pub struct RotatingTlsConfig { /* private fields */ }Expand description
Hot-reload-capable wrapper around Arc<ServerConfig>. Between reads
(new connections read fresh) and writes (SIGHUP reload swaps the
inner Arc), a RwLock is the natural form.
Connections that already hold an Arc<ServerConfig> at reload time
keep their cert for the session. New connections after the reload
see the new cert — this is the spec-conformant semantics (SIGHUP
only rotates future sessions, no forced renegotiation).
Implementations§
Source§impl RotatingTlsConfig
impl RotatingTlsConfig
Sourcepub fn load(
cert_path: PathBuf,
key_path: PathBuf,
client_ca_path: Option<PathBuf>,
) -> Result<Self, TlsConfigError>
pub fn load( cert_path: PathBuf, key_path: PathBuf, client_ca_path: Option<PathBuf>, ) -> Result<Self, TlsConfigError>
Initially loads cert+key (optional client CA for mTLS) and returns a rotatable wrapper.
§Errors
TlsConfigError on load/build error.
Sourcepub fn current(&self) -> Arc<ServerConfig>
pub fn current(&self) -> Arc<ServerConfig>
Gets the current Arc<ServerConfig> for a new connection.
Block-free on the read-lock fast path; on a reload conflict
read() blocks briefly on the RwLock.
Sourcepub fn reload(&self) -> Result<(), TlsConfigError>
pub fn reload(&self) -> Result<(), TlsConfigError>
SIGHUP hook: reloads cert+key from disk and atomically swaps the
stored Arc.
§Errors
TlsConfigError on load/build error. On error the existing
cert stays active (no-op).
Trait Implementations§
Source§impl Clone for RotatingTlsConfig
impl Clone for RotatingTlsConfig
Source§fn clone(&self) -> RotatingTlsConfig
fn clone(&self) -> RotatingTlsConfig
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more