-
-
Notifications
You must be signed in to change notification settings - Fork 987
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Add support for PKCS12 / PFX client certificates for mTLS #2336
base: main
Are you sure you want to change the base?
Feat: Add support for PKCS12 / PFX client certificates for mTLS #2336
Conversation
6312a86
to
07d3089
Compare
Thank you @pietrygamat ! @lohxt1 Lets target this to have it merged for next weeks release. |
07d3089
to
bf4eb21
Compare
Guys, can we get this PR merged, please? |
+1 :-) I want to present bruno to my colleagues as the better alternative to postman - but I need the change bc of our client certificates environments |
When clicking on the Add certificate button, it says "Successfully added client certificate" but nothing appears in the Client Certificates list |
ignore my last comment. |
adding a +1 from community here. this fixed our problem. |
Hey @pietrygamat There are some issues with this PR. The "clientCertificates": {
"enabled": true,
"certs": [
{
"domain": "www.usebruno.com",
"certFilePath": "/Users/anoop/foo.cert",
"keyFilePath": "/Users/anoop/bar.key",
"passphrase": ""
}
]
}, I recommend saving an additional key called
What do you think? |
Hmm... I cannot reproduce this... Once I click add,
Let me clarify: Or are you proposing to go Postman route and present the user with 3 input fields instead of 2, and prioritize the pfx when prepping request, but keep all 3 values in json? My problem with that is the logic to prioritize one over the other must be communicated to the user somehow. Postman sucks for just that - not communicating what happens here: do I have to fill all the fields? If I do, which will postman choose? Maybe both? But where does the passphrase apply then? To pfx or to encrypted key? Insomnia does a better job at explaining that these are either-or values, but still accepts all inputs at once, ending up with confusing state of having pfx, key and passphrase (for key? pfx?) in the UI: To avoid that, and do better, we should make the UI disable incompatible inputs depending on user first selection, but in a more complex scenario like this there is much more logic to add. For example something as easy as unselecting a file from input before submitting the form - we are missing a clear/reset button now, so to unload a file you have to open file chooser, select nothing and click cancel* . That's not ideal flow, but so far changing it has been out of scope of this PR. It will no longer be, if we aim to not be sloppy :). *) Note, this crashes current release, btw, fixed in this PR |
…ar form on submit, clear file inputs to visually match underlying object
bf4eb21
to
1d64636
Compare
I added additional change to cover that. |
Description
This change allows bruno to use client certificates stored in PFX / PKCS12 files in addition to regular PEM cert/key pairs.
Updated the Client Certificate selection in Collection view so that the user can specify if they are using pfx format, in which case the key file becomes unnecessary, and the control disabled. The passphrase field works for both formats.
Axios used by bruno has the support built-in so this change is a rather trivial one, with only the question of UI to solve.
resolves #1889
resolves #1698
Contribution Checklist:
For reference: Postman implementation