build_default_tls_config

wtransport::tls::client

Function build_default_tls_config 

Source 
pub fn build_default_tls_config(
    root_store: Arc<RootCertStore>,
    custom_verifier: Option<Arc<dyn ServerCertVerifier>>,
) -> ClientConfig
Expand description

Builds a default TLS client configuration with safe defaults.

This function constructs a TLS client configuration with safe defaults. It utilizes the provided RootCertStore to validate server certificates during the TLS handshake.

If a custom ServerCertVerifier is provided, it will be used for certificate validation; otherwise, it will use the standard safe default mechanism (using the Web PKI mechanism).

Client authentication is not required in this configuration.

§Arguments

  • root_store: An Arc containing the RootCertStore with trusted root certificates. To obtain a RootCertStore, one can use the build_native_cert_store function, which loads the platform’s certificate authorities (CAs).
  • custom_verifier: An optional Arc containing a custom implementation of the ServerCertVerifier trait for custom certificate verification. If None is provided, the default Web PKI mechanism will be used.

§Note

If a custom ServerCertVerifier is provided, exercise caution as it could potentially compromise the certificate validation process if not implemented correctly.