Add CertificateManager, the main interface for SSL certificates.
Review Request #13270 — Created Sept. 11, 2023 and submitted — Latest diff uploaded
CertificateManager
is a high-level interface for the SSL certificate
storage backends and verification, providing convenient functions for
adding, deleting, and fetching CA bundles, certificates, and verified
fingerprints.These interface with the storage backend, switching backends if settings
are updated, to manage the storage of the data.When adding certificates, their fingerprints are recorded in the
verified fingerprints store and cached for faster lookup. When deleting,
these are removed. This ensures that an uploaded certificate can be
checked either by fingerprints or by stored certificate, depending on
the needs of the consumer.A utility function is available for creating a
SSLContext
pre-populated with any relevant CA bundles, certificates, and private
keys. Another piggy-backs on that to provideurlopen()
keyword
arguments relevant to the URL, making it easy to tie all requests in to
certificate storage.There's room for further improvement, including enhanced caching. A TODO
has been left in intentionally to make note of this, and the
functionality will be introduced down the road.
Unit tests pass.
Tested some of this with in-progress code for hooking up SCMs.