Driver uses the openssl crate for TLS functionality.
It was chosen because rustls doesn’t support certificates for ip addresses
(see issue), which is a common use case for Scylla.
openssl is not a pure Rust library so you need enable a feature and install the proper package.
To enable the tls feature add in Cargo.toml:
scylla = { version = "0.4", features = ["ssl"] }
openssl = "0.10.32"
Then install the package with openssl:
Debian/Ubuntu:
apt install libssl-dev pkg-config
Fedora:
dnf install openssl-devel
Arch:
pacman -S openssl pkg-config
To use tls you will have to create an openssl
SslContext
and pass it to SessionBuilder
For example, if database certificate is in the file ca.crt:
# extern crate scylla;
# extern crate openssl;
use scylla::{Session, SessionBuilder};
use openssl::ssl::{SslContextBuilder, SslMethod, SslVerifyMode};
use std::path::PathBuf;
# use std::error::Error;
# async fn check_only_compiles() -> Result<(), Box<dyn Error>> {
let mut context_builder = SslContextBuilder::new(SslMethod::tls())?;
context_builder.set_ca_file("ca.crt")?;
context_builder.set_verify(SslVerifyMode::PEER);
let session: Session = SessionBuilder::new()
.known_node("127.0.0.1:9142") // The the port is now 9142
.ssl_context(Some(context_builder.build()))
.build()
.await?;
# Ok(())
# }
See the full example for more details
On this page