I didn't want to. Nobody wants to.
But when you're building a system that signs JSON and realize half your toolchain disagrees on what "canonical" means, you either give up... or you write bindings to a C++ implementation of RFC 8785 and plug it into OCaml.
So yeah. I chose violence.
The Problem
OCaml is great. But it doesn't come with a JSON canonicalizer - not for JCS at least. And I needed deterministic output to sign and verify my infrastructure DSL files in rezn. Rust was yelling. I had no choice.
The Solution
- Found a solid implementation of JCS in Go
- Asked o3 to convert it to C++
- Politely suggested that reinventing a JSON parser was masochism - settled on nlohmann/json...
- Write a clean C wrapper around it
- Hook it into OCaml with
ctypesor FFI bindings - Get deterministic output and working signatures
The Outcome
Now rezn-dsl emits canonical JSON blobs that pass signature checks - regardless of what language consumes them. Rust is finally happy.
I could've spent the weekend chilling. Instead, I shipped something. I'll take it.
Lessons Learned
- Canonicalization is real and terrifying.
- FFI is an art form.
- Sometimes it’s faster to wrap C++ than reimplement a spec.
Top comments (0)