Async TLS for the Tokio runtime
Go to file
Brian Picciano 077565b908 Implemented AsyncReadCapture and AsyncReadWrite
These are utility types which will help capture the ClientHello as it is
being read and parsed, as well as any data following it which might get
buffered in the acceptore. This way we can get that data back out in
case we want to switch into transparent TCP mode again.
2023-07-22 13:40:19 +02:00
.github/workflows Trigger CI run on push to main 2023-06-12 10:25:33 +01:00
examples Move tokio-rustls to top level 2023-05-31 17:09:52 +02:00
scripts Move tokio-rustls to top level 2023-05-31 17:09:52 +02:00
src Implemented AsyncReadCapture and AsyncReadWrite 2023-07-22 13:40:19 +02:00
tests Merge branch 'master' for take_io() 2023-06-06 09:23:44 +02:00
.gitignore Auto-generate TLS server certificate for unix platform (#8) 2020-04-03 10:16:23 -04:00
Cargo.toml Update MSRV to 1.60 and test it 2023-06-12 10:25:33 +01:00
LICENSE-APACHE Move tokio-rustls to top level 2023-05-31 17:09:52 +02:00
LICENSE-MIT Move tokio-rustls to top level 2023-05-31 17:09:52 +02:00
README.md Update links in README 2023-05-31 17:09:52 +02:00

tokio-rustls

github actions crates license license docs.rs

Asynchronous TLS/SSL streams for Tokio using Rustls.

Basic Structure of a Client

use std::sync::Arc;
use tokio::net::TcpStream;
use tokio_rustls::rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName};
use tokio_rustls::TlsConnector;

// ...

let mut root_cert_store = RootCertStore::empty();
root_cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
    OwnedTrustAnchor::from_subject_spki_name_constraints(
        ta.subject,
        ta.spki,
        ta.name_constraints,
    )
}));
let config = ClientConfig::builder()
    .with_safe_defaults()
    .with_root_certificates(root_cert_store)
    .with_no_client_auth();
let connector = TlsConnector::from(Arc::new(config));
let dnsname = ServerName::try_from("www.rust-lang.org").unwrap();

let stream = TcpStream::connect(&addr).await?;
let mut stream = connector.connect(dnsname, stream).await?;

// ...

Client Example Program

See examples/client. You can run it with:

cd examples/client
cargo run -- hsts.badssl.com

Server Example Program

See examples/server. You can run it with:

cd examples/server
cargo run -- 127.0.0.1:8000 --cert mycert.der --key mykey.der

License & Origin

This project is licensed under either of

at your option.

This started as a fork of tokio-tls.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in tokio-rustls by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.