Expose SingleCertAndKey server cert resolver #2337

djc · 2025-02-11T09:28:13Z

Motivated by:

Replace certificate and key pairs with Arc<dyn ResolvesServerCert> hickory-dns/hickory-dns#2764

(Should we start deprecating OCSP API?)

Proposed release notes

Export SingleCertAndKey implementation of ResolvesServerCert (was already used internally).
Expose CertifiedKey::from_der() to help create CertifiedKeys with necessary checks.

rustls-benchmarking · 2025-02-11T09:31:24Z

Benchmark results

Instruction counts

Significant differences

⚠️ There are significant instruction count differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	1175332	1179837	⚠️ 4505 (0.38%)	0.20%

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	8265190	8296497	31307 (0.38%)	0.80%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server	10740569	10706245	-34324 (-0.32%)	0.88%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server	10698963	10666448	-32515 (-0.30%)	1.10%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	8297419	8274835	-22584 (-0.27%)	0.85%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	3082979	3088158	5179 (0.17%)	0.31%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server	10452441	10465967	13526 (0.13%)	0.82%
handshake_session_id_ring_1.2_rsa_aes_client	4238679	4233699	-4980 (-0.12%)	0.20%
handshake_tickets_ring_1.2_rsa_aes_client	4499193	4493913	-5280 (-0.12%)	0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client	3874675	3870595	-4080 (-0.11%)	0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client	4216759	4212379	-4380 (-0.10%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_client	3621036	3623417	2381 (0.07%)	0.23%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client	27856893	27845687	-11206 (-0.04%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client	27801785	27790611	-11174 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client	28191619	28180305	-11314 (-0.04%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client	27854370	27843206	-11164 (-0.04%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client	27861365	27850211	-11154 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client	28221418	28210181	-11237 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client	28194602	28183395	-11207 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client	28228310	28217090	-11220 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client	28224512	28213302	-11210 (-0.04%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client	27797339	27786340	-10999 (-0.04%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client	27794893	27784003	-10890 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client	28198452	28187472	-10980 (-0.04%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_client	40202313	40191213	-11100 (-0.03%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client	40198262	40187168	-11094 (-0.03%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client	40195319	40184227	-11092 (-0.03%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_client	40296633	40285533	-11100 (-0.03%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client	40292582	40281488	-11094 (-0.03%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client	40289639	40278547	-11092 (-0.03%)	0.20%
handshake_tickets_ring_1.3_rsa_chacha_client	40520090	40508990	-11100 (-0.03%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client	40516090	40504996	-11094 (-0.03%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client	40512829	40501737	-11092 (-0.03%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_client	40594280	40583180	-11100 (-0.03%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client	40590280	40579186	-11094 (-0.03%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client	40587019	40575927	-11092 (-0.03%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	3085174	3085825	651 (0.02%)	0.26%
handshake_session_id_ring_1.2_rsa_aes_server	4235650	4235020	-630 (-0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server	3874755	3874305	-450 (-0.01%)	0.20%
handshake_tickets_ring_1.2_rsa_aes_server	4699890	4699350	< 8000 a href="https://bench.rustls.dev/comparisons/530966772a29d7a4b2a54710d2f6d8f4bbbbea60:a42df9a5ae65d98d3aa00eb89ca6b522f7e2f3da/cachegrind-diff/handshake_tickets_ring_1.2_rsa_aes_server" rel="nofollow">-540 (-0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server	5021782	5021392	-390 (-0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client	1924255	1924365	110 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client	1931001	1931111	110 (0.01%)	0.20%
