Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
tls.rs 1.27 KiB
Newer Older
  • Learn to ignore specific revisions
  • Pierre Jarriges's avatar
    Pierre Jarriges committed
    use rustls::{
        internal::pemfile::{certs, pkcs8_private_keys},
        NoClientAuth, ServerConfig,
    };
    use std::{env::var as env_var, fs::File, io::BufReader};
    
    /// Parse the TLS certificates presents in ./certs/live/${SERVER_HOST} and returns a rustls::ServerConfig that can be passed to
    /// the actix_web::HttpServer instance:
    /// ```
    /// HttpServer::new(move || {
    ///     App::new()   
    /// })
    /// .bind_rustls(
    ///     "0.0.0.0:8080",
    ///     get_tls_config(),
    /// )?
    /// .run()
    /// .await
    /// ```
    pub fn get_tls_config() -> ServerConfig {
        let host = env_var("SERVER_HOST").expect("SERVER_HOST is not defined.");
    
        let mut config = ServerConfig::new(NoClientAuth::new());
        let certs_dir = std::path::PathBuf::from(
            env_var("RESOURCES_DIR").expect("RESOURCES_DIR is not defined"),
        )
        .join("certs")
        .join("live")
        .join(&host);
    
        let cert_file = File::open(certs_dir.join("fullchain.pem")).unwrap();
        let key_file = File::open(certs_dir.join("privkey.pem")).unwrap();
    
        let cert_file = &mut BufReader::new(cert_file);
        let key_file = &mut BufReader::new(key_file);
    
        let cert_chain = certs(cert_file).unwrap();
        let mut keys = pkcs8_private_keys(key_file).unwrap();
    
        config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
    
        config
    }