feat: add rustls_platform_verifier::tls_config_with_provider

jbr · jbr · commit dac8d15d5a60 · 2024-04-09T11:19:29.000-07:00
diff --git a/rustls-platform-verifier/src/lib.rs b/rustls-platform-verifier/src/lib.rs
@@ -65,6 +65,23 @@ pub fn tls_config() -> ClientConfig {
         .with_no_client_auth()
 }
 
+/// Attempts to construct a `rustls` configuration that verifies TLS certificates in the best way
+/// for the underlying OS platform, using the provided
+/// [`CryptoProvider`][rustls:crypto::CryptoProvider].
+///
+/// # Errors
+///
+/// Propagates any error returned by [`rustls::ConfigBuilder::with_safe_default_protocol_versions`]
+pub fn tls_config_with_provider(
+    provider: Arc<rustls::crypto::CryptoProvider>,
+) -> Result<ClientConfig, rustls::Error> {
+    Ok(ClientConfig::builder_with_provider(provider.clone())
+        .with_safe_default_protocol_versions()?
+        .dangerous()
+        .with_custom_certificate_verifier(Arc::new(Verifier::new().with_provider(provider)))
+        .with_no_client_auth())
+}
+
 /// Exposed for debugging certificate issues with standalone tools.
 ///
 /// This is not intended for production use, you should use [tls_config] instead.
