Crate trillium_rustls
source ·Expand description
This crate provides rustls trait implementations for trillium client ([RustlsConnector
]) and
server (RustlsAcceptor
).
§Cargo Features
This crate’s default features should be appropriate for most users. To pare down on dependencies or customize trillium-rustls’ usage of rustls, opt out of default features and reenable the appropriate features for your use case.
§server
and client
features
This crate offers a server
feature and a client
feature. Opting out of default features allows
you to avoid building any dependencies for the unused other component. By default, both server
and
client
features are enabled.
§Cryptographic backend selection
Rustls supports pluggable cryptographic backends as well as a process-default cryptographic cryptographic backend. There are two built-in feature-enabled cryptographic backends and other community provided cryptographic backends.
⚠️ There are three cryptographic backend cargo features, and they behave differently than the rustls features. Please read the following section.⚠️
trillium-rustls
tries to avoid runtime panics where possible, so compiling this crate without a
valid cryptographic backend will result in a compile time error. To opt into rustls’s default
process-default behavior, enable custom-crypto-provider
as described below. Enabling multiple
crypto providers will select exactly one of them at compile time in the following order:
§aws-lc-rs
This is the default cryptographic backend in concordance with rustls’ default. This backend will be
selected if the feature is enabled. If either of the other two cryptographic backends are selected,
trillium-rustls will log an error but use aws-lc-rs
.
§ring
If this feature is enabled, this backend will be selected even if custom-crypto-provider
is also
enabled.
§custom-crypto-provider
In order to use a crypto provider other than the above two options, enable the
custom-crypto-provider
feature and either configure a
[trillium_rustls::rustls::ClientConfig
][rustls::ClientConfig] or
[trillium_rustls::rustls::ServerConfig
][rustls::ServerConfig] yourself to convert the equivalent
trillium-rustls
type, or install a custom process-default crypto provider with
[trillium_rustls::rustls::crypto::CryptoProvider::install_default
][rustls::crypto::CryptoProvider::install_default]
prior to executing trillium-rustls code.
§Client verifier
This crate offers a platform-verifier
feature for client usage that builds a ClientConfig with the
selected cryptographic backend and uses
rustls-platform-verifier
. This feature is enabled by
default. If you disable the feature, [webpki_roots
] will be used.
Re-exports§
pub use futures_rustls;
pub use futures_rustls::rustls;
Structs§
- trillium [
Acceptor
] for Rustls - Transport for the rustls connector
- Client configuration for RustlsConnector
- Transport for rustls server acceptor