wasmtime_wasi_tls/
rustls.rs

1//! The `rustls` provider.
2
3use rustls::pki_types::ServerName;
4use std::io;
5use std::sync::{Arc, LazyLock};
6
7use crate::{BoxFuture, TlsProvider, TlsStream, TlsTransport};
8
9impl crate::TlsStream for tokio_rustls::client::TlsStream<Box<dyn TlsTransport>> {}
10
11/// The `rustls` provider.
12pub struct RustlsProvider {
13    client_config: Arc<rustls::ClientConfig>,
14}
15
16impl TlsProvider for RustlsProvider {
17    fn connect(
18        &self,
19        server_name: String,
20        transport: Box<dyn TlsTransport>,
21    ) -> BoxFuture<io::Result<Box<dyn TlsStream>>> {
22        let client_config = Arc::clone(&self.client_config);
23        Box::pin(async move {
24            let domain = ServerName::try_from(server_name)
25                .map_err(|_| io::Error::other("invalid server name"))?;
26
27            let stream = tokio_rustls::TlsConnector::from(client_config)
28                .connect(domain, transport)
29                .await?;
30            Ok(Box::new(stream) as Box<dyn TlsStream>)
31        })
32    }
33}
34
35impl Default for RustlsProvider {
36    fn default() -> Self {
37        static CONFIG: LazyLock<Arc<rustls::ClientConfig>> = LazyLock::new(|| {
38            let roots = rustls::RootCertStore {
39                roots: webpki_roots::TLS_SERVER_ROOTS.into(),
40            };
41            let config = rustls::ClientConfig::builder()
42                .with_root_certificates(roots)
43                .with_no_client_auth();
44            Arc::new(config)
45        });
46
47        Self {
48            client_config: Arc::clone(&CONFIG),
49        }
50    }
51}
wasmtime_wasi_tls/rustls.rs

wasmtime_wasi_tls/
rustls.rs
