Skip to content

v1.1.0 - Transport-level TLS for TCP

Latest
Latest

Choose a tag to compare

View all tags
@PieceOfFall PieceOfFall released this 28 May 03:27
· 1 commit to main since this release
v1.1.0
1e240ca

rs-netty v1.1.0

v1.1.0 expands rs-netty with a full transport-level TLS API for TCP clients and servers.

TLS is modeled as an optional TCP transport capability rather than a pipeline codec, so existing typed pipelines continue to operate on plaintext application messages after the TLS handshake completes.

Highlights

Transport-level TLS

  • Add tls feature support for TcpServer::tls(...) and TcpClient::tls(...).
  • Add TlsContextBuilder::for_server() and TlsContextBuilder::for_client() for building reusable server/client TLS contexts.
  • Support PEM and DER certificate inputs for server certificates, private keys, client roots, and client identities.

Client trust configuration

  • Support custom root certificates with root_certificate_pem and root_certificate_der.
  • Add optional tls-native-roots support for platform root certificates.
  • Add optional tls-webpki-roots support for Mozilla WebPKI roots.
  • Add tls-dangerous development/test helpers for custom verifiers and accepting invalid certificates.

mTLS

  • Add required client certificate authentication with client_auth_required_pem and client_auth_required_der.
  • Add optional client certificate authentication with client_auth_optional_pem and client_auth_optional_der.
  • Add client identity configuration with client_identity_pem and client_identity_der.

ALPN

  • Add ALPN protocol advertisement on both server and client TLS contexts.
  • Expose the negotiated ALPN protocol through TLS connection metadata.

SNI

  • Add client-side server name override with server_name(...).
  • Add server-side SNI certificate selection with sni_certificate_pem and sni_certificate_der.
  • Support a default/fallback server certificate when SNI-specific identities are configured.

TLS metadata

  • Add TlsInfo for negotiated TLS connection metadata.
  • Expose peer certificates, selected ALPN protocol, and effective server name / SNI.
  • Make TLS metadata available from TCP handler contexts, stream pipeline stage contexts, and ConnInfo::tls().

Validation

  • Added runtime lifecycle coverage for TLS metadata, optional mTLS, ALPN validation, and SNI certificate selection.
  • Added trybuild coverage for the public TLS builder and metadata APIs.
  • Updated README and mdBook API/example/non-goal documentation for the new TLS capabilities.
Assets 2
Loading