Newer
Older
pub fn tls_config(app_config: &AppConfig) -> rustls::ServerConfig {
let certs_dir = app_config.ssl_certs_dir.clone();
let cert_file =
&mut std::io::BufReader::new(std::fs::File::open(certs_dir.join("fullchain.pem")).unwrap());
let key_file =
&mut std::io::BufReader::new(std::fs::File::open(certs_dir.join("privkey.pem")).unwrap());
let cert = rustls::Certificate(rustls_pemfile::certs(cert_file).unwrap().remove(0).to_vec());
let key = rustls::PrivateKey(
rustls_pemfile::pkcs8_private_keys(key_file)
.unwrap()
.remove(0)
.to_vec(),
);
rustls::ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth()
.with_single_cert(vec![cert], key)
.expect("bad certificate/key")
}