Function aggligator_util::net::tls_server

source ·

pub async fn tls_server<F>(
    cfg: Cfg,
    addr: SocketAddr,
    tls_server_cfg: Arc<ServerConfig>,
    work_fn: impl Fn(Stream) -> F + Send + 'static
) -> Result<()>where
    F: Future<Output = ()> + Send + 'static,

Available on crate feature tls only.

Expand description

Runs a TCP server accepting connections of aggregated links, which are encrypted and authenticated using TLS.

cfg is the configuration and in most cases Cfg::default() should be used.

The TCP server listens on addr and accepts connections of aggregated TCP links. For each new connection the work function work_fn is spawned onto a new Tokio task.

Each incoming link is encrypted using TLS with the configuration specified in tls_server_cfg.

Example

This example listens on all interfaces on port 5901.

If the server has multiple interfaces, all IP addresses should be registered in DNS so that clients can discover them and establish multiple links.

use std::net::{Ipv6Addr, SocketAddr};
use std::sync::Arc;
use aggligator::cfg::Cfg;
use aggligator_util::net::tls_server;
use rustls::ServerConfig;

#[tokio::main]
async fn main() -> std::io::Result<()> {
    let tls_certs = todo!("load certificate tree");
    let tls_key = todo!("load private key");

    let tls_cfg = Arc::new(
        ServerConfig::builder()
            .with_safe_defaults()
            .with_no_client_auth()
            .with_single_cert(tls_certs, tls_key)
            .unwrap()
    );

    tls_server(
        Cfg::default(),
        SocketAddr::new(Ipv6Addr::UNSPECIFIED.into(), 5901),
        tls_cfg,
        |stream| async move {
            // use the incoming connection
        }
    ).await?;

    Ok(())
}