Open ZanderFick opened 2 years ago
I was interested that Windows and Mac (#225) both have problems with these keys, but my guess at this point is the causes are unrelated.
I did notice that the schannel backend's implementation of from_pkcs8
references an RSA crypto provider. I don't know if that really means only RSA, or if it's just an old name that stuck around, but that might be a place to look.
I think @andyleiserson is correct - it doesn't look like the Windows native crypto APIs (or at least, the ones in use here, not sure if there are others) support P-256: https://learn.microsoft.com/en-us/windows/win32/seccrypto/cryptographic-provider-types
Originally from https://github.com/est31/rcgen/issues/91;
The issue is trying to use a
P-256
self-signed certificate and key to create-and-usenative_tls::Identity
on Windows 11.Example:
Create a
P-256
key and certificate:private-key.pk8
selfsigned-x509.crt
Try to use the certificate and key to create a
native_tls::Identity
Are there configuration settings to set in
native_tls
to support this key and certificate configuration?