pub async fn load_rustls_config(
cert_path: &Path,
key_path: &Path,
) -> Result<RustlsConfig>Expand description
Load a PEM cert + PEM key (PKCS#8 or RSA) into an axum-server
rustls config. Returns an error with a specific message for the
operator rather than letting rustls’ wrapped IO error bubble up —
TLS misconfigurations are the #1 new-deploy footgun.
v0.7.0 H3 — protocol versions are pinned to TLS 1.3 (preferred)
- TLS 1.2 (floor). See
SUPPORTED_PROTOCOL_VERSIONS.
v0.7.0 H4 — private key file permissions are checked before loading; loose permissions surface as a WARN but do not refuse.