Skip to content

Feat: rust based wtransport certificate generation#1378

Draft
ThierryBerger wants to merge 1 commit into
cBournhonesque:mainfrom
ThierryBerger:rust-wtransport-certificate
Draft

Feat: rust based wtransport certificate generation#1378
ThierryBerger wants to merge 1 commit into
cBournhonesque:mainfrom
ThierryBerger:rust-wtransport-certificate

Conversation

@ThierryBerger

@ThierryBerger ThierryBerger commented Jan 10, 2026

Copy link
Copy Markdown
Contributor

On macOS (sequoia 15.6.1), the generate.sh script was generating incorrect certificates (or at least refused when running server examples), I noticed that using the self signed version of the common server was working, so I'm sharing my approach.

More details

Error:

Details

thread 'main' (17352970) panicked at /Users/thierryberger/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/wtransport-0.6.1/src/tls.rs:635:14:
Certificate and private key should be already validated: General("failed to parse private key as RSA, ECDSA, or EdDSA")

Incorrect files if anyone want to look into that:

cert.pem

-----BEGIN CERTIFICATE-----
MIICCzCCAbICCQC1/YV0rN8OWTAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlsb2Nh
bGhvc3QwHhcNMjYwMTEwMjAwMDU1WhcNMjYwMTI0MjAwMDU1WjAUMRIwEAYDVQQD
DAlsb2NhbGhvc3QwggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA
/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAA
AAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvO
PD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDy
dwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1
AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAEJth6U1Sf
2O84L3+ZCTNLsNe+GvN4NOl/GdF/rZEabnFQ/tV6PvJjIPdWZ0CcskzvU+54CAPN
5q6sKUNs5COE4DAKBggqhkjOPQQDAgNHADBEAiBeOAz9xYR/U7o0qruPrQoJeCuB
PsDD8KsrGTVzVgClyQIgfVP3+yOnn17Ry1dpqdfdz91gI74E8RRMq1o6LRFVS5w=
-----END CERTIFICATE-----

Digest

F0CDDDE7D8F4488AF241A12627F89710E764138C374523063E25D66ABDD5A885

key.pem

-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg0iTzo8+GHsos
4B9dfUzMUcSMbIo4csfHVl3e8yzg+S6hRANCAAQm2HpTVJ/Y7zgvf5kJM0uw174a
83g06X8Z0X+tkRpucVD+1Xo+8mMg91ZnQJyyTO9T7ngIA83mrqwpQ2zkI4Tg
-----END PRIVATE KEY-----

Open questions

  • We may want to reuse code from common examples server (WebTransportCertificateSettings)
  • We may want to upstream a better api to wtransport to write files, store_pemfile and store_secret_pemfile leaks async implementation 🤔. Or lean into tokio implementation

@ThierryBerger ThierryBerger marked this pull request as draft January 10, 2026 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant