Skip to main content

trillium_rustls/
lib.rs

1#![forbid(unsafe_code)]
2#![deny(
3    clippy::dbg_macro,
4    missing_copy_implementations,
5    rustdoc::missing_crate_level_docs,
6    missing_debug_implementations,
7    missing_docs,
8    nonstandard_style,
9    unused_qualifications
10)]
11
12//!  This crate provides rustls trait implementations for trillium client ([`RustlsConfig`]) and
13//! server ([`RustlsAcceptor`]).
14//!
15//! # Cargo Features
16//!
17//! This crate's default features should be appropriate for most users. To pare down on dependencies
18//! or customize trillium-rustls' usage of rustls, opt out of default features and reenable the
19//! appropriate features for your use case.
20//!
21//! ## `server` and `client` features
22//!
23//! This crate offers a `server` feature and a `client` feature. Opting out of default features
24//! allows you to avoid building any dependencies for the unused other component. By default, both
25//! `server` and `client` features are enabled.
26//!
27//! ## Cryptographic backend selection
28//!
29//! Rustls supports pluggable cryptographic backends as well as a process-default cryptographic
30//! cryptographic backend. There are two built-in feature-enabled cryptographic backends and other
31//! community provided cryptographic backends.
32//!
33//! ⚠️ There are three cryptographic backend cargo features, and they behave differently than the
34//! rustls features. Please read the following section.⚠️
35//!
36//! `trillium-rustls` tries to avoid runtime panics where possible, so compiling this crate without
37//! a valid cryptographic backend will result in a compile time error. To opt into rustls's default
38//! process-default behavior, enable `custom-crypto-provider` as described below. Enabling multiple
39//! crypto providers will select exactly one of them at compile time in the following order:
40//!
41//! ### `aws-lc-rs`
42//!
43//! This is the default cryptographic backend in concordance with rustls' default. This backend will
44//! be selected if the feature is enabled. If either of the other two cryptographic backends are
45//! selected, trillium-rustls will log an error but use `aws-lc-rs`.
46//!
47//! ### `ring`
48//!
49//! If this feature is enabled, this backend will be selected even if `custom-crypto-provider` is
50//! also enabled.
51//!
52//! ### `custom-crypto-provider`
53//!
54//! In order to use a crypto provider other than the above two options, enable the
55//! `custom-crypto-provider` feature and either configure a
56//! [`trillium_rustls::rustls::ClientConfig`][rustls::ClientConfig] or
57//! [`trillium_rustls::rustls::ServerConfig`][rustls::ServerConfig] yourself to convert the
58//! equivalent `trillium-rustls` type, or install a custom process-default crypto provider with
59//! [`trillium_rustls::rustls::crypto::CryptoProvider::install_default`][rustls::crypto::CryptoProvider::install_default]
60//! prior to executing trillium-rustls code.
61//!
62//! ## Client verifier
63//!
64//! This crate offers a `platform-verifier` feature for client usage that builds a ClientConfig with
65//! the selected cryptographic backend and uses
66//! [`rustls-platform-verifier`](https://docs.rs/rustls-platform-verifier/). This feature is enabled by
67//! default. If you disable the feature, [`webpki_roots`] will be used.
68
69#[cfg(test)]
70#[doc = include_str!("../README.md")]
71mod readme {}
72
73#[cfg(feature = "client")]
74mod client;
75#[cfg(feature = "client")]
76pub use client::{RustlsClientTransport, RustlsConfig};
77
78#[cfg(feature = "server")]
79mod server;
80pub use futures_rustls::{self, rustls};
81#[cfg(feature = "server")]
82pub use server::{RustlsAcceptor, RustlsServerTransport};
83
84#[cfg(any(feature = "client", feature = "server"))]
85mod crypto_provider;
86pub(crate) use crypto_provider::crypto_provider;