pub struct MtlsConfig {
pub mandatory: bool,
/* private fields */
}
mtls
only.Expand description
Mutual TLS configuration.
Configuration works in concert with the mtls
module, which
provides a request guard to validate, verify, and retrieve client
certificates in routes.
By default, mutual TLS is disabled and client certificates are not required,
validated or verified. To enable mutual TLS, the mtls
feature must be
enabled and support configured via two tls.mutual
parameters:
-
ca_certs
A required path to a PEM file or raw bytes to a DER-encoded X.509 TLS certificate chain for the certificate authority to verify client certificates against. When a path is configured in a file, such as
Rocket.toml
, relative paths are interpreted as relative to the source file’s directory. -
mandatory
An optional boolean that control whether client authentication is required.
When
true
, client authentication is required. TLS connections where the client does not present a certificate are immediately terminated. Whenfalse
, the client is not required to present a certificate. In either case, if a certificate is presented, it must be valid or the connection is terminated.
In a Rocket.toml
, configuration might look like:
[default.tls.mutual]
ca_certs = "/ssl/ca_cert.pem"
mandatory = true # when absent, defaults to false
Programmatically, configuration might look like:
use rocket::mtls::MtlsConfig;
use rocket::figment::providers::Serialized;
#[launch]
fn rocket() -> _ {
let mtls = MtlsConfig::from_path("/ssl/ca_cert.pem");
rocket::custom(rocket::Config::figment().merge(("tls.mutual", mtls)))
}
Once mTLS is configured, the mtls::Certificate
request guard can be used to retrieve client certificates in routes.
Fields§
§mandatory: bool
Whether the client is required to present a certificate.
When true
, the client is required to present a valid certificate to
proceed with TLS. When false
, the client is not required to present a
certificate. In either case, if a certificate is presented, it must be
valid or the connection is terminated.
Implementations§
Source§impl MtlsConfig
impl MtlsConfig
Sourcepub fn from_path<C: AsRef<Path>>(ca_certs: C) -> Self
pub fn from_path<C: AsRef<Path>>(ca_certs: C) -> Self
Constructs a MtlsConfig
from a path to a PEM file with a certificate
authority ca_certs
DER-encoded X.509 TLS certificate chain. This
method does no validation; it simply creates an MtlsConfig
for later
use.
These certificates will be used to verify client-presented certificates in TLS connections.
§Example
use rocket::mtls::MtlsConfig;
let tls_config = MtlsConfig::from_path("/ssl/ca_certs.pem");
Sourcepub fn from_bytes(ca_certs: &[u8]) -> Self
pub fn from_bytes(ca_certs: &[u8]) -> Self
Constructs a MtlsConfig
from a byte buffer to a certificate authority
ca_certs
DER-encoded X.509 TLS certificate chain. This method does no
validation; it simply creates an MtlsConfig
for later use.
These certificates will be used to verify client-presented certificates in TLS connections.
§Example
use rocket::mtls::MtlsConfig;
let mtls_config = MtlsConfig::from_bytes(ca_certs_buf);
Sourcepub fn mandatory(self, mandatory: bool) -> Self
pub fn mandatory(self, mandatory: bool) -> Self
Sets whether client authentication is required. Disabled by default.
When true
, client authentication will be required. TLS connections
where the client does not present a certificate will be immediately
terminated. When false
, the client is not required to present a
certificate. In either case, if a certificate is presented, it must be
valid or the connection is terminated.
§Example
use rocket::mtls::MtlsConfig;
let mtls_config = MtlsConfig::from_bytes(ca_certs_buf).mandatory(true);
Sourcepub fn ca_certs(&self) -> Either<PathBuf, &[u8]> ⓘ
pub fn ca_certs(&self) -> Either<PathBuf, &[u8]> ⓘ
Returns the value of the ca_certs
parameter.
§Example
use rocket::mtls::MtlsConfig;
let mtls_config = MtlsConfig::from_bytes(ca_certs_buf).mandatory(true);
assert_eq!(mtls_config.ca_certs().unwrap_right(), ca_certs_buf);
pub fn ca_certs_reader(&self) -> Result<Box<dyn BufRead + Sync + Send>>
Trait Implementations§
Source§impl Clone for MtlsConfig
impl Clone for MtlsConfig
Source§fn clone(&self) -> MtlsConfig
fn clone(&self) -> MtlsConfig
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreSource§impl Debug for MtlsConfig
impl Debug for MtlsConfig
Source§impl<'de> Deserialize<'de> for MtlsConfig
impl<'de> Deserialize<'de> for MtlsConfig
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Source§impl PartialEq for MtlsConfig
impl PartialEq for MtlsConfig
Source§impl Serialize for MtlsConfig
impl Serialize for MtlsConfig
impl StructuralPartialEq for MtlsConfig
Auto Trait Implementations§
impl Freeze for MtlsConfig
impl RefUnwindSafe for MtlsConfig
impl Send for MtlsConfig
impl Sync for MtlsConfig
impl Unpin for MtlsConfig
impl UnwindSafe for MtlsConfig
Blanket Implementations§
Source§impl<T> AsAny for Twhere
T: Any,
impl<T> AsAny for Twhere
T: Any,
fn as_any_ref(&self) -> &(dyn Any + 'static)
fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)
Source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
Source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
Source§fn in_current_span(self) -> Instrumented<Self> ⓘ
fn in_current_span(self) -> Instrumented<Self> ⓘ
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§impl<T> Paint for Twhere
T: ?Sized,
impl<T> Paint for Twhere
T: ?Sized,
Source§fn fg(&self, value: Color) -> Painted<&T>
fn fg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self
with the foreground set to
value
.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like red()
and
green()
, which have the same functionality but are
pithier.
