How to get Ed25519 x509 certificates working with quiche?

[CMCDragonkai]

I posted this on the boring repo too cloudflare/boring#113, but wasn't sure if this should be solved on the quiche repository level too.

Basically I've tested RSA and ECDSA x509 certificates, and both work. However when I try with an ed25519 certificate, we get a TLS handshake failure with the CRYPTO_ERROR being 296.

We used step-cli to generate a ed25519 cert:

step certificate create localhost localhost.crt localhost.key --profile self-signed --subtle --no-password --insecure --force --san 127.0.0.1 --san ::1 --not-after 31536000s --kty OKP

[heinrich5991]

By default, boringssl doesn't allow ed25519 for signing certs.

I was able to do this by using a custom boringssl context:

let mut context = boring::ssl::SslContext::builder(boring::ssl::SslMethod::tls())?;
context.set_sigalgs_list("ed25519")?;
context.set_private_key(key)?;
context.set_certificate(cert)?;
let mut config = quiche::Config::with_boring_ssl_ctx(quiche::PROTOCOL_VERSION, context.build())?;

[CMCDragonkai]

Awesome.

Do you know what the default sigalgs_list is? That way I can just copy that and append ed25519.

[CMCDragonkai]

Thanks works.