Struct SecurityConfig 

pub struct SecurityConfig { /* private fields */ }

Security configuration used to communicate with a service.

Implementations

impl SecurityConfig

pub fn builder() -> Builder<Complete>

Returns a new builder.

impl SecurityConfig

pub fn ca_file(&self) -> Option<&Path>

The path to a file containing PEM-formatted root certificates trusted to identify the service.

These certificates are used in addition to the bundled root CA list.

pub fn key_file(&self) -> Option<&Path>

The path to a file containing a PEM-formatted private key used for client certificate authentication.

This key is expected to match the leaf certificate in Self::cert_file.

pub fn cert_file(&self) -> Option<&Path>

The path to a file containing PEM-formatted certificates used for client certificate authentication.

The file should start with the leaf certificate corresponding to the key in Self::key_file, and the contain the remainder of the certificate chain to a trusted root.

pub fn pinned_certs(&self) -> &[String]

PEM-formatted leaf certificates to pin against, one PEM document per entry.

When non-empty, the client will only consider a TLS connection valid if the server’s end-entity certificate matches one of the certificates in this list. The certificate chain itself is not validated against any trust anchor; pinning the leaf is sufficient to identify the server. This is intended as an escape hatch for environments whose CA hierarchy uses X.509 features (e.g. directoryName name constraints, see RFC 5280 §4.2.1.10) that the underlying TLS library does not support.

Because the chain is skipped, the configured certificates must be rotated in lockstep with the server’s leaf certificate. Operators that enable this option should ensure they have a process to keep the pins up to date, or service traffic will fail when the server’s certificate is renewed.

Trait Implementations

impl Clone for SecurityConfig

fn clone(&self) -> SecurityConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for SecurityConfig

fn default() -> SecurityConfig

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for SecurityConfig

fn deserialize<__D>( __deserializer: __D, ) -> Result<SecurityConfig, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<SecurityConfig> for Builder<Complete>

fn from(v: SecurityConfig) -> Builder<Complete>

Converts to this type from the input type.

impl Hash for SecurityConfig

fn hash<__H>(&self, state: &mut __H)

where __H: Hasher,

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for SecurityConfig

fn eq(&self, other: &SecurityConfig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for SecurityConfig

impl StructuralPartialEq for SecurityConfig