-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1 Certs not being supported? #267
Comments
I also have the same issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am a bit lost, being a total crypto-noob. We are using gRPC secured by TLS & client certificates in our shop. We used the python libraries both for client & server and want to now try using https:/hyperium/tonic for some of the clients. However, when I try to connect using tonic I see these errors:
I am quite confident that all of our certificates are
v1
(compared to beingv3
), both client and server. I frankly have no idea what that means, but running openssl seems to confirm this:I seem to be gleaming from https:/briansmith/webpki/blob/main/tests/cert_v1_unsupported.rs that V1 is not supported in this repo and that seems to be the root cause of my issue.
I read up how to create v3 certs, but doing so is costly: rotating our root CA and server certificates, as well as all of our clients is a multi day endeavour for just running some experiments with Rust. And even then I am not sure if this would help. I also do not understand what the advantage is of v3 vs v1.
So after this long backstory, here are my questions: Why is v1 not supported? Is there some good reasons why it should not be used anymore, or did just nobody get around implementing support for it? What do you suggest is my best path forward here?
I am sorry that this is not really a bug report, more a mix of confusion and request for tutoring, I hope it finds kind consideration.
The text was updated successfully, but these errors were encountered: