Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert Store (aka wincert) #4268

Merged
merged 1 commit into from Jun 23, 2023
Merged

Cert Store (aka wincert) #4268

merged 1 commit into from Jun 23, 2023

Conversation

tbeets
Copy link
Contributor

@tbeets tbeets commented Jun 22, 2023

For NATS Server on Windows, provide option for TLS certificate and handshake signature to be provided by the Windows Certificate Store instead of PEM files.

@tbeets tbeets requested a review from a team as a code owner June 22, 2023 19:44
derekcollison
derekcollison approved these changes Jun 22, 2023
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - One comment

server/certstore/certstore_other.go

// Sign always returns a nil signature since this is a stub on non-supported platform
func (k otherKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
_, _, _ = rand, digest, opts
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stub implementation for non-Windows ties back to L26 comment and root avoidance of creating a Windows platform copy of opts.go since that is such a special source code file to keep maintained.

L40-41 in particular could be alternately phrased as:

func TLSConfig(_ StoreType, _ MatchByType, _ string, _ *tls.Config) error {
	// _, _, _, _ = certStore, certMatchBy, certMatch, config
	return ErrOSNotCompatCertStore
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops. Gave an alternate phrasing example for L29-32, not L40-41 but same thing. Linters complaining about unused variables...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For more background, this code in opts.go is cross-platform:

nats-server/server/opts.go

Line 4342 in f854e95

case tc.CertStore != certstore.STOREEMPTY:

The options and interface potentially directly usable if we want to tie into other 3rd-party stores in future...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the better pattern is to change the args to the functions as _

@derekcollison derekcollison merged commit 3183f6e into main Jun 23, 2023
2 checks passed
@derekcollison derekcollison deleted the tgb/wincert-backport branch June 23, 2023 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekcollison derekcollison derekcollison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tbeets @derekcollison