tokio-postgres-generic-rustls

An impelementation of TLS based on rustls for tokio-postgres

This crate allows users to select a crypto backend, or bring their own, rather than relying on primitives provided by ring directly. This is done through the use of x509-cert for certificate parsing rather than X509-certificate, while also adding an abstraction for computing digests.

By default, tokio-postgres-generic-rustls does not provide a digest implementation, but one or more are provided behind crate features.

Usage

Using this crate is fairly straightforward. First, select your digest impelementation via crate features (or provide your own), then construct rustls connector for tokio-postgres with your rustls client configuration.

The following example demonstrates providing a custom digest backend.

use tokio_postgres_generic_rustls::{DigestImplementation, DigestAlgorithm, MakeRustlsConnect};

#[derive(Clone)]
struct DemoDigest;

impl DigestImplementation for DemoDigest {
    fn digest(&self, algorithm: DigestAlgorithm, bytes: &[u8]) -> Vec<u8> {
        todo!("digest it")
    }
}

fn main() {
    let cert_store = rustls::RootCertStore::empty();

    let config = rustls::ClientConfig::builder()
        .with_root_certificates(cert_store)
        .with_no_client_auth();

    let tls = MakeRustlsConnect::new(config, DemoDigest);

    let connect_future = tokio_postgres::connect("postgres://username:password@localhost:5432/db", tls);

    // connect_future.await;
}

License

This project is licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.