Async TLS for the Tokio runtime
- Rust 100%
| Filename | Latest commit message | Latest commit date |
|---|---|---|
| examples | ||
| src | ||
| tests | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE-APACHE | ||
| LICENSE-MIT | ||
| README.md | ||
tokio-rustls
Asynchronous TLS/SSL streams for Tokio using Rustls.
Basic Structure of a Client
use rustls_pki_types::ServerName;
use std::sync::Arc;
use tokio::net::TcpStream;
use tokio_rustls::rustls::{ClientConfig, RootCertStore};
use tokio_rustls::TlsConnector;
// ...
let mut root_cert_store = RootCertStore::empty();
root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
let config = ClientConfig::builder()
.with_root_certificates(root_cert_store)
.with_no_client_auth();
let connector = TlsConnector::from(Arc::new(config));
let dnsname = ServerName::try_from("www.rust-lang.org").unwrap();
let stream = TcpStream::connect(&addr).await?;
let mut stream = connector.connect(dnsname, stream).await?;
// ...
Client Example Program
See examples/client.rs. You can run it with:
cargo run --example client -- hsts.badssl.com
Server Example Program
See examples/server.rs. You can run it with:
cargo run --example server -- 127.0.0.1:8000 --cert certs/cert.pem --key certs/cert.key.pem
If you don't have a certificate and key, you can generate a random key and self-signed certificate for testing with:
cargo install --locked rustls-cert-gen
rustls-cert-gen --output certs/ --san localhost
License & Origin
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
This started as a fork of tokio-tls.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in tokio-rustls by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.