New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cert Store (aka wincert) #4268
Cert Store (aka wincert) #4268
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - One comment
|
||
// Sign always returns a nil signature since this is a stub on non-supported platform | ||
func (k otherKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { | ||
_, _, _ = rand, digest, opts |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stub implementation for non-Windows ties back to L26 comment and root avoidance of creating a Windows platform copy of opts.go
since that is such a special source code file to keep maintained.
L40-41 in particular could be alternately phrased as:
func TLSConfig(_ StoreType, _ MatchByType, _ string, _ *tls.Config) error {
// _, _, _, _ = certStore, certMatchBy, certMatch, config
return ErrOSNotCompatCertStore
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops. Gave an alternate phrasing example for L29-32, not L40-41 but same thing. Linters complaining about unused variables...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For more background, this code in opts.go
is cross-platform:
Line 4342 in f854e95
case tc.CertStore != certstore.STOREEMPTY: |
The options and interface potentially directly usable if we want to tie into other 3rd-party stores in future...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the better pattern is to change the args to the functions as _
For NATS Server on Windows, provide option for TLS certificate and handshake signature to be provided by the Windows Certificate Store instead of PEM files.