Skip to main content

TlsClientConfig

rama::tls::client

Struct TlsClientConfig

pub struct TlsClientConfig(/* private fields */);

Available on crate feature tls only.

Expand description

A backend agnostic builder for the common TLS configs.

It holds a set of fine grained config extensions (e.g. TlsAlpn, TlsServerVerify) and exposes typed setters for the settings both TLS backends support. Backend crates add setters for their backend-specific pieces via extension traits (RustlsClientConfigExt or BoringServerConfigExt).

Implementations§

impl TlsClientConfig

pub fn new() -> TlsClientConfig

Available on crate feature boring only.

Create an empty config.

pub fn default_http() -> TlsClientConfig

Available on crate feature boring only.

Create a default TlsClientConfig that enables:

ALPN: H2, http1.1
Keylogger: KeyLogIntent::Environment

pub fn write_to(&self, extensions: &Extensions)

Available on crate feature boring only.

Transfer this config’s pieces onto extensions (appending, so they override existing entries of the same type — newest-wins). Use this to transfer the tls config to e.g. request extensions

pub fn with_alpn( self, protocols: SmallVec<[ApplicationProtocol; 2]>, ) -> TlsClientConfig

Available on crate feature boring only.

Set the ALPN protocols to offer.

pub fn set_alpn( &mut self, protocols: SmallVec<[ApplicationProtocol; 2]>, ) -> &mut TlsClientConfig

Available on crate feature boring only.

Set the ALPN protocols to offer.

pub fn with_alpn_http_auto(self) -> TlsClientConfig

Available on crate feature boring only.

Offer HTTP/2 and HTTP/1.1 via ALPN.

pub fn set_alpn_http_auto(&mut self) -> &mut TlsClientConfig

Available on crate feature boring only.

Offer HTTP/2 and HTTP/1.1 via ALPN.

pub fn with_alpn_http_1(self) -> TlsClientConfig

Available on crate feature boring only.

Offer HTTP/1.1 only via ALPN.

pub fn set_alpn_http_1(&mut self) -> &mut TlsClientConfig

Available on crate feature boring only.

Offer HTTP/1.1 only via ALPN.

pub fn with_alpn_http_2(self) -> TlsClientConfig

Available on crate feature boring only.

Offer HTTP/2 only via ALPN.

pub fn set_alpn_http_2(&mut self) -> &mut TlsClientConfig

Available on crate feature boring only.

Offer HTTP/2 only via ALPN.

pub fn with_server_name(self, server_name: Host) -> TlsClientConfig

Available on crate feature boring only.

Set the client SNI (server name) to send.

Overrides the SNI the connector would otherwise derive: the transport authority host, or for a tunnel connector, the TlsTunnel sni

pub fn set_server_name(&mut self, server_name: Host) -> &mut TlsClientConfig

Available on crate feature boring only.

Set the client SNI (server name) to send.

Overrides the SNI the connector would otherwise derive: the transport authority host, or for a tunnel connector, the TlsTunnel sni

pub fn with_server_verify(self, mode: ServerVerifyMode) -> TlsClientConfig

Available on crate feature boring only.

Set how the server certificate is verified.

pub fn set_server_verify( &mut self, mode: ServerVerifyMode, ) -> &mut TlsClientConfig

Available on crate feature boring only.

Set how the server certificate is verified.

pub fn with_supported_versions( self, versions: Vec<ProtocolVersion>, ) -> TlsClientConfig

Available on crate feature boring only.

Set the supported protocol versions.

pub fn set_supported_versions( &mut self, versions: Vec<ProtocolVersion>, ) -> &mut TlsClientConfig

Available on crate feature boring only.

Set the supported protocol versions.

pub fn with_keylog(self, intent: KeyLogIntent) -> TlsClientConfig

Available on crate feature boring only.

Set the keylog intent.

pub fn set_keylog(&mut self, intent: KeyLogIntent) -> &mut TlsClientConfig

Available on crate feature boring only.

Set the keylog intent.

pub fn with_client_auth(self, client_auth: ClientAuth) -> TlsClientConfig

Available on crate feature boring only.

Set the client certificate authentication material (mTLS).

pub fn set_client_auth( &mut self, client_auth: ClientAuth, ) -> &mut TlsClientConfig

Available on crate feature boring only.

Set the client certificate authentication material (mTLS).

pub fn with_store_server_cert_chain(self, store: bool) -> TlsClientConfig

Available on crate feature boring only.

Set whether the peer certificate chain is captured.

pub fn set_store_server_cert_chain( &mut self, store: bool, ) -> &mut TlsClientConfig

Available on crate feature boring only.

Set whether the peer certificate chain is captured.

pub fn as_extensions(&self) -> &Extensions

Available on crate feature boring only.

