Allow to specify certificates for client authentication
silvioprog opened this issue · comments
Hi.
Do you have plans to allow to specify certificates (.pem, .pfx, .p12 etc.) for client authentication?
I did a small change in file streams.rs (line 51) just to test a connection which requires a PKCS12 certificate:
...
#[cfg(feature = "tls")]
fn connect_tls(
host: &str,
port: u16,
connect_timeout: Duration,
read_timeout: Duration,
) -> Result<TlsStream<TcpStream>> {
use native_tls::Identity;
let mut builder = TlsConnector::builder();
let buf = std::fs::read("/home/user/certificate.pfx")?;
let pkcs12 = Identity::from_pkcs12(&buf, "123456").unwrap();
builder.identity(pkcs12);
builder.danger_accept_invalid_certs(true);
let connector = builder.build()?;
let stream = BaseStream::connect_tcp(host, port, connect_timeout, read_timeout)?;
let tls_stream = match connector.connect(host, stream) {
Ok(stream) => stream,
Err(HandshakeError::Failure(err)) => return Err(err.into()),
Err(HandshakeError::WouldBlock(_)) => panic!("socket configured in non-blocking mode"),
};
Ok(tls_stream)
}
...and it worked fine.
(The danger_accept_invalid_certs(true) is related to #38).
This is now possible when using the rustls backend as we expose the full ClientConfig. For native-tls, we either need to add API or also expose TlsConnector directly.