From bc742b7d51553227082fccf36beadb5a51d4730d Mon Sep 17 00:00:00 2001 From: Ron Lauren Hombre Date: Sat, 6 Dec 2025 06:11:54 +0800 Subject: [PATCH 1/2] Expose `load_verify_locations_from_file` and `load_verify_locations_from_directory` to tokio-quiche QuicSettings --- tokio-quiche/src/quic/mod.rs | 11 +++++++++++ tokio-quiche/src/settings/quic.rs | 20 ++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/tokio-quiche/src/quic/mod.rs b/tokio-quiche/src/quic/mod.rs index a56df0c70c..f9f02d7978 100644 --- a/tokio-quiche/src/quic/mod.rs +++ b/tokio-quiche/src/quic/mod.rs @@ -241,6 +241,17 @@ where } } + if let Some(verify_file) = ¶ms.settings.verify_file { + log::info!("setting up verify_file"; "verify_file"=>verify_file); + &client_config.quiche_config.load_verify_locations_from_file(verify_file); + } + + if let Some(verify_directory) = ¶ms.settings.verify_directory { + log::info!("setting up verify_directory"; "verify_directory"=>verify_directory); + &client_config.quiche_config.load_verify_locations_from_directory(verify_directory); + } + + // Set the keylog file here for the same reason if let Some(keylog_file) = &client_config.keylog_file { log::info!("setting up keylog file"); diff --git a/tokio-quiche/src/settings/quic.rs b/tokio-quiche/src/settings/quic.rs index 5873d24271..deab8e9870 100644 --- a/tokio-quiche/src/settings/quic.rs +++ b/tokio-quiche/src/settings/quic.rs @@ -146,6 +146,26 @@ pub struct QuicSettings { /// Path to a directory where QLOG files will be saved. pub qlog_dir: Option, + /// Specifies a file where trusted CA certificates are stored for the + /// purposes of certificate verification. + /// + /// The content of `file` is parsed as a PEM-encoded certificate chain. + /// + /// See [`load_verify_locations_from_file()`] + /// + /// [`load_verify_locations_from_file()`]: https://docs.quic.tech/quiche/struct.Config.html#method.load_verify_locations_from_file + pub verify_file: Option, + + /// Specifies a directory where trusted CA certificates are stored for the + /// purposes of certificate verification. + /// + /// The content of `dir` a set of PEM-encoded certificate chains. + /// + /// See [`load_verify_locations_from_directory()`] + /// + /// [`load_verify_locations_from_directory()`]: https://docs.quic.tech/quiche/struct.Config.html#method.load_verify_locations_from_directory + pub verify_directory: Option, + /// Congestion control algorithm to use. /// /// For available values, see From cfa30c684dc133db3a5a579070373135f25a872c Mon Sep 17 00:00:00 2001 From: Ron Lauren Hombre Date: Sat, 6 Dec 2025 06:40:42 +0800 Subject: [PATCH 2/2] Also expose to server mode (listen) --- tokio-quiche/src/quic/mod.rs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tokio-quiche/src/quic/mod.rs b/tokio-quiche/src/quic/mod.rs index f9f02d7978..d8dce2b70f 100644 --- a/tokio-quiche/src/quic/mod.rs +++ b/tokio-quiche/src/quic/mod.rs @@ -251,7 +251,6 @@ where &client_config.quiche_config.load_verify_locations_from_directory(verify_directory); } - // Set the keylog file here for the same reason if let Some(keylog_file) = &client_config.keylog_file { log::info!("setting up keylog file"); @@ -302,7 +301,17 @@ where "O_NONBLOCK should be set for the listening socket" ); - let config = Config::new(params, socket.capabilities).into_io()?; + let mut config = Config::new(params, socket.capabilities).into_io()?; + + if let Some(verify_file) = ¶ms.settings.verify_file { + log::info!("setting up verify_file"; "verify_file"=>verify_file); + &config.quiche_config.load_verify_locations_from_file(verify_file); + } + + if let Some(verify_directory) = ¶ms.settings.verify_directory { + log::info!("setting up verify_directory"; "verify_directory"=>verify_directory); + &config.quiche_config.load_verify_locations_from_directory(verify_directory); + } let local_addr = socket.socket.local_addr()?; let socket_tx = Arc::new(socket.socket);