Three tasks implementing ADR-027: 1. core/rawkey-decouple-from-iroh: TlsIdentity::RawKey now uses Ed25519SecretKey (alknet-core-owned wrapper over ed25519_dalek) instead of iroh::SecretKey. RawKeyCertResolver and Ed25519SigningKey un-gated from #[cfg(all(quinn, iroh))] to #[cfg(quinn)] only. Quinn-only builds (default) now support RFC 7250 raw-key identity. iroh transport converts via iroh::SecretKey::from_bytes. 2. core/endpoint-request-client-cert: replaced with_no_client_auth() with AcceptAnyCertVerifier — a custom ClientCertVerifier that requests client certs but doesn't require them or verify against a CA. alknet's identity model is fingerprint-based (the authorized_fingerprints set is the trust anchor), not PKI-based. Peer certs are extracted at the TLS layer for fingerprinting; peers without certs connect normally. 3. core/acme-integration: TlsIdentity::Acme variant (domains, cache_dir, directory, contact) + AcmeDirectory enum. TlsSetup two-phase construction: synchronous for X509/RawKey/SelfSigned, async for Acme (spawns AcmeState event loop, builds ServerConfig with ResolvesServerCertAcme). acme-tls/1 ALPN added when ACME is active; dispatch_quinn guard closes challenge connections gracefully (challenge is TLS-layer-handled). acme feature gate keeps rustls-acme out of non-ACME builds. Workspace: build/test/clippy green across all 3 feature configs (quinn-only, quinn+iroh, quinn+acme, all-features). 331 tests, 0 failures, 0 warnings.
43 lines
1.1 KiB
TOML
43 lines
1.1 KiB
TOML
[package]
|
|
name = "alknet-core"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
description = "Core library for ALPN-based protocol dispatch: ProtocolHandler trait, Connection, auth, config, and multi-connectivity endpoint"
|
|
repository.workspace = true
|
|
|
|
[lib]
|
|
name = "alknet_core"
|
|
|
|
[features]
|
|
default = ["quinn"]
|
|
quinn = ["dep:quinn"]
|
|
iroh = ["dep:iroh"]
|
|
acme = ["dep:rustls-acme"]
|
|
|
|
[dependencies]
|
|
tokio = { version = "1", features = ["full"] }
|
|
quinn = { version = "0.11", optional = true }
|
|
iroh = { version = "0.35", optional = true }
|
|
rustls = "0.23"
|
|
rustls-pki-types = "1"
|
|
rustls-pemfile = "2"
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
toml = "0.8"
|
|
arc-swap = "1"
|
|
async-trait = "0.1"
|
|
tracing = "0.1"
|
|
thiserror = "2"
|
|
zeroize = { version = "1", features = ["alloc", "derive"] }
|
|
bytes = "1"
|
|
futures = "0.3"
|
|
sha2 = "0.10"
|
|
hex = "0.4"
|
|
rand = "0.8"
|
|
rcgen = "0.13"
|
|
ed25519-dalek = { version = "2", features = ["rand_core"] }
|
|
rustls-acme = { version = "0.12", optional = true, features = ["aws-lc-rs"] }
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3" |