Skip to main content

Crate cgn_tls

Crate cgn_tls 

Source
Expand description

TLS / mTLS helpers for inter-service gRPC.

Cognitora speaks gRPC across hosts and uses mutual TLS for everything that crosses a network boundary. This crate exposes a couple of small helpers built on top of rustls and tonic:

  • load_identity – read a PEM cert + key into a tonic Identity.
  • server_tls – assemble a tonic ServerTlsConfig requiring mTLS.
  • client_tls – assemble a tonic ClientTlsConfig against a CA.
  • generate_dev_pki – bootstrap a self-signed CA + leaf for cgn-ctl pki.

Structs§

DevPki
Output of generate_dev_pki.

Functions§

client_tls
Client-side TLS config that trusts ca_path and presents cert/key.
generate_dev_pki
Generate a self-signed CA + a leaf cert valid for subject_alt_names, returning PEM bytes for (ca_cert, ca_key, leaf_cert, leaf_key).
load_identity
Load a PEM-encoded certificate + private key from disk.
server_tls
Server-side TLS config requiring client certs (mTLS).