pub fn mtls_client(source: X509Source) -> ClientConfigBuilderExpand description
Constructor for the mTLS client builder.
Creates a client builder with default settings:
- authorizer:
authorizer::any, which accepts any authenticated SPIFFE ID from any trust domain accepted by the configured trust-domain policy. By default, this means every trust domain in the source bundle set. - trust-domain policy:
TrustDomainPolicy::AnyInBundleSet, which accepts any trust domain present in the source bundle set
Production deployments should usually configure a more specific authorizer. Non-federated
deployments should usually configure TrustDomainPolicy::LocalOnly.
ยงExamples
use spiffe_rustls::{authorizer, mtls_client};
let source = spiffe::X509Source::new().await?;
let client_config = mtls_client(source)
.authorize(authorizer::exact([
"spiffe://example.org/myservice",
])?)
.build()?;