Asynchronous TLS/SSL streams for Tokio using Rustls.
use rustls_pki_types::ServerName; use std::sync::Arc; use tokio::net::TcpStream; use tokio_rustls::rustls::{ClientConfig, RootCertStore}; use tokio_rustls::TlsConnector; // ... let mut root_cert_store = RootCertStore::empty(); root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned()); let config = ClientConfig::builder() .with_root_certificates(root_cert_store) .with_no_client_auth(); let connector = TlsConnector::from(Arc::new(config)); let dnsname = ServerName::try_from("www.rust-lang.org").unwrap(); let stream = TcpStream::connect(&addr).await?; let mut stream = connector.connect(dnsname, stream).await?; // ...See examples/client.rs. You can run it with:
cargo run --example client -- hsts.badssl.comSee examples/server.rs. You can run it with:
cargo run --example server -- 127.0.0.1:8000 --cert certs/cert.pem --key certs/cert.key.pemIf you don't have a certificate and key, you can generate a random key and self-signed certificate for testing with:
cargo install --locked rustls-cert-gen rustls-cert-gen --output certs/ --san localhostThis project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
This started as a fork of tokio-tls.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in tokio-rustls by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.