You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently found myself needing x/crypto/acme/autocert's func supportsECDSA but it's not exported.
Copy/pasting it works, but is slightly sad as it's kinda long and I worry about it getting out of sync.
It's possible to use it indirectly via ugly hacks like tailscale/scertec#3 (using a fake acme/autocert.Cache that looks which keys are accessed) but it's a bit too ugly.
Proposal: export that code somewhere? method on ClientHelloInfo even?
This seems like something that would likely be useful in general for people writing Config.GetCertificate functions.
We kind of have an inverse version of this already with ClientHelloInfo.SupportsCertificate, but that requires you already have a certificate to test against, which is obviously not the case in this case and the autocert case (hence why it had to be written in the first place).
I'd not be opposed to adding the following method in crypto/tls:
// SupportsECDSA returns true if the ClientHelloInfo indicates the the client supports both ECDSA based
// key exchanges and cipher suites.
func (*ClientHelloInfo) SupportsECDSA() bool
Proposal Details
I recently found myself needing x/crypto/acme/autocert's
func supportsECDSA
but it's not exported.Copy/pasting it works, but is slightly sad as it's kinda long and I worry about it getting out of sync.
It's possible to use it indirectly via ugly hacks like tailscale/scertec#3 (using a fake acme/autocert.Cache that looks which keys are accessed) but it's a bit too ugly.
Proposal: export that code somewhere? method on ClientHelloInfo even?
/cc @rolandshoemaker
The text was updated successfully, but these errors were encountered: