Add 'ca_certificate' option

rpcpool · Dec 16, 2024 · a5f6c93 · a5f6c93
1 parent 3192b55
commit a5f6c93
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/examples/rust/src/bin/client.rs b/examples/rust/src/bin/client.rs
@@ -12,11 +12,12 @@ use {
         collections::HashMap,
         env,
         fs::File,
+        path::PathBuf,
         sync::Arc,
         time::{Duration, Instant, SystemTime, UNIX_EPOCH},
     },
     tokio::{fs, sync::Mutex},
-    tonic::transport::channel::ClientTlsConfig,
+    tonic::transport::{channel::ClientTlsConfig, Certificate},
     yellowstone_grpc_client::{GeyserGrpcClient, GeyserGrpcClientError, Interceptor},
     yellowstone_grpc_proto::{
         convert_from,
@@ -48,6 +49,10 @@ type BlocksMetaFilterMap = HashMap<String, SubscribeRequestFilterBlocksMeta>;
 #[derive(Debug, Clone, Parser)]
 #[clap(author, version, about)]
 struct Args {
+    /// Path of a certificate authority file
+    #[clap(long)]
+    ca_certificate: Option<PathBuf>,
+
     #[clap(short, long, default_value_t = String::from("http://127.0.0.1:10000"))]
     /// Service endpoint
     endpoint: String,
@@ -117,9 +122,14 @@ impl Args {
     }
 
     async fn connect(&self) -> anyhow::Result<GeyserGrpcClient<impl Interceptor>> {
+        let mut tls_config = ClientTlsConfig::new().with_native_roots();
+        if let Some(file_name) = &self.ca_certificate {
+            let contents = fs::read_to_string(file_name).await?;
+            tls_config = tls_config.ca_certificate(Certificate::from_pem(contents.as_bytes()));
+        }
         let mut builder = GeyserGrpcClient::build_from_shared(self.endpoint.clone())?
             .x_token(self.x_token.clone())?
-            .tls_config(ClientTlsConfig::new().with_native_roots())?
+            .tls_config(tls_config)?
             .max_decoding_message_size(self.max_decoding_message_size);
 
         if let Some(duration) = self.connect_timeout_ms {