mirror of
https://github.com/rwf2/Rocket.git
synced 2024-12-27 04:42:40 +00:00
237370533c
The latest version of `rustls` acts on the SNI extension to TLS without the apparent ability to disable the behavior. `rustls` requires that the server's certificate match the client's requested server. The matching is done by looking at DNS names in the `subjectAltName` extension and checking if the requested server name is present. Since the certificate in the `tls` example did not have the `subjectAltName` extension, this check always failed, and the TLS connection was aborted. This commit adds the extension to the certificate with a DNS name of `localhost`, ensuring that TLS succeeds on `localhost`.
10 lines
439 B
TOML
10 lines
439 B
TOML
# The certificate/private key pair used here was generated via openssl using the
|
|
# `gen_cert.sh` script located in the `private/` subdirectory.
|
|
#
|
|
# The certificate is self-signed. As such, you will need to trust it directly
|
|
# for your browser to refer to the connection as secure. You should NEVER use
|
|
# this certificate/key pair. It is here for DEMONSTRATION PURPOSES ONLY.
|
|
[global.tls]
|
|
certs = "private/cert.pem"
|
|
key = "private/key.pem"
|