Is there an example of a tungstenite-rs client that makes a websocket connection with mTLS?

[eswenson1]

I've been unable to figure out how, with tungstenite, to create an mTLS websockets client. My application requires mutual tls.

Is this supported? If so, can you point me to an example websockets mTLS client (and server)?

[agalakhov]

This is quite straightforward and this is supported, but out of scope of tungstenite itself.

In general, there is just a standard TLS or non-TLS connection inside Tungstenite, and it is accessible. You can create your own connection with any parameters you want and pass it to Tungstenite (i.e. via client() call). Or you can let Tungstenite establish connection for you (calling connect()) and then access the underlying stream with get_ref() or get_mut(). This is enough to enforce any specific TLS connection parameters, including, but not limited to, mTLS.

[angelorodem]

I have the same question, i'm glad that the crate supports features like rustls-tls-webpki-roots but there is no documentation on how to use this whatsoever.

and if you look at the client_tls and client_tls_with_config there is no hints on how to build and use them.

@agalakhov i thank for your message, but remember that we are not package contributors, we don't know the inner workings and we are learning, without documentation or examples it's hard to understand, i could not make MVC from your message, could you help by providing a simple MVC? like loading some root CA pem and public/private key chain?

Thank you!

[eswenson1]

I did manage to get an mTLS client working using just fine with tungstenite and rustls. If you want an example, DM me and I’ll post my code and PKI cert setup.