spiffe_rustls/
lib.rs

1//! rustls integration for SPIFFE `X509Source` (SPIRE Workload API).
2//!
3//! This crate builds `rustls::ClientConfig` and `rustls::ServerConfig` that use an always-up-to-date
4//! [`spiffe::X509Source`] for:
5//! - the local X.509 SVID (certificate + private key)
6//! - the trust bundle for peer verification (by trust domain)
7//!
8//! Peer authorization is performed using a user-provided callback over the peer SPIFFE ID
9//! (URI SAN, e.g. `spiffe://example.org/myservice`).
10//!
11//! See `examples/mtls_tcp_client` and `examples/mtls_tcp_server` for complete runnable examples.
12
13#[cfg(all(feature = "ring", feature = "aws-lc-rs"))]
14compile_error!("Enable only one crypto provider feature: `ring` or `aws-lc-rs`.");
15
16#[cfg(not(any(feature = "ring", feature = "aws-lc-rs")))]
17compile_error!("Enable one crypto provider feature: `ring` (default) or `aws-lc-rs`.");
18
19mod crypto;
20
21mod client;
22mod error;
23mod material;
24mod resolve;
25mod server;
26mod types;
27mod verifier;
28
29pub use client::{ClientConfigBuilder, ClientConfigOptions};
30pub use error::{Error, Result};
31pub use server::{ServerConfigBuilder, ServerConfigOptions};
32pub use types::{authorize_any, authorize_exact, AuthorizeSpiffeId};
spiffe_rustls/lib.rs

spiffe_rustls/
lib.rs
