Last active
October 25, 2016 21:17
-
-
Save jamesbeedy/c94cd6e8c7cb4246818aeff7b9adf5ad to your computer and use it in GitHub Desktop.
core logic outline for all-encompassing ssl/tls layer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generic core logic outline for all-encompassing ssl/tls layer | |
# user specified crt/key should get highest priority | |
# if you set 'key' and 'crt', they will be used above all else | |
if config('crt') and config('key'): | |
write_out_user_cert_key() | |
# config('use-le') will default to False, so if | |
# the user wants it, they can set this to get it | |
# alongside not specifying a key/crt | |
elif config('use-le'): | |
get_cert_key_from_le() | |
# if the user hasn't specified crt/key, or 'use-le' | |
# block until you get a relation from an internal CA | |
else: | |
get_internal_cert_key_from_easyrsa_or_block() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @jamesbeedy
I was thinking along the lines of:
And both easyrsa and lets encrypt implement the certiciates relation and implement it in what ever way makes sense. We need to find the common denominators of what is returned and what input is required.
If we can get lets encrypt, cfssl, and easyrsa to agree on a relation/interface then we can plug and play the different tls charm into anything that implements that one relation. I am not married to the way easyrsa uses the interface and willing to change to accommodate the other types.