Open xd009642 opened 3 years ago
Hi @xd009642, what other TLS settings need to be configured?
So any settings in the builder https://docs.rs/native-tls/0.2.7/native_tls/struct.TlsConnectorBuilder.html disable_built_in_roots
is one. I also have another client with private cloud who don't like adding certificates to images so ask us to set danger_accept_invalid_certs
so I'll need that if we deploy our ES based solution there.
I'd also be willing to work on a PR for this, just want to make sure the feature will be accepted in some form or another
It looks like disable_built_in_roots
might be the only one missing that might be useful to also have:
.auth()
add_root_certificate()
and danger_accept_invalid_certs()
and danger_accept_invalid_hostnames()
are handled with cert_validation()
Ah brilliant, I missed those in the docs. I'll have a look at a PR for disable_built_in_roots, I imagine it would be a case of adding a field to the CertificationValidation
enum as that seems to handle a few things :thinking:
Is your feature request related to a problem? Please describe.
I need to configure more TLS settings to meet a customers security policy for a private deployment. I use rusoto with the same customer and they expose https://docs.rs/native-tls/0.2.7/native_tls/struct.TlsConnector.html in their public API when native-tls is used and I'm able to configure the connection as required when creating the client. Ideally, the Elasticsearch bindings will function the same way to enable me to reuse the same connection building code I've already implemented.