Skip to main content

Crate warp_openssl

Crate warp_openssl 

Source
Expand description

§warp-openssl

warp-openssl adds OpenSSL-backed TLS support to warp.

warp 0.4 no longer ships a built-in TLS server, so this crate provides a drop-in serve function with a builder API for configuring certificates, TLS levels, and optional or required client authentication.

So the following example:

 use warp::serve;

 let server = serve(warp::Filter::map(warp::any(), || "Hello, World!"));

would convert to:

 use warp_openssl::serve;

 let cert = vec![]; // certificate to use
 let key = vec![]; // private key for the certificate
 let server = serve(warp::Filter::map(warp::any(), || "Hello, World!"))
    .key(key)
    .cert(cert);

There is additional support for SSL key logging file to enable viewing network traffic in wireshark. Just set the SSLKEYLOGFILE environment variable to the path of the file you want to use and the key log gets generated to that file.

If client authentication is enabled, the peer certificate is injected into the request extensions and can be accessed in a filter with warp::filters::ext::optional::<warp_openssl::Certificate>():

use std::sync::Arc;

use warp_openssl::{Certificate, CertificateVerifier, serve};

let cert = vec![]; // certificate to use
let key = vec![]; // private key for the certificate
let trust_anchor = vec![]; // certificate authority for client certs

#[derive(Debug)]
struct AllowAllVerifier;

impl CertificateVerifier for AllowAllVerifier {
    fn verify_certificate(&self, _: &Certificate) -> warp_openssl::Result<()> {
        Ok(())
    }
}

let server = serve(warp::Filter::map(
   warp::Filter::and(warp::any(), warp::filters::ext::optional()),
   |_cert: Option<warp_openssl::Certificate>| "Hello, World!"
))
.key(key)
.cert(cert)
.client_auth_optional(trust_anchor, Arc::new(AllowAllVerifier));

Structs§

Certificate
Certificate information for a TLS connection.
OpensslServer
Create an openssl based TLS warp server with the provided filter.

Enums§

TlsLevel
Settings corresponding to TLS level based on Mozilla’s server side TLS recommendations. See its documentation for more details on specifics.

Traits§

CertificateVerifier
A trait for verifying a certificate.

Functions§

serve
Create an OpensslServer with the provided Filter.