ocsp-stapler
| Crates.io | ocsp-stapler |
| lib.rs | ocsp-stapler |
| version | 0.4.1 |
| source | src |
| created_at | 2024-05-24 11:51:39.511167 |
| updated_at | 2024-05-27 11:47:19.519066 |
| description | OCSP stapler & client with support for Rustls |
| homepage | https://github.com/blind-oracle/ocsp-stapler |
| repository | https://github.com/blind-oracle/ocsp-stapler |
| max_upload_size | |
| id | 1251008 |
| size | 59,110 |
Igor Novgorodov (blind-oracle)
documentation
README
ocsp-stapler
OCSP stapler for Rustls.
- OCSP
Clientthat can be used separately StaplerwrapsArc<dyn ResolvesServerCert>trait object and automatically staples all certificates provided by it
Please see the docs for more details.
Example
// Read the chain & private key and combine them into CertifiedKey
let certs = std::fs::read("chain.pem").unwrap();
let certs = rustls_pemfile::certs(&mut certs.as_ref()).collect::<Result<Vec<_>, _>>().unwrap();
let key = std::fs::read("private.pem").unwrap();
let key = rustls_pemfile::private_key(&mut key.as_ref()).unwrap();
let key = rustls::crypto::aws_lc_rs::sign::any_supported_type(&key).unwrap();
let ckey = rustls::sign::CertifiedKey::new(certs, key);
// Inner service that provides certificates to Rustls, can be anything
let mut inner = rustls::server::ResolvesServerCertUsingSni::new();
inner.add("crates.io", ckey).unwrap();
// Create a Stapler wrapping inner resolver
let stapler = Arc::new(ocsp_stapler::Stapler::new(inner));
// Then you can build & use ServerConfig wherever applicable
let server_config = rustls::server::ServerConfig::builder()
.with_no_client_auth()
.with_cert_resolver(stapler.clone());
// Stop the background worker to clean up resources
stapler.stop().await;