Asynchronous TLS/SSL streams for Tokio using Rustls.
use rustls_pki_types::ServerName;
use std::sync::Arc;
use tokio::net::TcpStream;
use tokio_rustls::rustls::{ClientConfig, RootCertStore};
use tokio_rustls::TlsConnector;
// ...
let mut root_cert_store = RootCertStore::empty();
root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
let config = ClientConfig::builder()
.with_root_certificates(root_cert_store)
.with_no_client_auth();
let connector = TlsConnector::from(Arc::new(config));
let dnsname = ServerName::try_from("www.rust-lang.org").unwrap();
let stream = TcpStream::connect(&addr).await?;
let mut stream = connector.connect(dnsname, stream).await?;
// ...See examples/client.rs. You can run it with:
cargo run --example client -- hsts.badssl.comSee examples/server.rs. You can run it with:
cargo run --example server -- 127.0.0.1:8000 --cert certs/cert.pem --key certs/cert.key.pemIf you don't have a certificate and key, you can generate a random key and self-signed certificate for testing with:
cargo install --locked rustls-cert-gen
rustls-cert-gen --output certs/ --san localhostThis project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
This started as a fork of tokio-tls.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in tokio-rustls by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
