Closed divergentdave closed 7 months ago
djc
commented
7 months ago Why do you want to use rustls-cert-gen as a library? It is designed to be used as a CLI, and I'm not sure we will be upholding semver compatibility stability on it. Is something wrong with the rcgen API?
divergentdave
commented
7 months ago Ah sorry, I misunderstood the purpose. When looking at it initially, I interpreted it as a way to get easy defaults for a CA and an end entity certificate. (beyond just rcgen::generate_simple_self_signed())
cpu
commented
7 months ago I interpreted it as a way to get easy defaults for a CA and an end entity certificate.
It would be nice to have that offered from the core crate but I think there might not be total agreement on what the defaults should be.
Avoiding using the CLI tool as a lib is probably best since you won't have to contend with the extra deps (e.g. for command line arg parsing).
I tried to use
rustls-cert-genas a library and ran into an issue. BothCaBuilderandEndEntityBuilderrequire aKeyPairAlgorithmargument, but this is not publicly exported out of thecertmodule. I see that bothmain.rsandlib.rsdeclaremod cert;, so that's how the command line tool happens to avoid this restriction.