selium_abi/
tls.rs

1//! TLS-related hostcall payloads for network configuration.
2
3use rkyv::{Archive, Deserialize, Serialize};
4
5use crate::GuestResourceId;
6
7/// TLS material supplied by a guest for server listeners.
8#[derive(Debug, Clone, PartialEq, Eq, Archive, Serialize, Deserialize)]
9#[rkyv(bytecheck())]
10pub struct TlsServerBundle {
11    /// PEM-encoded certificate chain presented by the server.
12    pub cert_chain_pem: Vec<u8>,
13    /// PEM-encoded private key for the certificate chain.
14    pub private_key_pem: Vec<u8>,
15    /// PEM-encoded CA bundle used to verify client certificates.
16    pub client_ca_pem: Option<Vec<u8>>,
17    /// Optional ALPN protocol list.
18    pub alpn: Option<Vec<String>>,
19    /// Require client authentication when true.
20    pub require_client_auth: bool,
21}
22
23/// TLS material supplied by a guest for client connections.
24#[derive(Debug, Clone, PartialEq, Eq, Archive, Serialize, Deserialize)]
25#[rkyv(bytecheck())]
26pub struct TlsClientBundle {
27    /// PEM-encoded CA bundle used to verify servers.
28    pub ca_bundle_pem: Option<Vec<u8>>,
29    /// PEM-encoded client certificate chain.
30    pub client_cert_pem: Option<Vec<u8>>,
31    /// PEM-encoded private key for the client certificate.
32    pub client_key_pem: Option<Vec<u8>>,
33    /// Optional ALPN protocol list.
34    pub alpn: Option<Vec<String>>,
35}
36
37/// Arguments for creating a server-side TLS configuration handle.
38#[derive(Debug, Clone, PartialEq, Eq, Archive, Serialize, Deserialize)]
39#[rkyv(bytecheck())]
40pub struct NetTlsServerConfig {
41    /// TLS bundle supplied for server listeners.
42    pub bundle: TlsServerBundle,
43}
44
45/// Arguments for creating a client-side TLS configuration handle.
46#[derive(Debug, Clone, PartialEq, Eq, Archive, Serialize, Deserialize)]
47#[rkyv(bytecheck())]
48pub struct NetTlsClientConfig {
49    /// TLS bundle supplied for client connections.
50    pub bundle: TlsClientBundle,
51}
52
53/// Reply containing a TLS configuration handle.
54#[derive(Debug, Clone, PartialEq, Eq, Archive, Serialize, Deserialize)]
55#[rkyv(bytecheck())]
56pub struct NetTlsConfigReply {
57    /// TLS configuration handle registered in the instance registry.
58    pub handle: GuestResourceId,
59}
selium_abi/tls.rs

selium_abi/
tls.rs