Trait Implementations§

impl BoringClientConfigExt for TlsClientConfig

fn new_from_client_hello(hello: &ClientHello) -> TlsClientConfig

Create a new config that mimics the provided ClientHello

fn with_mimic_client_hello(self, hello: &ClientHello) -> TlsClientConfig

Layer the fingerprint pieces captured in a ClientHello onto this config.

fn set_mimic_client_hello( &mut self, hello: &ClientHello, ) -> &mut TlsClientConfig

Layer the fingerprint pieces captured in a ClientHello onto this config.

fn with_cipher_suites(self, suites: Vec<CipherSuite>) -> TlsClientConfig

Set the cipher suites to offer, in order.

fn set_cipher_suites( &mut self, suites: Vec<CipherSuite>, ) -> &mut TlsClientConfig

Set the cipher suites to offer, in order.

fn with_supported_groups(self, groups: Vec<SupportedGroup>) -> TlsClientConfig

Set the supported groups (named curves), in order.

fn set_supported_groups( &mut self, groups: Vec<SupportedGroup>, ) -> &mut TlsClientConfig

Set the supported groups (named curves), in order.

fn with_signature_schemes( self, schemes: Vec<SignatureScheme>, ) -> TlsClientConfig

Set the signature schemes to advertise, in order.

fn set_signature_schemes( &mut self, schemes: Vec<SignatureScheme>, ) -> &mut TlsClientConfig

Set the signature schemes to advertise, in order.

fn with_grease(self, enabled: bool) -> TlsClientConfig

Enable/disable GREASE injection.

fn set_grease(&mut self, enabled: bool) -> &mut TlsClientConfig

Enable/disable GREASE injection.

fn with_alps( self, protocols: Vec<ApplicationProtocol>, new_codepoint: bool, ) -> TlsClientConfig

Set Application-Layer Protocol Settings (ALPS).

fn set_alps( &mut self, protocols: Vec<ApplicationProtocol>, new_codepoint: bool, ) -> &mut TlsClientConfig

Set Application-Layer Protocol Settings (ALPS).

fn with_extension_order(self, order: Vec<ExtensionId>) -> TlsClientConfig

Set the ClientHello extension ordering.

fn set_extension_order( &mut self, order: Vec<ExtensionId>, ) -> &mut TlsClientConfig

Set the ClientHello extension ordering.

fn with_cert_compression( self, algorithms: Vec<CertificateCompressionAlgorithm>, ) -> TlsClientConfig

Set certificate compression algorithms to advertise.

fn set_cert_compression( &mut self, algorithms: Vec<CertificateCompressionAlgorithm>, ) -> &mut TlsClientConfig

Set certificate compression algorithms to advertise.

fn with_delegated_credentials( self, schemes: Vec<SignatureScheme>, ) -> TlsClientConfig

Set delegated credential signature schemes.

fn set_delegated_credentials( &mut self, schemes: Vec<SignatureScheme>, ) -> &mut TlsClientConfig

Set delegated credential signature schemes.

fn with_record_size_limit(self, limit: u16) -> TlsClientConfig

Set the record_size_limit value.

fn set_record_size_limit(&mut self, limit: u16) -> &mut TlsClientConfig

Set the record_size_limit value.

fn with_encrypted_client_hello(self, enabled: bool) -> TlsClientConfig

Enable/disable Encrypted ClientHello (ECH) GREASE.

fn set_encrypted_client_hello(&mut self, enabled: bool) -> &mut TlsClientConfig

Enable/disable Encrypted ClientHello (ECH) GREASE.

fn with_ocsp_stapling(self, enabled: bool) -> TlsClientConfig

Enable/disable OCSP stapling request.

fn set_ocsp_stapling(&mut self, enabled: bool) -> &mut TlsClientConfig

Enable/disable OCSP stapling request.

fn with_signed_cert_timestamps(self, enabled: bool) -> TlsClientConfig

Enable/disable signed certificate timestamps request.

fn set_signed_cert_timestamps(&mut self, enabled: bool) -> &mut TlsClientConfig

Enable/disable signed certificate timestamps request.

fn with_server_verify_cert_store(self, store: Arc<X509Store>) -> TlsClientConfig

Set a custom server-certificate verification store (custom CA roots).

fn set_server_verify_cert_store( &mut self, store: Arc<X509Store>, ) -> &mut TlsClientConfig

Set a custom server-certificate verification store (custom CA roots).

fn with_min_version(self, version: ProtocolVersion) -> TlsClientConfig

Set the minimum TLS version boring will negotiate.

fn set_min_version(&mut self, version: ProtocolVersion) -> &mut TlsClientConfig

Set the minimum TLS version boring will negotiate.

fn with_max_version(self, version: ProtocolVersion) -> TlsClientConfig

Cap the maximum TLS version boring will negotiate.

fn set_max_version(&mut self, version: ProtocolVersion) -> &mut TlsClientConfig

Cap the maximum TLS version boring will negotiate.