handshake_no_resume_ring_1.3_rsa_aes_client	2654276	2654417	141 (0.01%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client	2660143	2660284	141 (0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server	30388869	30390239	1370 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	2160867	2160772	-95 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server	30431179	30432480	1301 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server	30388575	30389827	1252 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server	30386003	30387227	1224 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server	30428749	30429946	1197 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server	30431597	30432787	1190 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client	1716245	1716305	60 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client	3624622	3624744	122 (0.00%)	0.22%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	58235403	58237326	1923 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	58232526	58234447	1921 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client	58237485	58239401	1916 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server	28974311	28975171	860 (0.00%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_client	2561946	2562022	76 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server	28972066	28972888	822 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server	28895988	28896764	776 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server	28974352	28975103	751 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server	28896113	28896858	745 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_server	41490580	41491540	960 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server	41492691	41493651	960 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server	41492739	41493699	960 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_server	41608840	41609800	960 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server	41610951	41611911	960 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server	41610999	41611959	960 (0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_client	58219100	58220380	1280 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server	28893903	28894516	613 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	92698757	92700688	1931 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	92696522	92698451	1929 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client	92702763	92704684	1921 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server	1610578	1610551	-27 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	46465290	46465933	643 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server	46407039	46407681	642 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	46457667	46458308	641 (0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_server	46377331	46377970	639 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server	46471417	46472056	639 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server	46460632	46461266	634 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server	46468543	46469176	633 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_server	46468154	46468784	630 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_chacha_server	41972290	41972680	390 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server	41974588	41974978	390 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server	41974778	41975168	390 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_server	42070630	42071020	390 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server	42072928	42073318	390 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server	42073118	42073508	390 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	80641981	80642632	651 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	80649609	80650254	645 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server	80541184	80541826	642 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server	80535992	80536632	640 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server	80536385	80537025	640 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server	80644949	80645589	640 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server	1611951	1611941	-10 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_aes_server	11423454	11423406	-48 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server	7562904	7562879	-25 (-0.00%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_server	11290941	11290908	-33 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client	35182612	35182708	96 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	1177591	1177588	-3 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server	11429409	11429385	-24 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client	35180690	35180761	71 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server	7565049	7565059	10 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	2163822	2163821	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client	92666749	92666738	-11 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client	58332662	58332660	-2 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client	58174933	58174934	1 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_client	58336415	58336414	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client	58325518	58325518	0 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client	92657682	92657682	0 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client	92668583	92668583	0 (0.00%)	0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes	4.43 ms	4.50 ms	0.07 ms (1.54%)	4.17%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes	5.01 ms	5.07 ms	0.06 ms (1.22%)	6.18%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes	5.08 ms	5.14 ms	0.06 ms (1.20%)	7.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes	5.13 ms	5.19 ms	0.06 ms (1.16%)	3.32%
