Crate sui_tls

Re-exports

• pub use rustls;

Structs

• AllowAll
  AllowAll will allow all public certificates to be validated, it fails open
• AllowPublicKeys
  AllowPublicKeys restricts keys to those that are found in the member set. non-members will not be allowed.
• ClientCertVerifier
  A rustls::server::ClientCertVerifier that will ensure that every client provides a valid, expected certificate and that the client’s public key is in the validator set.
• SelfSignedCertificate
• ServerCertVerifier
  A rustls::client::ServerCertVerifier that ensures the client only connects with the expected server.
• TlsAcceptor
  An Acceptor that will provide TlsConnectionInfo as an axum Extension for use in handlers.
• TlsConnectionInfo

Constants

• SUI_VALIDATOR_SERVER_NAME

Traits

• Allower
  The Allower trait provides an interface for callers to inject decsions whether to allow a cert to be verified or not. This does not prform actual cert validation it only acts as a gatekeeper to decide if we should even try. For example, we may want to filter our actions to well known public keys.

Functions

• create_rustls_client_config
• create_rustls_server_config
• create_rustls_server_config_with_client_verifier
  Create a TLS server config which requires mTLS, eg the client to also provide a cert and be verified by the server based on the provided policy
• public_key_from_certificate
  Extracts the public key from a certificate.