impl Clone for TlsClientConfig

fn clone(&self) -> TlsClientConfig

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for TlsClientConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

impl Default for TlsClientConfig

fn default() -> TlsClientConfig

Returns the “default value” for a type. Read more

impl RamaFrom<&ClientHello, RamaTlsBoringCrateMarker> for TlsClientConfig

fn rama_from(hello: &ClientHello) -> TlsClientConfig

impl RamaTryFrom<&TlsClientConfig, RamaTlsRustlsCrateMarker> for ClientConfig

type Error = Box<dyn Error + Sync + Send>

fn rama_try_from( value: &TlsClientConfig, ) -> Result<ClientConfig, <ClientConfig as RamaTryFrom<&TlsClientConfig, RamaTlsRustlsCrateMarker>>::Error>

impl RamaTryFrom<TlsClientConfig, RamaTlsRustlsCrateMarker> for ClientConfig

type Error = Box<dyn Error + Sync + Send>

fn rama_try_from( value: TlsClientConfig, ) -> Result<ClientConfig, <ClientConfig as RamaTryFrom<TlsClientConfig, RamaTlsRustlsCrateMarker>>::Error>

impl RustlsClientConfigExt for TlsClientConfig

fn with_cert_verifier( self, verifier: Arc<dyn ServerCertVerifier>, ) -> TlsClientConfig

Set a custom server certificate verifier

fn set_cert_verifier( &mut self, verifier: Arc<dyn ServerCertVerifier>, ) -> &mut TlsClientConfig

Set a custom server certificate verifier

fn with_modify_rustls_config( self, modify: impl Fn(ClientConfig) -> Result<ClientConfig, Box<dyn Error + Sync + Send>> + Send + Sync + 'static, ) -> TlsClientConfig

Take over the final rustls ClientConfig build: see ModifyRustlsClientConfig.

fn set_modify_rustls_config( &mut self, modify: impl Fn(ClientConfig) -> Result<ClientConfig, Box<dyn Error + Sync + Send>> + Send + Sync + 'static, ) -> &mut TlsClientConfig

Take over the final rustls ClientConfig build: see ModifyRustlsClientConfig.

impl TryFrom<&TlsClientConfig> for TlsConnectorData

fn try_from( value: &TlsClientConfig, ) -> Result<TlsConnectorData, <TlsConnectorData as TryFrom<&TlsClientConfig>>::Error>

Build TlsConnectorData from a TlsClientConfig by gathering its pieces (the same path the connector uses internally).

type Error = Box<dyn Error + Sync + Send>

The type returned in the event of a conversion error.

Auto Trait Implementations§

impl Freeze for TlsClientConfig

impl RefUnwindSafe for TlsClientConfig

impl Send for TlsClientConfig

impl Sync for TlsClientConfig

impl Unpin for TlsClientConfig

impl UnsafeUnpin for TlsClientConfig

impl UnwindSafe for TlsClientConfig

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> FromRef<T> for T
where T: Clone,

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.

impl<T> FutureExt for T

fn with_context(self, otel_cx: Context) -> WithContext<Self> ⓘ

Attaches the provided Context to this type, returning a WithContext wrapper. Read more

fn with_current_context(self) -> WithContext<Self> ⓘ

Attaches the current Context to this type, returning a WithContext wrapper. Read more

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self> ⓘ

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self> ⓘ

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> IntoEither for T

fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

impl<T> IntoRequest<T> for T

fn into_request(self) -> Request<T>

Wrap the input message T in a rama_grpc::Request

impl<L> LayerExt<L> for L

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.

impl<T> Pointable for T

const ALIGN: usize

The alignment of pointer.

type Init = T

The type for initializers.

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T, U> RamaFrom<T> for U
where U: From<T>,

fn rama_from(value: T) -> U

impl<T, U, CrateMarker> RamaInto<U, CrateMarker> for T
where U: RamaFrom<T, CrateMarker>,

fn rama_into(self) -> U

impl<T, U> RamaTryFrom<T> for U
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

fn rama_try_from(value: T) -> Result<U, <U as RamaTryFrom<T>>::Error>

impl<T, U, CrateMarker> RamaTryInto<U, CrateMarker> for T
where U: RamaTryFrom<T, CrateMarker>,

type Error = <U as RamaTryFrom<T, CrateMarker>>::Error

fn rama_try_into(self) -> Result<U, <U as RamaTryFrom<T, CrateMarker>>::Error>

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<V, F> ValueFormatter<&V> for F
where F: ValueFormatter<V> + ?Sized, V: ?Sized,

fn format_value(writer: impl ValueWriter, value: &&V)

Write value to writer

impl<V, F> ValueFormatter<Arc<V>> for F
where F: ValueFormatter<V> + ?Sized, V: ?Sized,

fn format_value(writer: impl ValueWriter, value: &Arc<V>)

Write value to writer

impl<V, F> ValueFormatter<Box<V>> for F
where F: ValueFormatter<V> + ?Sized, V: ?Sized,

fn format_value(writer: impl ValueWriter, value: &Box<V>)

Write value to writer

impl<V, F> ValueFormatter<Cow<'_, V>> for F
where V: ToOwned + ?Sized, F: ValueFormatter<V> + ?Sized,

fn format_value(writer: impl ValueWriter, value: &Cow<'_, V>)

Write value to writer

impl<V, F> ValueFormatter<Option<V>> for F
where F: ValueFormatter<V> + ?Sized,

fn format_value(writer: impl ValueWriter, value: &Option<V>)

Write value to writer

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> ⓘ
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self> ⓘ

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more