docs(authentication): note OpenSSL 3.x requirement for Ed25519#1253
Open
rhinocap wants to merge 1 commit intomodelcontextprotocol:mainfrom
Open
docs(authentication): note OpenSSL 3.x requirement for Ed25519#1253rhinocap wants to merge 1 commit intomodelcontextprotocol:mainfrom
rhinocap wants to merge 1 commit intomodelcontextprotocol:mainfrom
Conversation
macOS ships LibreSSL as the system openssl, which doesn't support Ed25519 in `genpkey`. The current docs run those commands without caveat, so first-time integrators on macOS hit a confusing "Algorithm Ed25519 not found" error before they get anywhere. Adds a Note callout to the DNS Authentication section explaining the requirement and pointing to `brew install openssl@3` plus the explicit binary paths on Apple Silicon and Intel macs. Adds a shorter cross-reference Note in the HTTP Authentication section since the same Ed25519 commands appear there. The ECDSA P-384 codepath works on LibreSSL, so it's not affected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The DNS and HTTP authentication guides currently run
openssl genpkey -algorithm Ed25519 -out key.pemwithout caveat. macOS ships LibreSSL as the systemopensslbinary, and LibreSSL doesn't implement Ed25519 ingenpkey— so the very first command in the Ed25519 codepath errors out with:A first-time integrator on macOS hits this immediately, with no path to a fix from the docs alone. Cost me ~5 minutes earlier today before I figured out I needed
brew install openssl@3and an explicit binary path.This PR adds a
<Note>callout to the DNS Authentication section right above the Ed25519 codepath, and a shorter cross-reference Note in the HTTP Authentication section since the sameopenssl genpkey -algorithm Ed25519commands appear there. The ECDSA P-384 codepath works on LibreSSL, so it's untouched.Test plan
/opt/homebrew/opt/openssl@3/bin/openssl genpkey -algorithm Ed25519 -out key.pemworks on macOS Darwin 25.4.0/usr/bin/openssl genpkey -algorithm Ed25519 -out key.pemfails withAlgorithm Ed25519 not foundon the same machine (LibreSSL 3.3.6)ai.ravenmcp/raven-mcpflow end-to-end with the OpenSSL 3 binary<Note>callouts — relying on the existing<Note>pattern in this file (line 6) to validate the syntax