key pairs for use outside of libp2p May 25, 2022
@marten-seemann marten-seemann transferred this issue from libp2p/go-libp2p-tls May 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
2 participants