Struct Client 

#[non_exhaustive]
pub struct Client {
    pub root: Vec<PathBuf>,
    pub system_roots: Option<bool>,
    pub fingerprint: Vec<String>,
    pub cert: Option<PathBuf>,
    pub key: Option<PathBuf>,
    pub disable_verify: Option<bool>,
}

TLS configuration for the client.

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

root: Vec<PathBuf>

Trust the TLS root at this path, encoded as PEM.

This value can be provided multiple times for multiple roots. In config files, accepts either a single string or a TOML array.

These roots are added on top of the system roots. By default the system roots are only loaded when no custom root is given, so passing a root replaces them; set --tls-system-roots to trust both (e.g. to reach a local relay with a private CA and a remote one with a public CA).

system_roots: Option<bool>

Also trust the platform’s native root certificates.

Defaults to enabled only when no --tls-root is given. Set it explicitly to trust the system roots alongside any custom roots, or set it to false to trust only the custom roots. Trusting neither (no custom root and system roots disabled) is rejected, since verification could never pass.

fingerprint: Vec<String>

Pin the peer to a certificate with one of these SHA-256 fingerprints, encoded as hex.

This is the native equivalent of the browser’s WebTransport serverCertificateHashes, and accepts the same values a server reports via its certificate fingerprints. Use it to trust a self-signed certificate without disabling verification or fetching the hash over an insecure http:// request. When set, the normal CA/root chain is bypassed: only the leaf certificate’s fingerprint is checked.

This value can be provided multiple times to accept any of several fingerprints (e.g. across a certificate rotation). In config files, accepts either a single string or a TOML array.

cert: Option<PathBuf>

PEM file containing the client certificate chain for mTLS.

Only certificates are extracted; any private keys in the file are ignored. Must be paired with --client-tls-key.

key: Option<PathBuf>

PEM file containing the private key for mTLS.

Only the private key is extracted; any certificates in the file are ignored. Must be paired with --client-tls-cert.

disable_verify: Option<bool>

Danger: Disable TLS certificate verification.

Fine for local development and between relays, but should be used in caution in production.

Implementations

impl Client

pub fn build(&self) -> Result<ClientConfig>

Build a rustls::ClientConfig from this configuration.

Trusts the configured roots plus the platform’s native roots (the latter gated by system_roots), optionally attaches a client identity for mTLS, and swaps in fingerprint pinning or disabled verification when requested.

Trait Implementations

impl Args for Client

fn group_id() -> Option<Id>

Report the ArgGroup::id for this set of arguments

fn augment_args<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate Self via FromArgMatches::from_arg_matches_mut

fn augment_args_for_update<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate self via FromArgMatches::update_from_arg_matches_mut

impl Clone for Client

fn clone(&self) -> Client

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Client

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Client

fn default() -> Client

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Client

where Client: Default,

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl FromArgMatches for Client

fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed.

fn from_arg_matches_mut( __clap_arg_matches: &mut ArgMatches, ) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed.

fn update_from_arg_matches( &mut self, __clap_arg_matches: &ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.

fn update_from_arg_matches_mut( &mut self, __clap_arg_matches: &mut ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.

impl Serialize for Client

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.