#[derive(Debug, Clone)]
pub struct TlsListenerConfig {
pub cert: TlsConfig,
pub options: TlsOptions,
pub mtls: Option<MtlsConfig>,
pub ocsp: OcspConfig,
}
#[derive(Debug, Clone)]
pub struct OcspConfig {
pub enabled: bool,
pub fetch_timeout_secs: u64,
pub min_refresh_secs: u64,
pub failure_backoff_secs: u64,
}
impl Default for OcspConfig {
fn default() -> Self {
OcspConfig {
enabled: true,
fetch_timeout_secs: 10,
min_refresh_secs: 3600,
failure_backoff_secs: 300,
}
}
}
#[derive(Debug, Clone)]
pub struct MtlsConfig {
pub cas: Vec<String>,
pub mode: MtlsMode,
pub crls: Vec<String>,
pub crl_refresh_secs: u64,
}
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum MtlsMode {
Required,
Optional,
}
#[derive(Debug, Clone)]
pub enum TlsConfig {
Files { cert: String, key: String },
SelfSigned,
Acme {
domains: Vec<String>,
name: Option<String>,
email: Option<String>,
staging: bool,
server: Option<String>,
retry_interval_secs: u64,
challenge: ChallengeKind,
dns_provider: Option<DnsProviderConfig>,
},
Ref(String),
}
#[derive(Debug, Clone, Default)]
pub struct TlsOptions {
pub min_version: Option<TlsVersion>,
pub ciphers: Vec<String>,
}
impl TlsOptions {
pub fn resolve(&self, defaults: &Self) -> Self {
TlsOptions {
min_version: self.min_version.or(defaults.min_version),
ciphers: if !self.ciphers.is_empty() {
self.ciphers.clone()
} else {
defaults.ciphers.clone()
},
}
}
}
#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
pub enum ChallengeKind {
#[default]
Http01,
Dns01,
TlsAlpn01,
}
#[derive(Debug, Clone)]
pub enum DnsProviderConfig {
AcmeDns {
api_url: String,
username: String,
password: String,
subdomain: String,
},
Cloudflare {
zone_id: String,
api_token: String,
},
Exec {
program: String,
args: Vec<String>,
},
}
#[derive(Debug, Clone, Copy)]
pub enum TlsVersion {
Tls12,
Tls13,
}