Async TLS for the Tokio runtime

Go to file

Brian Picciano 077565b908 Implemented AsyncReadCapture and AsyncReadWrite These are utility types which will help capture the ClientHello as it is being read and parsed, as well as any data following it which might get buffered in the acceptore. This way we can get that data back out in case we want to switch into transparent TCP mode again.		2023-07-22 13:40:19 +02:00
.github/workflows	Trigger CI run on push to main	2023-06-12 10:25:33 +01:00
examples	Move tokio-rustls to top level	2023-05-31 17:09:52 +02:00
scripts	Move tokio-rustls to top level	2023-05-31 17:09:52 +02:00
src	Implemented AsyncReadCapture and AsyncReadWrite	2023-07-22 13:40:19 +02:00
tests	Merge branch 'master' for take_io()	2023-06-06 09:23:44 +02:00
.gitignore	Auto-generate TLS server certificate for unix platform (#8 )	2020-04-03 10:16:23 -04:00
Cargo.toml	Update MSRV to 1.60 and test it	2023-06-12 10:25:33 +01:00
LICENSE-APACHE	Move tokio-rustls to top level	2023-05-31 17:09:52 +02:00
LICENSE-MIT	Move tokio-rustls to top level	2023-05-31 17:09:52 +02:00
README.md	Update links in README	2023-05-31 17:09:52 +02:00

README.md

tokio-rustls

Asynchronous TLS/SSL streams for Tokio using Rustls.

Basic Structure of a Client

use std::sync::Arc;
use tokio::net::TcpStream;
use tokio_rustls::rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName};
use tokio_rustls::TlsConnector;

// ...

let mut root_cert_store = RootCertStore::empty();
root_cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
    OwnedTrustAnchor::from_subject_spki_name_constraints(
        ta.subject,
        ta.spki,
        ta.name_constraints,
    )
}));
let config = ClientConfig::builder()
    .with_safe_defaults()
    .with_root_certificates(root_cert_store)
    .with_no_client_auth();
let connector = TlsConnector::from(Arc::new(config));
let dnsname = ServerName::try_from("www.rust-lang.org").unwrap();

let stream = TcpStream::connect(&addr).await?;
let mut stream = connector.connect(dnsname, stream).await?;

// ...

Client Example Program

See examples/client. You can run it with:

cd examples/client
cargo run -- hsts.badssl.com

Server Example Program

See examples/server. You can run it with:

cd examples/server
cargo run -- 127.0.0.1:8000 --cert mycert.der --key mykey.der

License & Origin

This project is licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

This started as a fork of tokio-tls.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in tokio-rustls by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.