Closed externl closed 2 months ago
Can you reproduce this using a TCP connection using basic rustls (without QUIC/Quinn in the loop)?
Thanks @djc, pretty sure I just figured out the issue. It's unrelated to Quinn. Compared my TCP server which uses the same setup. Looks like, for some reason, the QUIC server is not providing the full chain to the client.
This works in Go and C# since the intermediate certificate is contained in their default cert store.
Glad to hear you were able to figure it out!
Using rustls with https://github.com/rustls/rustls-platform-verifier may provide more consistent results; this will be the default in Quinn's next release
Hello, I have a
QUIC
server, not Quinn, (hosted athello.icerpc.dev:4062
in case someone wants to try) configured with a Let's Encrypt certificate. I'm unable to establish a TLS connection to this sever with Quinn despite being able to create a successful connection in C# and Go.My client is configured as folllows:
I've also tried downloading the Let's Encrypt Root CA and using it specifically, same error.
I implemented a custom verifier and noticed an oddity. The list of
intermediates
certificates is empty.I wrote a similar client in Go and C# and was able to create a verified connection with a valid certificate chain.
https://github.com/quinn-rs/quinn/issues/1203 seems related but there was no detailed resolution.
Just wondering if anyone has some insight to what I might be doing wrong or have misconfigured.