1 use crate::transport::{ 2 service::TlsAcceptor, 3 tls::{Certificate, Identity}, 4 }; 5 use std::fmt; 6 7 /// Configures TLS settings for servers. 8 #[derive(Clone, Default)] 9 pub struct ServerTlsConfig { 10 identity: Option<Identity>, 11 client_ca_root: Option<Certificate>, 12 client_auth_optional: bool, 13 } 14 15 impl fmt::Debug for ServerTlsConfig { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result16 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 17 f.debug_struct("ServerTlsConfig").finish() 18 } 19 } 20 21 impl ServerTlsConfig { 22 /// Creates a new `ServerTlsConfig`. new() -> Self23 pub fn new() -> Self { 24 ServerTlsConfig { 25 identity: None, 26 client_ca_root: None, 27 client_auth_optional: false, 28 } 29 } 30 31 /// Sets the [`Identity`] of the server. identity(self, identity: Identity) -> Self32 pub fn identity(self, identity: Identity) -> Self { 33 ServerTlsConfig { 34 identity: Some(identity), 35 ..self 36 } 37 } 38 39 /// Sets a certificate against which to validate client TLS certificates. client_ca_root(self, cert: Certificate) -> Self40 pub fn client_ca_root(self, cert: Certificate) -> Self { 41 ServerTlsConfig { 42 client_ca_root: Some(cert), 43 ..self 44 } 45 } 46 47 /// Sets whether client certificate verification is optional. 48 /// 49 /// This option has effect only if CA certificate is set. 50 /// 51 /// # Default 52 /// By default, this option is set to `false`. client_auth_optional(self, optional: bool) -> Self53 pub fn client_auth_optional(self, optional: bool) -> Self { 54 ServerTlsConfig { 55 client_auth_optional: optional, 56 ..self 57 } 58 } 59 tls_acceptor(&self) -> Result<TlsAcceptor, crate::Error>60 pub(crate) fn tls_acceptor(&self) -> Result<TlsAcceptor, crate::Error> { 61 TlsAcceptor::new( 62 self.identity.clone().unwrap(), 63 self.client_ca_root.clone(), 64 self.client_auth_optional, 65 ) 66 } 67 } 68