transfer_no_resume_ring_1.2_rsa_aes	6.70 ms	6.77 ms	0.07 ms (1.06%)	3.33%
handshake_tickets_ring_1.2_rsa_aes	1.60 ms	1.62 ms	0.02 ms (0.96%)	1.63%
transfer_no_resume_ring_1.3_ecdsap256_aes	6.29 ms	6.35 ms	0.05 ms (0.86%)	3.27%
transfer_no_resume_ring_1.3_rsa_aes	6.78 ms	6.84 ms	0.06 ms (0.86%)	3.58%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	454.67 µs	458.40 µs	3.73 µs (0.82%)	3.73%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes	456.50 µs	460.22 µs	3.72 µs (0.82%)	3.92%
handshake_no_resume_ring_1.3_ecdsap256_chacha	498.59 µs	502.09 µs	3.50 µs (0.70%)	2.81%
transfer_no_resume_ring_1.3_ecdsap384_aes	9.39 ms	9.45 ms	0.06 ms (0.63%)	2.58%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes	4.32 ms	4.34 ms	0.03 ms (0.59%)	1.86%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha	4.28 ms	4.31 ms	0.02 ms (0.56%)	1.89%
transfer_no_resume_ring_1.3_ecdsap256_chacha	12.93 ms	12.99 ms	0.06 ms (0.49%)	1.80%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha	4.97 ms	4.99 ms	0.02 ms (0.43%)	1.74%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha	4.94 ms	4.96 ms	0.02 ms (0.42%)	1.70%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	12.91 ms	12.96 ms	0.05 ms (0.42%)	1.74%
handshake_no_resume_ring_1.3_ecdsap256_aes	502.14 µs	504.24 µs	2.10 µs (0.42%)	2.47%
handshake_session_id_ring_1.2_rsa_aes	1.52 ms	1.53 ms	0.01 ms (0.42%)	1.00%
transfer_no_resume_ring_1.3_rsa_chacha	13.43 ms	13.49 ms	0.06 ms (0.41%)	1.51%
transfer_no_resume_ring_1.3_ecdsap384_chacha	16.04 ms	16.10 ms	0.07 ms (0.41%)	1.48%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha	5.17 ms	5.20 ms	0.02 ms (0.41%)	1.59%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha	4.48 ms	4.50 ms	0.02 ms (0.40%)	1.81%
handshake_session_id_aws_lc_rs_1.2_rsa_aes	1.62 ms	1.62 ms	-0.01 ms (-0.39%)	2.25%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	13.61 ms	13.66 ms	0.05 ms (0.37%)	1.83%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes	5.02 ms	5.03 ms	0.02 ms (0.37%)	1.61%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes	1.16 ms	1.16 ms	-0.00 ms (-0.36%)	1.02%
handshake_no_resume_ring_1.3_rsa_chacha	992.35 µs	995.96 µs	3.61 µs (0.36%)	1.16%
handshake_session_id_aws_lc_rs_1.3_rsa_aes	4.98 ms	5.00 ms	0.02 ms (0.36%)	1.54%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha	13.57 ms	13.62 ms	0.04 ms (0.33%)	2.75%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes	4.52 ms	4.54 ms	0.01 ms (0.32%)	2.08%
handshake_no_resume_ring_1.2_rsa_aes	989.70 µs	992.66 µs	2.95 µs (0.30%)	1.78%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha	5.15 ms	5.16 ms	0.02 ms (0.30%)	1.74%
handshake_no_resume_ring_1.3_rsa_aes	992.32 µs	995.19 µs	2.87 µs (0.29%)	1.00%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes	1.07 ms	1.07 ms	-0.00 ms (-0.27%)	3.57%
handshake_tickets_aws_lc_rs_1.3_rsa_aes	5.18 ms	5.19 ms	0.01 ms (0.22%)	1.51%
handshake_tickets_aws_lc_rs_1.2_rsa_aes	1.79 ms	1.79 ms	-0.00 ms (-0.21%)	3.58%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes	5.22 ms	5.23 ms	0.01 ms (0.19%)	1.39%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha	1.11 ms	1.11 ms	-0.00 ms (-0.17%)	2.11%
handshake_tickets_ring_1.3_rsa_aes	6.94 ms	6.92 ms	-0.01 ms (-0.16%)	1.00%
handshake_no_resume_ring_1.3_ecdsap384_aes	3.60 ms	3.61 ms	0.01 ms (0.16%)	1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	1.15 ms	1.15 ms	-0.00 ms (-0.14%)	1.07%
handshake_tickets_ring_1.3_ecdsap256_aes	6.45 ms	6.44 ms	-0.01 ms (-0.13%)	1.00%
handshake_session_id_ring_1.3_ecdsap384_chacha	9.40 ms	9.41 ms	0.01 ms (0.09%)	1.00%
handshake_no_resume_ring_1.3_ecdsap384_chacha	3.60 ms	3.61 ms	0.00 ms (0.09%)	1.00%
handshake_tickets_ring_1.3_ecdsap384_aes	9.53 ms	9.52 ms	-0.01 ms (-0.09%)	1.00%
handshake_session_id_ring_1.3_rsa_aes	6.86 ms	6.85 ms	-0.01 ms (-0.08%)	1.08%
handshake_tickets_ring_1.3_rsa_chacha	6.88 ms	6.87 ms	-0.01 ms (-0.08%)	1.00%
handshake_tickets_ring_1.3_ecdsap384_chacha	9.47 ms	9.48 ms	0.01 ms (0.06%)	1.00%
handshake_session_id_ring_1.3_ecdsap384_aes	9.46 ms	9.45 ms	-0.00 ms (-0.05%)	1.00%
handshake_session_id_ring_1.3_ecdsap256_aes	6.37 ms	6.36 ms	-0.00 ms (-0.05%)	1.08%
handshake_tickets_ring_1.3_ecdsap256_chacha	6.39 ms	6.39 ms	-0.00 ms (-0.04%)	1.00%
handshake_session_id_ring_1.3_ecdsap256_chacha	6.31 ms	6.31 ms	-0.00 ms (-0.03%)	1.00%
handshake_session_id_ring_1.3_rsa_chacha	6.80 ms	6.80 ms	0.00 ms (0.01%)	1.00%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes	1.10 ms	1.10 ms	0.00 ms (0.01%)	3.02%

