Struct TlsConfig 

pub struct TlsConfig {
    pub trust_server_certificate: bool,
    pub root_certificates: Vec<CertificateDer<'static>>,
    pub client_auth: Option<ClientAuth>,
    pub server_name: Option<String>,
    pub min_protocol_version: TlsVersion,
    pub max_protocol_version: TlsVersion,
    pub strict_mode: bool,
    pub alpn_protocols: Vec<Vec<u8>>,
}

TLS configuration for SQL Server connections.

Fields

trust_server_certificate: bool

Whether to trust the server certificate without validation.

Warning: This is insecure and should only be used for testing.

root_certificates: Vec<CertificateDer<'static>>

Custom root certificates to trust.

If empty, the system root certificates are used.

client_auth: Option<ClientAuth>

Client authentication credentials for mutual TLS (TDS 8.0 client cert auth).

server_name: Option<String>

Server hostname for certificate validation.

If not set, the connection hostname is used.

min_protocol_version: TlsVersion

Minimum TLS version to accept.

max_protocol_version: TlsVersion

Maximum TLS version to accept.

strict_mode: bool

Whether to use TDS 8.0 strict mode (TLS before any TDS traffic).

alpn_protocols: Vec<Vec<u8>>

Application-layer protocol negotiation (ALPN) protocols.

Implementations

impl TlsConfig

pub fn new() -> Self

Create a new TLS configuration with default settings.

pub fn trust_server_certificate(self, trust: bool) -> Self

Trust the server certificate without validation.

Warning: This is insecure and should only be used for testing.

pub fn add_root_certificate(self, cert: CertificateDer<'static>) -> Self

Add a custom root certificate to trust.

pub fn with_root_certificates(self, certs: Vec<CertificateDer<'static>>) -> Self

Set custom root certificates, replacing any existing ones.

pub fn with_client_auth( self, certs: Vec<CertificateDer<'static>>, key: PrivateKeyDer<'static>, ) -> Self

Set client certificate and key for mutual TLS.

pub fn with_server_name(self, name: impl Into<String>) -> Self

Set the server name for certificate validation.

pub fn min_protocol_version(self, version: TlsVersion) -> Self

Set the minimum TLS version.

pub fn max_protocol_version(self, version: TlsVersion) -> Self

Set the maximum TLS version.

pub fn strict_mode(self, enabled: bool) -> Self

Enable TDS 8.0 strict mode.

pub fn with_alpn_protocols(self, protocols: Vec<Vec<u8>>) -> Self

Set ALPN protocols.

pub fn has_client_auth(&self) -> bool

Check if client certificate authentication is configured.

pub fn add_root_certificate_der(self, der_bytes: Vec<u8>) -> Self

Add a root certificate from DER-encoded bytes.

This is a convenience method that avoids requiring a direct dependency on the rustls crate. For PEM-encoded certificates, parse them first using the rustls-pemfile crate.

pub fn with_client_auth_der( self, cert_chain_der: Vec<Vec<u8>>, private_key_der: Vec<u8>, ) -> Self

Set client certificate and key from DER-encoded bytes.

This is a convenience method that avoids requiring a direct dependency on the rustls crate.

• cert_chain_der - DER-encoded certificate chain
• private_key_der - DER-encoded private key (PKCS#8 format)

Trait Implementations

impl Clone for TlsConfig

fn clone(&self) -> TlsConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for TlsConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for TlsConfig

fn default() -> Self

Returns the “default value” for a type.