diff --git a/tokio-quiche/src/settings/config.rs b/tokio-quiche/src/settings/config.rs index a3a6e1436ee..cb5a88d7eae 100644 --- a/tokio-quiche/src/settings/config.rs +++ b/tokio-quiche/src/settings/config.rs @@ -188,6 +188,14 @@ fn make_quiche_config( config.verify_peer(quic_settings.verify_peer); } + if let Some(path) = quic_settings.verify_ca_bundle_path.as_deref() { + config.load_verify_locations_from_file(path)?; + } + + if let Some(path) = quic_settings.verify_ca_directory_path.as_deref() { + config.load_verify_locations_from_directory(path)?; + } + config.set_max_connection_window(quic_settings.max_connection_window); config.set_max_stream_window(quic_settings.max_stream_window); config.set_use_initial_max_data_as_flow_control_win( diff --git a/tokio-quiche/src/settings/quic.rs b/tokio-quiche/src/settings/quic.rs index c163f9dc7ff..55b3466d2f3 100644 --- a/tokio-quiche/src/settings/quic.rs +++ b/tokio-quiche/src/settings/quic.rs @@ -258,6 +258,28 @@ pub struct QuicSettings { /// [`verify_peer()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.verify_peer pub verify_peer: bool, + /// Specifies a file where trusted CA certificates are stored for the + /// purposes of certificate verification. + /// + /// The content of `file` is parsed as a PEM-encoded certificate chain. + /// + /// Defaults to `None`. + /// [`load_verify_locations_from_file()`] for more. + /// + /// [`load_verify_locations_from_file()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.load_verify_locations_from_file + pub verify_ca_bundle_path: Option, + + /// Specifies a directory where trusted CA certificates are stored for the + /// purposes of certificate verification. + /// + /// The content of `dir` a set of PEM-encoded certificate chains. + /// + /// Defaults to `None`. + /// [`load_verify_locations_from_directory()`] for more. + /// + /// [`load_verify_locations_from_directory()`]: https://docs.rs/quiche/latest/quiche/struct.Config.html#method.load_verify_locations_from_directory + pub verify_ca_directory_path: Option, + /// The maximum size of the receiver connection flow control window. /// /// Defaults to 24MB.