MCPcopy Index your code
hub / github.com/RustPython/RustPython / create_server_config

Function create_server_config

crates/stdlib/src/ssl/compat.rs:682–766  ·  view source on GitHub ↗

Create a server TLS configuration This abstracts the complex rustls ServerConfig building logic, matching SSL_CTX initialization for server sockets.

(options: ServerConfigOptions)

Source from the content-addressed store, hash-verified

680/// This abstracts the complex rustls ServerConfig building logic,
681/// matching SSL_CTX initialization for server sockets.
682pub(super) fn create_server_config(options: ServerConfigOptions) -> Result<ServerConfig, String> {
683 use rustls::server::WebPkiClientVerifier;
684
685 // Ensure default CryptoProvider is installed
686 ensure_default_provider();
687
688 // Create custom crypto provider using helper function
689 let custom_provider = create_custom_crypto_provider(
690 options.protocol_settings.cipher_suites.clone(),
691 options.protocol_settings.kx_groups.clone(),
692 );
693
694 // Step 1: Build the appropriate client cert verifier based on settings
695 let client_cert_verifier: Option<Arc<dyn rustls::server::danger::ClientCertVerifier>> =
696 if let Some(root_store) = options.root_store {
697 if options.request_client_cert {
698 // Client certificate verification required
699 let base_verifier = WebPkiClientVerifier::builder(Arc::new(root_store))
700 .build()
701 .map_err(|e| format!("Failed to create client verifier: {e}"))?;
702
703 if options.use_deferred_validation {
704 // TLS 1.3: Use deferred validation
705 if let Some(deferred_error) = options.deferred_cert_error {
706 use crate::ssl::cert::DeferredClientCertVerifier;
707 let deferred_verifier =
708 DeferredClientCertVerifier::new(base_verifier, deferred_error);
709 Some(Arc::new(deferred_verifier))
710 } else {
711 // No deferred error storage provided, use immediate validation
712 Some(base_verifier)
713 }
714 } else {
715 // TLS 1.2 or non-deferred: Use immediate validation
716 Some(base_verifier)
717 }
718 } else {
719 // No client authentication
720 None
721 }
722 } else {
723 // No root store - no client authentication
724 None
725 };
726
727 // Step 2: Create ServerConfig builder once with the selected verifier
728 let builder = ServerConfig::builder_with_provider(custom_provider.clone())
729 .with_protocol_versions(options.protocol_settings.versions)
730 .map_err(|e| format!("Failed to create server config builder: {e}"))?;
731
732 let builder = if let Some(verifier) = client_cert_verifier {
733 builder.with_client_cert_verifier(verifier)
734 } else {
735 builder.with_no_client_auth()
736 };
737
738 // Add certificate
739 let mut config = if let Some(resolver) = options.cert_resolver {

Callers 1

Calls 7

ensure_default_providerFunction · 0.85
newFunction · 0.85
apply_alpn_with_fallbackFunction · 0.85
SomeClass · 0.50
cloneMethod · 0.45
buildMethod · 0.45

Tested by

no test coverage detected