pub struct TlsOptions {
pub server_root_ca_cert: Option<Vec<u8>>,
pub domain: Option<String>,
pub client_tls_options: Option<ClientTlsOptions>,
pub server_cert_verifier: Option<Arc<dyn ServerCertVerifier>>,
}Expand description
Configuration options for TLS
Fields§
§server_root_ca_cert: Option<Vec<u8>>Bytes representing the root CA certificate used by the server. If not set, and the server’s cert is issued by someone the operating system trusts, verification will still work (ex: Cloud offering).
domain: Option<String>Sets the domain name against which to verify the server’s TLS certificate. If not provided, the domain name will be extracted from the URL used to connect.
client_tls_options: Option<ClientTlsOptions>TLS info for the client. If specified, core will attempt to use mTLS.
server_cert_verifier: Option<Arc<dyn ServerCertVerifier>>Optional custom server certificate verifier. When set, this replaces the default
certificate verification and server_root_ca_cert is ignored.
This is useful for:
- Certificate pinning
- Custom trust-domain validation (e.g., SAN-URI extraction)
- Federated root certificate stores
§WARNING
Implementing a custom ServerCertVerifier can lead to severely insecure TLS connections
(e.g., disabling all validation or allowing man-in-the-middle attacks) if not done carefully.
Only use this if you know exactly what you are doing.
The verifier must implement ServerCertVerifier from the rustls crate.
Note that domain is still respected for the :authority header / origin override
even when a custom verifier is set.
Trait Implementations§
Source§impl Clone for TlsOptions
impl Clone for TlsOptions
Source§fn clone(&self) -> TlsOptions
fn clone(&self) -> TlsOptions
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for TlsOptions
impl Debug for TlsOptions
Source§impl Default for TlsOptions
impl Default for TlsOptions
Source§fn default() -> TlsOptions
fn default() -> TlsOptions
Auto Trait Implementations§
impl !RefUnwindSafe for TlsOptions
impl !UnwindSafe for TlsOptions
impl Freeze for TlsOptions
impl Send for TlsOptions
impl Sync for TlsOptions
impl Unpin for TlsOptions
impl UnsafeUnpin for TlsOptions
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
Source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T in a tonic::Request