Crate rustls_sni_resolver 

A minimal ResolvesServerCert implementation backed by { by_sni: HashMap<String, Arc<E>>, default: Option<Arc<E>> }, with the whole struct designed to live behind an Arc<ArcSwap<_>> so a config reload is one atomic pointer swap.

E is generic over a EntryKey trait, so callers can attach their own per-cert state (expiry timestamps, OCSP staple handles, ACME order IDs) without a fork.

Structs

CertStore

Per-listener cert pool: zero-or-more SNI-keyed entries plus an optional sni-less default. The default fires when a ClientHello has no SNI extension or when the SNI does not match any Self::by_sni key. A listener has at most one default.

Resolver

rustls::server::ResolvesServerCert implementation backed by an ArcSwap<CertStore<E>>. Reads the current store on every handshake — a populator-driven swap is observed by the next ClientHello, never mid-connection (TLS does not permit that).

Traits

EntryKey

A trait satisfied by anything that carries a rustls Arc<CertifiedKey> (cert chain + signing key + optional OCSP staple). Used by CertStore::lookup to extract the handshake material from a caller-defined entry type.