in bindings/rust/standard/bench/src/rustls.rs [106:175]
fn make_config(
mode: Mode,
crypto_config: CryptoConfig,
handshake_type: HandshakeType,
) -> Result<Self, Box<dyn Error>> {
let cipher_suite = match crypto_config.cipher_suite {
CipherSuite::AES_128_GCM_SHA256 => TLS13_AES_128_GCM_SHA256,
CipherSuite::AES_256_GCM_SHA384 => TLS13_AES_256_GCM_SHA384,
};
let kx_group = match crypto_config.kx_group {
KXGroup::Secp256R1 => &SECP256R1,
KXGroup::X25519 => &X25519,
};
let crypto_provider = Arc::new(CryptoProvider {
cipher_suites: vec![cipher_suite],
kx_groups: vec![*kx_group],
..aws_lc_rs::default_provider()
});
match mode {
Mode::Client => {
let builder = ClientConfig::builder_with_provider(crypto_provider)
.with_protocol_versions(&[&TLS13])?
.with_root_certificates(Self::get_root_cert_store(crypto_config.sig_type));
let config = match handshake_type {
HandshakeType::ServerAuth | HandshakeType::Resumption => {
builder.with_no_client_auth()
}
HandshakeType::MutualAuth => builder.with_client_auth_cert(
Self::get_cert_chain(ClientCertChain, crypto_config.sig_type),
Self::get_key(ClientKey, crypto_config.sig_type),
)?,
};
if handshake_type != HandshakeType::Resumption {
rustls::client::Resumption::disabled();
}
Ok(RustlsConfig::Client(Arc::new(config)))
}
Mode::Server => {
let builder = ServerConfig::builder_with_provider(crypto_provider)
.with_protocol_versions(&[&TLS13])?;
let builder = match handshake_type {
HandshakeType::ServerAuth | HandshakeType::Resumption => {
builder.with_no_client_auth()
}
HandshakeType::MutualAuth => {
let client_cert_verifier = WebPkiClientVerifier::builder(
Self::get_root_cert_store(crypto_config.sig_type).into(),
)
.build()
.unwrap();
builder.with_client_cert_verifier(client_cert_verifier)
}
};
let config = builder.with_single_cert(
Self::get_cert_chain(ServerCertChain, crypto_config.sig_type),
Self::get_key(ServerKey, crypto_config.sig_type),
)?;
Ok(RustlsConfig::Server(Arc::new(config)))
}
}
}