Additional information

Historical results

Checkout details:

Base repo: https://github.com/rustls/rustls.git
Base branch: main (5309667)
Candidate repo: https://github.com/rustls/rustls.git
Candidate branch: single-cert-and-key (a42df9a)

codecov · 2025-02-11T09:42:06Z

Codecov Report

Attention: Patch coverage is 97.29730% with 1 line in your changes missing coverage. Please review.

Project coverage is 94.87%. Comparing base (fa3e317) to head (a42df9a).
Report is 10 commits behind head on main.

Files with missing lines	Patch %	Lines
rustls/src/crypto/signer.rs	96.55%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2337      +/-   ##
==========================================
- Coverage   94.88%   94.87%   -0.01%     
==========================================
  Files         103      103              
  Lines       24201    24176      -25     
==========================================
- Hits        22962    22938      -24     
+ Misses       1239     1238       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

djc · 2025-02-11T09:46:07Z

rustls/src/server/handy.rs

@@ -168,9 +168,9 @@ impl server::ProducesTickets for NeverProducesTickets {

 /// Something which always resolves to the same cert chain.
 #[derive(Debug)]
-pub(super) struct AlwaysResolvesChain(Arc<sign::CertifiedKey>);
+pub(super) struct SingleCertAndKey(Arc<sign::CertifiedKey>);


Not married to this name in particular, but AlwaysResolvesChain seems pretty idiosyncratic to me.

ctz

Thoughts about doing the matching change for client::handy::AlwaysResolvesClientCert for symmetry?

(there's a copy of that in rustls/tests/api.rs which could be eliminated in case we do)

djc · 2025-02-11T12:37:03Z

Thoughts about doing the matching change for client::handy::AlwaysResolvesClientCert for symmetry?

(there's a copy of that in rustls/tests/api.rs which could be eliminated in case we do)

Fair -- reworked the PR to combine both in a single type (and eliminate the test duplicate).

cpu

Nice improvement 👏

(Should we start deprecating OCSP API?)

It feels a little bit premature to me 🤷‍♂️

rustls/src/crypto/signer.rs

rustls/src/client/builder.rs

djc · 2025-02-11T16:12:56Z

Published rustls v0.23.23 at registry crates-io
[new tag] v/0.23.23 -> v/0.23.23
Release notes

server: rename AlwaysResolvesChain to SingleCertAndKey

317220e

djc requested review from cpu and ctz February 11, 2025 09:28

djc force-pushed the single-cert-and-key branch from 81b5505 to d52a6b6 Compare February 11, 2025 09:30

djc force-pushed the single-cert-and-key branch from d52a6b6 to dad5cd3 Compare February 11, 2025 09:42

djc mentioned this pull request Feb 11, 2025

Replace certificate and key pairs with Arc<dyn ResolvesServerCert> hickory-dns/hickory-dns#2764

Merged

djc force-pushed the single-cert-and-key branch from dad5cd3 to 7648af9 Compare February 11, 2025 09:51

djc commented Feb 11, 2025

View reviewed changes

djc force-pushed the single-cert-and-key branch 2 times, most recently from cffa8f1 to e3825aa Compare February 11, 2025 10:29

ctz approved these changes Feb 11, 2025

View reviewed changes

djc added 3 commits February 11, 2025 13:09

Move SingleCertAndKey to crypto::signer

0b8f7e6

crypto: use From impl to construct SingleCertAndKey

ab2fdf8

crypto: simplify SingleCertAndKey construction with OCSP

d734a24

djc force-pushed the single-cert-and-key branch 2 times, most recently from efbb160 to 2f0ecf5 Compare February 11, 2025 12:36

djc force-pushed the single-cert-and-key branch from 2f0ecf5 to be94391 Compare February 11, 2025 12:54

cpu approved these changes Feb 11, 2025

View reviewed changes

rustls/src/crypto/signer.rs Outdated Show resolved Hide resolved

rustls/src/client/builder.rs Show resolved Hide resolved

djc added 5 commits February 11, 2025 16:20

crypto: add CertifiedKey::from_der()

948e08b

client: use SingleCertAndKey for with_client_auth_cert()

cccf199

crypto: expose SingleCertAndKey

c0bdfd4

tests: reuse SingleCertAndKey

62f4cc3

Bump version to 0.23.23

a42df9a

djc force-pushed the single-cert-and-key branch from be94391 to a42df9a Compare February 11, 2025 15:21

djc enabled auto-merge February 11, 2025 15:21

djc added this pull request to the merge queue Feb 11, 2025

Merged via the queue into main with commit 1963cc7 Feb 11, 2025
62 checks passed

djc deleted the single-cert-and-key branch February 11, 2025 15:51

Bravo555 mentioned this pull request Mar 4, 2025

refactor: Remove pkcs11 resolver thin-edge/thin-edge.io#3432

Closed

11 tasks

ctz mentioned this pull request Mar 5, 2025

Possible regression for v1 certificates in with_client_auth_cert #2364

Closed

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Expose SingleCertAndKey server cert resolver #2337

Expose SingleCertAndKey server cert resolver #2337

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Expose SingleCertAndKey server cert resolver #2337

Expose SingleCertAndKey server cert resolver #2337

Uh oh!

Conversation

Uh oh!

Proposed release notes

Uh oh!

Uh oh!

Benchmark results

Instruction counts

Significant differences

Other differences

Wall-time

Significant differences

Other differences

Additional information

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!