1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
use std::fs::OpenOptions;
use std::sync::Arc;
use ::rustls::ClientConfig as TlsClientConfig;
use ::rustls::RootCertStore;
use ::tokio_rustls::TlsConnector;
use crate::AnyError;
#[derive(Debug, Clone, ::structopt::StructOpt)]
pub struct CARootsConfig {
#[structopt(long = "add-ca-roots", env = "ADD_CA_ROOTS")]
pub files: Vec<String>,
}
impl CARootsConfig {
pub fn create_tls_connector(&self) -> Result<TlsConnector, AnyError> {
let mut root_cert_store = RootCertStore::empty();
for ca_roots_file in &self.files {
let ca_roots_fd = OpenOptions::new().read(true).open(ca_roots_file)?;
let (roots_added, roots_ignored) = root_cert_store
.add_pem_file(&mut std::io::BufReader::new(ca_roots_fd))
.expect("Failed to add CA-roots");
log::debug!(
"CA-roots [added: {}; ignored: {}]",
roots_added,
roots_ignored
);
}
let mut client_config = TlsClientConfig::default();
client_config.root_store = root_cert_store;
let client_config = Arc::new(client_config);
let tls_connector = TlsConnector::from(client_config);
Ok(tls_connector)
}
}