Crates.io | tokio-rboring |
lib.rs | tokio-rboring |
version | 4.11.1 |
source | src |
created_at | 2024-08-12 01:59:49.451816 |
updated_at | 2024-11-03 13:26:42.037347 |
description | An implementation of SSL streams for Tokio backed by BoringSSL |
homepage | https://github.com/penumbra-x/boring |
repository | https://github.com/cloudflare/boring |
max_upload_size | |
id | 1333785 |
size | 79,781 |
An implementation of SSL streams for Tokio built on top of the BoringSSL.
First, add this to your Cargo.toml
:
[dependencies]
tokio-boring = "1.0.0"
Then, use either accept
or connect
as appropriate.
use boring::ssl;
use tokio::net::TcpListener;
#[tokio::main]
async fn main() -> anyhow::Result<()> {
let listener = TcpListener::bind("127.0.0.1:8080").await?;
let (tcp_stream, _addr) = listener.accept().await?;
let server = ssl::SslMethod::tls_server();
let mut ssl_builder = boring::ssl::SslAcceptor::mozilla_modern(server)?;
ssl_builder.set_default_verify_paths()?;
ssl_builder.set_verify(ssl::SslVerifyMode::PEER);
let acceptor = ssl_builder.build();
let _ssl_stream = tokio_boring::accept(&acceptor, tcp_stream).await?;
Ok(())
}
This library is an implementation of TLS streams using BoringSSL for
negotiating the connection. Each TLS stream implements the Read
and
Write
traits to interact and interoperate with the rest of the futures I/O
ecosystem. Client connections initiated from this crate verify hostnames
automatically and by default.
tokio-boring
exports this ability through [accept
] and [connect
]. accept
should
be used by servers, and connect
by clients. These augment the functionality provided by the
[boring
] crate, on which this crate is built. Configuration of TLS parameters is still
primarily done through the [boring
] crate.
This project is licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in Serde by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
The project is based on a fork of tokio-openssl.