Expand description
A trivially simple library to automate creation of Firefox’ mTLS host:certificate assignment
ClientAuthRememberList.bin file.
For a properly seamless mTLS experience, Firefox obviously needs to be aware of (and have access to) the configured client certificate(s). This is typically achieved by way of a policies.json file, and specifically through a Certificates -> Install stanza (for filesystem resident certs) and/or a SecurityDevices stanza (for PKCS#11 resident certs).
FF-CARL currently requires client x509 certificate [u8] to be in DER format. The library will issue an io::Error if not DER, if the certificate is corrupt, or due to other unanticipated i/o issues.
§Example
This (fictitious file paths) example shows a single host:certificate configuration.
use ff_carl::write_entry;
use ff_carl::EntryArgs;
use std::path::PathBuf;
fn main() -> Result<(), std::io::Error> {
let der_cert = std::fs::read("/path/to/cert.der").expect("Failed to read DER certificate.");
let entry_args = EntryArgs::new(
"https", // scheme
"mtls.cert-demo.com", // ascii_host
443, // port
"cert-demo.com", // base_domain
der_cert.as_ref(), // DER cert byte array
)?;
let backing_path = PathBuf::from("/path/to/firefox/profile/ClientAuthRememberList.bin");
write_entry(entry_args, backing_path)
}To configure multiple host:certificate assignments, use the write_entries() function.
Please refer to inlined source documentation for more details on ClientAuthRememberList.bin’s internal format and contents.
Structs§
- Entry
Args - The unambiguous, requisite host and DER certificate details used for creating ClientAuthRememberList Entry values.
Functions§
- write_
entries - Write multiple ClientAuthRememberList Entry values to the given PathBuf.
- write_
entry - Write a single ClientAuthRememberList Entry value to the given PathBuf.