The improvements made on this fork were transferred to khorsolutions for ongoing maintenance and ownership; please see: https://github.com/khorsolutions/tokio-postgres-rustls-improved/
NOTE: This is a fork; the original tokio-postgres-rustls repo appears to be unmaintained and has known bugs.
This fork strives to be actively maintained, and incorporates Conrad Ludgate's fixes for SCRAM channel binding and removal of unsafe code, this fork also adds comprehensive integration tests and a CI pipeline.
This is an integration between the rustls TLS stack and the tokio-postgres asynchronous PostgreSQL client library.
Include directly in dependencies like:
[dependencies]
tokio-postgres-rustls = { git = "https://github.com/dsykes16/tokio-postgres-rustls.git", tag = "0.14.0" }
Or include as a patch if tokio-postgres-rustls is a dependency of a 3rd party crate:
[patch.crates-io]
tokio-postgres-rustls = { git = "https://github.com/dsykes16/tokio-postgres-rustls.git", tag = "0.14.0" }
See tests/integration.rs for actual usage examples, including with SASL/SCRAM using Channel Binding.
// Setup a `rustls::ClientConfig` (see Rustls docs for more info)
let tls_config = rustls::ClientConfig::builder()
.with_root_certificates(certs.roots)
.with_client_auth_cert(certs.client_certs, certs.client_key)
.expect("build rustls client config");
// MakeRustlsConnect is provided by this library; it wraps a `rustls::CLientConfig`
let tls = MakeRustlsConnect::new(tls_config);
// Connect as usual with `tokio-postgres`, providing our `MakeRustlsConnect` as the `tls` arg
let mut pg_config = Config::new();
pg_config
.host("localhost")
.port(pg.port)
.dbname("postgres")
.user("ssl_user")
.ssl_mode(SslMode::Require);
let (client, conn) = pg_config.connect(tls).await.expect("connect");
// ...
tokio-postgres-rustls is distributed under the MIT license.