From bc72affc142f250bdf512e4596d9639c73181cef Mon Sep 17 00:00:00 2001 From: Dario Gonzalez Date: Tue, 14 Jan 2020 11:02:12 -0800 Subject: [PATCH] added example and updated docs --- examples/simple-server-pkcs8.rs | 43 +++++++++++++++++++++++++++++++++ src/lib.rs | 1 + 2 files changed, 44 insertions(+) create mode 100644 examples/simple-server-pkcs8.rs diff --git a/examples/simple-server-pkcs8.rs b/examples/simple-server-pkcs8.rs new file mode 100644 index 00000000..8e1b1b81 --- /dev/null +++ b/examples/simple-server-pkcs8.rs @@ -0,0 +1,43 @@ +extern crate native_tls; + +use native_tls::{Identity, TlsAcceptor, TlsStream}; +use std::fs::File; +use std::io::{Read, Write}; +use std::net::{TcpListener, TcpStream}; +use std::sync::Arc; +use std::thread; + +fn main() { + let mut cert_file = File::open("test/cert.pem").unwrap(); + let mut certs = vec![]; + cert_file.read_to_end(&mut certs).unwrap(); + let mut key_file = File::open("test/key.pem").unwrap(); + let mut key = vec![]; + key_file.read_to_end(&mut key).unwrap(); + let pkcs8 = Identity::from_pkcs8(&certs, &key).unwrap(); + + let acceptor = TlsAcceptor::new(pkcs8).unwrap(); + let acceptor = Arc::new(acceptor); + + let listener = TcpListener::bind("0.0.0.0:8443").unwrap(); + + fn handle_client(mut stream: TlsStream) { + let mut buf = [0; 1024]; + let read = stream.read(&mut buf).unwrap(); + let received = std::str::from_utf8(&buf[0..read]).unwrap(); + stream.write_all(format!("received '{}'", received).as_bytes()).unwrap(); + } + + for stream in listener.incoming() { + match stream { + Ok(stream) => { + let acceptor = acceptor.clone(); + thread::spawn(move || { + let stream = acceptor.accept(stream).unwrap(); + handle_client(stream); + }); + } + Err(_e) => { /* connection failed */ } + } + } +} diff --git a/src/lib.rs b/src/lib.rs index 01230d3a..a17632e2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -27,6 +27,7 @@ //! * TLS/SSL client communication //! * TLS/SSL server communication //! * PKCS#12 encoded identities +//! * PKCS#8 encoded identities //! * Secure-by-default for client and server //! * Includes hostname verification for clients //! * Supports asynchronous I/O for both the server and the client