2020-10-30 04:22:24 +00:00
|
|
|
# TLS / HTTPS (via Rustls)
|
2018-08-07 22:34:16 -07:00
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
2020-05-19 12:46:00 +09:00
|
|
|
### Certificate
|
|
|
|
|
2020-10-03 18:31:58 +02:00
|
|
|
We put the self-signed certificate in this directory as an example
|
2020-05-19 12:46:00 +09:00
|
|
|
but your browser would complain that it isn't secure.
|
|
|
|
So we recommend to use [`mkcert`] to trust it. To use local CA, you should run:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
mkcert -install
|
|
|
|
```
|
|
|
|
|
|
|
|
If you want to generate your own cert/private key file, then run:
|
|
|
|
|
|
|
|
```bash
|
2020-10-25 20:12:33 +03:00
|
|
|
mkcert 127.0.0.1 localhost
|
2020-05-19 12:46:00 +09:00
|
|
|
```
|
|
|
|
|
2020-10-25 20:12:33 +03:00
|
|
|
For `rsa` keys use `rsa_private_keys` function instead `pkcs8_private_keys`
|
|
|
|
```
|
|
|
|
let mut keys = pkcs8_private_keys(key_file).unwrap(); // pkcs8
|
|
|
|
let mut keys = rsa_private_keys(key_file).unwrap(); // rsa
|
2020-07-19 00:57:15 +03:00
|
|
|
```
|
|
|
|
|
2020-05-19 12:46:00 +09:00
|
|
|
[`mkcert`]: https://github.com/FiloSottile/mkcert
|
|
|
|
|
2021-08-24 10:19:43 -04:00
|
|
|
### Running the Example Server
|
2018-08-07 22:34:16 -07:00
|
|
|
|
|
|
|
```bash
|
2021-08-24 10:19:43 -04:00
|
|
|
cd security/rustls
|
2021-10-06 17:28:53 -04:00
|
|
|
cargo run # (or ``cargo watch -x run``)
|
2018-08-07 22:34:16 -07:00
|
|
|
# Started http server: 127.0.0.1:8443
|
|
|
|
```
|
|
|
|
|
2021-08-24 10:19:43 -04:00
|
|
|
If you prefer reloading you can substitute `cargo watch -x run`.
|
|
|
|
That requires you install the `cargo-watch` crate.
|
|
|
|
|
2018-08-07 22:34:16 -07:00
|
|
|
### web client
|
|
|
|
|
|
|
|
- curl: ``curl -v https://127.0.0.1:8443/index.html --compressed -k``
|
|
|
|
- browser: [https://127.0.0.1:8443/index.html](https://127.0.0.1:8443/index.html)
|