x509: Support generating the keys and certs that relays need for TLS (!3349) · Merge requests · The Tor Project / Core / Arti

Although we never need to actually check the signature on the other party's x509 certificate, A relay does need a certificate and a private key in order to be a proper TLS server.

In this function, I've added support for making an ersatz P-256 certificate certifying a P-256 key. See the code for info about the rationale here. (Tor supports this, since it doesn't look at the key at all: only the TLS layer cares about that.)

native_tls and rustls expect to get their keys and certs in different forms, so this code provides them.

(Note that we don't expect to use native_tls with relays in the first place, but it might be useful for lower-level interop testing.)

Closes #2205.

x509: Support generating the keys and certs that relays need for TLS

Merge request reports