knafeh 1.0.0

QUIC-based RPC library with Python bindings
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

use std::path::{Path, PathBuf};

/// TLS configuration for QUIC connections.
///
/// QUIC mandates TLS 1.3 — there is no plaintext mode. This struct wraps
/// the certificate, key, and CA paths needed by quiche.
#[derive(Debug, Clone)]
pub struct TlsConfig {
    /// Path to the PEM certificate file (server) or CA bundle (client).
    pub cert_path: PathBuf,
    /// Path to the PEM private key file (server only).
    pub key_path: Option<PathBuf>,
    /// Path to the CA certificate for verifying the peer.
    pub ca_path: Option<PathBuf>,
    /// ALPN protocols to negotiate. Defaults to `["h3"]`.
    pub alpn: Vec<Vec<u8>>,
    /// Whether to verify the peer certificate. Defaults to `true`.
    pub verify_peer: bool,
}

impl TlsConfig {
    /// Create a server TLS config with cert + key.
    pub fn server(cert: impl AsRef<Path>, key: impl AsRef<Path>) -> Self {
        Self {
            cert_path: cert.as_ref().to_path_buf(),
            key_path: Some(key.as_ref().to_path_buf()),
            ca_path: None,
            alpn: vec![b"h3".to_vec()],
            verify_peer: false,
        }
    }

    /// Create a client TLS config with CA cert for server verification.
    pub fn client(ca: impl AsRef<Path>) -> Self {
        Self {
            cert_path: PathBuf::new(),
            key_path: None,
            ca_path: Some(ca.as_ref().to_path_buf()),
            alpn: vec![b"h3".to_vec()],
            verify_peer: true,
        }
    }

    /// Create a client TLS config that does not verify the server cert.
    /// Useful for testing with self-signed certificates.
    pub fn client_insecure() -> Self {
        Self {
            cert_path: PathBuf::new(),
            key_path: None,
            ca_path: None,
            alpn: vec![b"h3".to_vec()],
            verify_peer: false,
        }
    }

    /// Set ALPN protocols.
    pub fn with_alpn(mut self, alpn: Vec<Vec<u8>>) -> Self {
        self.alpn = alpn;
        self
    }

    /// Enable or disable peer verification.
    pub fn with_verify_peer(mut self, verify: bool) -> Self {
        self.verify_peer = verify;
        self
    }
}