1 use crate::transport::{ 2 service::TlsConnector, 3 tls::{Certificate, Identity}, 4 Error, 5 }; 6 use http::Uri; 7 use std::fmt; 8 9 /// Configures TLS settings for endpoints. 10 #[derive(Clone, Default)] 11 pub struct ClientTlsConfig { 12 domain: Option<String>, 13 cert: Option<Certificate>, 14 identity: Option<Identity>, 15 } 16 17 impl fmt::Debug for ClientTlsConfig { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result18 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 19 f.debug_struct("ClientTlsConfig") 20 .field("domain", &self.domain) 21 .field("cert", &self.cert) 22 .field("identity", &self.identity) 23 .finish() 24 } 25 } 26 27 impl ClientTlsConfig { 28 /// Creates a new `ClientTlsConfig` using Rustls. new() -> Self29 pub fn new() -> Self { 30 ClientTlsConfig { 31 domain: None, 32 cert: None, 33 identity: None, 34 } 35 } 36 37 /// Sets the domain name against which to verify the server's TLS certificate. domain_name(self, domain_name: impl Into<String>) -> Self38 pub fn domain_name(self, domain_name: impl Into<String>) -> Self { 39 ClientTlsConfig { 40 domain: Some(domain_name.into()), 41 ..self 42 } 43 } 44 45 /// Sets the CA Certificate against which to verify the server's TLS certificate. ca_certificate(self, ca_certificate: Certificate) -> Self46 pub fn ca_certificate(self, ca_certificate: Certificate) -> Self { 47 ClientTlsConfig { 48 cert: Some(ca_certificate), 49 ..self 50 } 51 } 52 53 /// Sets the client identity to present to the server. identity(self, identity: Identity) -> Self54 pub fn identity(self, identity: Identity) -> Self { 55 ClientTlsConfig { 56 identity: Some(identity), 57 ..self 58 } 59 } 60 tls_connector(&self, uri: Uri) -> Result<TlsConnector, crate::Error>61 pub(crate) fn tls_connector(&self, uri: Uri) -> Result<TlsConnector, crate::Error> { 62 let domain = match &self.domain { 63 Some(domain) => domain, 64 None => uri.host().ok_or_else(Error::new_invalid_uri)?, 65 }; 66 TlsConnector::new(self.cert.clone(), self.identity.clone(), domain) 67 } 68 } 69