pub fn mtls_client(source: X509Source) -> ClientConfigBuilderExpand description
Convenience constructor for the mTLS client builder.
This creates a client builder with default settings:
- Authorization: accepts any SPIFFE ID (authentication only)
- Trust domain policy:
AnyInBundleSet(uses all bundles from the Workload API)
ยงExamples
use spiffe_rustls::{authorizer, mtls_client};
let source = spiffe::X509Source::new().await?;
// Using a convenience constructor - pass string literals directly
let client_config = mtls_client(source.clone())
.authorize(authorizer::exact([
"spiffe://example.org/myservice",
"spiffe://example.org/myservice2",
])?)
.build()?;
// Using a closure
let client_config = mtls_client(source.clone())
.authorize(|id: &spiffe::SpiffeId| id.path().starts_with("/api/"))
.build()?;
// Using the Any authorizer (default)
let client_config = mtls_client(source)
.authorize(authorizer::any())
.build()?;