§Example
Set foreground color to white using fg()
:
use yansi::{Paint, Color};
painted.fg(Color::White);
Set foreground color to white using white()
.
use yansi::Paint;
painted.white();
Source§fn bright_black(&self) -> Painted<&T>
fn bright_black(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightBlack
.
§Example
println!("{}", value.bright_black());
Source§fn bright_red(&self) -> Painted<&T>
fn bright_red(&self) -> Painted<&T>
Source§fn bright_green(&self) -> Painted<&T>
fn bright_green(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightGreen
.
§Example
println!("{}", value.bright_green());
Source§fn bright_yellow(&self) -> Painted<&T>
fn bright_yellow(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightYellow
.
§Example
println!("{}", value.bright_yellow());
Source§fn bright_blue(&self) -> Painted<&T>
fn bright_blue(&self) -> Painted<&T>
Source§fn bright_magenta(&self) -> Painted<&T>
fn bright_magenta(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightMagenta
.
§Example
println!("{}", value.bright_magenta());
Source§fn bright_cyan(&self) -> Painted<&T>
fn bright_cyan(&self) -> Painted<&T>
Source§fn bright_white(&self) -> Painted<&T>
fn bright_white(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightWhite
.
§Example
println!("{}", value.bright_white());
Source§fn bg(&self, value: Color) -> Painted<&T>
fn bg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self
with the background set to
value
.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like on_red()
and
on_green()
, which have the same functionality but
are pithier.
§Example
Set background color to red using fg()
:
use yansi::{Paint, Color};
painted.bg(Color::Red);
Set background color to red using on_red()
.
use yansi::Paint;
painted.on_red();
Source§fn on_primary(&self) -> Painted<&T>
fn on_primary(&self) -> Painted<&T>
Source§fn on_magenta(&self) -> Painted<&T>
fn on_magenta(&self) -> Painted<&T>
Source§fn on_bright_black(&self) -> Painted<&T>
fn on_bright_black(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightBlack
.
§Example
println!("{}", value.on_bright_black());
Source§fn on_bright_red(&self) -> Painted<&T>
fn on_bright_red(&self) -> Painted<&T>
Source§fn on_bright_green(&self) -> Painted<&T>
fn on_bright_green(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightGreen
.
§Example
println!("{}", value.on_bright_green());
Source§fn on_bright_yellow(&self) -> Painted<&T>
fn on_bright_yellow(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightYellow
.
§Example
println!("{}", value.on_bright_yellow());
Source§fn on_bright_blue(&self) -> Painted<&T>
fn on_bright_blue(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightBlue
.
§Example
println!("{}", value.on_bright_blue());
Source§fn on_bright_magenta(&self) -> Painted<&T>
fn on_bright_magenta(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightMagenta
.
§Example
println!("{}", value.on_bright_magenta());
Source§fn on_bright_cyan(&self) -> Painted<&T>
fn on_bright_cyan(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightCyan
.
§Example
println!("{}", value.on_bright_cyan());
Source§fn on_bright_white(&self) -> Painted<&T>
fn on_bright_white(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightWhite
.
§Example
println!("{}", value.on_bright_white());
Source§fn attr(&self, value: Attribute) -> Painted<&T>
fn attr(&self, value: Attribute) -> Painted<&T>
Enables the styling Attribute
value
.
This method should be used rarely. Instead, prefer to use
attribute-specific builder methods like bold()
and
underline()
, which have the same functionality
but are pithier.
§Example
Make text bold using attr()
:
use yansi::{Paint, Attribute};
painted.attr(Attribute::Bold);
Make text bold using using bold()
.
use yansi::Paint;
painted.bold();
Source§fn underline(&self) -> Painted<&T>
fn underline(&self) -> Painted<&T>
Returns self
with the
attr()
set to
Attribute::Underline
.
§Example
println!("{}", value.underline());
Source§fn rapid_blink(&self) -> Painted<&T>
fn rapid_blink(&self) -> Painted<&T>
Returns self
with the
attr()
set to
Attribute::RapidBlink
.
§Example
println!("{}", value.rapid_blink());
Source§fn quirk(&self, value: Quirk) -> Painted<&T>
fn quirk(&self, value: Quirk) -> Painted<&T>
Enables the yansi
Quirk
value
.
This method should be used rarely. Instead, prefer to use quirk-specific
builder methods like mask()
and
wrap()
, which have the same functionality but are
pithier.
§Example
Enable wrapping using .quirk()
:
use yansi::{Paint, Quirk};
painted.quirk(Quirk::Wrap);
Enable wrapping using wrap()
.
use yansi::Paint;
painted.wrap();
Source§fn clear(&self) -> Painted<&T>
👎Deprecated since 1.0.1: renamed to resetting()
due to conflicts with Vec::clear()
.
The clear()
method will be removed in a future release.
fn clear(&self) -> Painted<&T>
resetting()
due to conflicts with Vec::clear()
.
The clear()
method will be removed in a future release.Source§fn whenever(&self, value: Condition) -> Painted<&T>
fn whenever(&self, value: Condition) -> Painted<&T>
Conditionally enable styling based on whether the Condition
value
applies. Replaces any previous condition.
See the crate level docs for more details.
§Example
Enable styling painted
only when both stdout
and stderr
are TTYs:
use yansi::{Paint, Condition};
painted.red().on_yellow().whenever(Condition::STDOUTERR_ARE_TTY);