Expand description
rustls integration for SPIFFE X509Source (SPIRE Workload API).
This crate builds rustls::ClientConfig and rustls::ServerConfig that use an always-up-to-date
spiffe::X509Source for:
- the local X.509 SVID (certificate + private key)
- the trust bundle for peer verification (by trust domain)
Peer authorization is performed using a user-provided callback over the peer SPIFFE ID
(URI SAN, e.g. spiffe://example.org/myservice).
See examples/mtls_tcp_client and examples/mtls_tcp_server for complete runnable examples.
Structs§
- Client
Config Builder - Builds a
rustls::ClientConfigbacked by anspiffe::X509Source. - Client
Config Options - Options for building a SPIFFE-aware
rustls::ClientConfig. - Server
Config Builder - Builds a
rustls::ServerConfigbacked by anspiffe::X509Source. - Server
Config Options - Options for building a SPIFFE-aware
rustls::ServerConfig.
Enums§
- Error
- Errors returned by
spiffe-rustls.
Functions§
- authorize_
any - Returns an authorization hook that accepts any SPIFFE ID.
- authorize_
exact - Returns an authorization hook that only accepts the given SPIFFE IDs.
Type Aliases§
- Authorize
Spiffe Id - Authorization hook for peer SPIFFE IDs.
- Result
- Result type used by this crate.