feat(relay): write development certificate
The gateway and Windows client now pin a relay certificate, but local relay runs generated an ephemeral self-signed certificate only in memory. That made the development trust flow awkward because there was no stable DER artifact to feed into the new CLIs. Add `--dev-cert-der-out` to write the generated development certificate before the relay binds its endpoint. The file is DER-encoded and parent directories are created when needed. This keeps the production certificate/key path explicit future work while making the current pinned-trust flow usable. Test Plan: - cargo fmt --check - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md relay/client trust bootstrap
This commit is contained in:
@@ -68,15 +68,16 @@ cargo check --workspace
|
||||
## Relay
|
||||
|
||||
```bash
|
||||
cargo run -p lanparty-relay -- --listen 443/udp
|
||||
cargo run -p lanparty-relay -- --listen 443/udp --dev-cert-der-out relay-cert.der
|
||||
```
|
||||
|
||||
`--listen` accepts either a socket address or a UDP port shorthand such as
|
||||
`443/udp`. The relay binds a QUIC endpoint, accepts a control-stream `hello`,
|
||||
replies with `welcome` or `reject`, and forwards live Ethernet QUIC datagrams
|
||||
between accepted peers in the same room. It currently uses a generated
|
||||
self-signed development certificate; production certificate and client trust
|
||||
handling remain future work.
|
||||
self-signed development certificate; `--dev-cert-der-out` writes that
|
||||
certificate so the gateway and client can pin it in development. Production
|
||||
certificate handling remains future work.
|
||||
|
||||
## Gateway
|
||||
|
||||
|
||||
Reference in New Issue
Block a user