Skip to content

feat: implement TlsAcceptCallbacks support for rustls backend #834

Open
Open
feat: implement TlsAcceptCallbacks support for rustls backend#834
Labels
enhancementNew feature or request
@jsulmont

Description

@jsulmont
jsulmont
opened on Mar 6, 2026

What is the problem your feature solves, or the need it fulfills?

TlsSettings::with_callbacks() in the rustls backend returns an error:

"Certificate callbacks are not supported with feature "rustls"."

The TlsRef type passed to handshake_complete_callback is an empty struct with no accessors, making post-handshake inspection impossible even if the error is worked around. This is a parity gap with the OpenSSL/BoringSSL backend, where TlsRef = SslRef exposes peer_certificate(), verified_chain(), current_cipher(), etc.

This blocks any rustls-based application that needs to extract peer certificate identity or cipher suite information after the TLS handshake.

Describe the solution you'd like

  1. TlsSettings::with_callbacks(callbacks) should accept a TlsAcceptCallbacks and wire it through to the Acceptor and handshake path (matching the OpenSSL backend signature)
  2. TlsRef should carry connection state — peer certificate chain and negotiated cipher suite — with public accessors
  3. handshake_with_callback() should populate TlsRef from the rustls session and pass it to the callback
  4. Add set_certificate_chain_file() / set_private_key_file() setters on TlsSettings for use with the callbacks constructor

Additional context

PR: #833

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions