Skip to main content

mtls_client

Function mtls_client 

Source
pub fn mtls_client(source: X509Source) -> ClientConfigBuilder
Expand description

Constructor for the mTLS client builder.

Creates a client builder with default settings:

  • authorizer: authorizer::any, which accepts any authenticated SPIFFE ID from any trust domain accepted by the configured trust-domain policy. By default, this means every trust domain in the source bundle set.
  • trust-domain policy: TrustDomainPolicy::AnyInBundleSet, which accepts any trust domain present in the source bundle set

Production deployments should usually configure a more specific authorizer. Non-federated deployments should usually configure TrustDomainPolicy::LocalOnly.

ยงExamples

use spiffe_rustls::{authorizer, mtls_client};

let source = spiffe::X509Source::new().await?;

let client_config = mtls_client(source)
    .authorize(authorizer::exact([
        "spiffe://example.org/myservice",
    ])?)
    .build()?;