Was this page helpful?
TLS¶
Driver uses either the
openssl crate or the
rustls crate for TLS functionality.
Both of this features are behind their respective feature flag.
Enabling feature¶
NOTE: openssl is not a pure Rust library, so you need to both enable a feature and install the proper package.
To enable use of TLS using openssl, add in Cargo.toml:
scylla = { version = "0.4", features = ["openssl-010"] }
openssl = "0.10.70"
Then install the package with openssl:
Debian/Ubuntu:
apt install libssl-dev pkg-config
Fedora:
dnf install openssl-devel
Arch:
pacman -S openssl pkg-config
Using TLS¶
To use TLS you will have to a TlsContext. For convenience, both an
openssl
SslContext
and a rustls
ClientConfig
can be automatically converted to a TlsContext when passing to
SessionBuilder.
For example, if database certificate is in the file ca.crt:
use scylla::client::session::Session;
use scylla::client::session_builder::SessionBuilder;
use openssl::ssl::{SslContextBuilder, SslMethod, SslVerifyMode};
use std::path::PathBuf;
let mut context_builder = SslContextBuilder::new(SslMethod::tls())?;
context_builder.set_ca_file("ca.crt")?;
context_builder.set_verify(SslVerifyMode::PEER);
let session: Session = SessionBuilder::new()
.known_node("127.0.0.1:9142") // The the port is now 9142
.tls_context(Some(context_builder.build()))
.build()
.await?;
See the full openssl example and rustls example for more details.