Allow custom certificates when connecting to BN (#2703)

## Issue Addressed Resolves #2262 ## Proposed Changes Add a new CLI flag `--beacon-nodes-tls-certs` which allows the user to specify a path to a certificate file (or a list of files, separated by commas). The VC will then use these certificates (in addition to the existing certificates in the OS trust store) when connecting to a beacon node over HTTPS. ## Additional Info This only supports certificates in PEM format.
2026-03-24 07:14:46 +00:00 · 2021-10-15 00:07:11 +00:00
parent 05040e68ec
commit 7c23e2142a
5 changed files with 80 additions and 3 deletions
--- a/validator_client/src/config.rs
+++ b/validator_client/src/config.rs
@@ -50,6 +50,9 @@ pub struct Config {
    /// If true, enable functionality that monitors the network for attestations or proposals from
    /// any of the validators managed by this client before starting up.
    pub enable_doppelganger_protection: bool,
+    /// A list of custom certificates that the validator client will additionally use when
+    /// connecting to a beacon node over SSL/TLS.
+    pub beacon_nodes_tls_certs: Option<Vec<PathBuf>>,
 }

 impl Default for Config {
@@ -80,6 +83,7 @@ impl Default for Config {
            http_metrics: <_>::default(),
            monitoring_api: None,
            enable_doppelganger_protection: false,
+            beacon_nodes_tls_certs: None,
        }
    }
 }
@@ -193,6 +197,10 @@ impl Config {
            }
        }

+        if let Some(tls_certs) = parse_optional::<String>(cli_args, "beacon-nodes-tls-certs")? {
+            config.beacon_nodes_tls_certs = Some(tls_certs.split(',').map(PathBuf::from).collect());
+        }
+
        /*
         * Http API server
         */