djc/Cargo.toml

## Cargo.toml
[package]
name = "test-rs"
version = "0.1.0"
edition = "2021"

[dependencies]
rcgen = "0.14.4"
rustls = { version = "0.23.23" }

## main.rs
use std::sync::Arc;

use rcgen::{BasicConstraints, CertificateParams, CertifiedIssuer, IsCa, KeyPair, KeyUsagePurpose};
use rustls::{
    ClientConfig, ClientConnection, RootCertStore, ServerConfig, ServerConnection, pki_types::{PrivateKeyDer, ServerName}
};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut params = CertificateParams::new(vec!["example.com".to_string()])?;
    params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
    params.key_usages = vec![
        KeyUsagePurpose::DigitalSignature,
        KeyUsagePurpose::KeyEncipherment,
        KeyUsagePurpose::KeyCertSign,
    ];

    let ca_key = KeyPair::generate()?;
    let issuer = CertifiedIssuer::self_signed(params, ca_key)?;

    let params = CertificateParams::new(vec!["www.example.com".to_string()])?;
    let server_key = KeyPair::generate()?;
    let signed = params.signed_by(&server_key, &issuer)?;

    let mut root_store = RootCertStore::empty();
    root_store.add(issuer.der().clone())?;
    let client_config = Arc::new(
        ClientConfig::builder()
            .with_root_certificates(root_store)
            .with_no_client_auth(),
    );

    let server_config = Arc::new(
        ServerConfig::builder()
            .with_no_client_auth()
            .with_single_cert(
                vec![signed.der().clone()],
                PrivateKeyDer::try_from(server_key.serialize_der())?,
            )?,
    );

    let mut client = ClientConnection::new(client_config, ServerName::try_from("example.com")?)?;
    let mut buf = Vec::with_capacity(1_048_576);
    client.write_tls(&mut buf)?;

    let mut server = ServerConnection::new(server_config)?;
    server.read_tls(&mut &buf[..])?;
    server.process_new_packets()?;
    buf.clear();
    server.write_tls(&mut buf)?;

    client.read_tls(&mut &buf[..])?;
    if let Err(err) = client.process_new_packets() {
        eprintln!("{err}");
    };

    Ok(())
}
	[package]
	name = "test-rs"
	version = "0.1.0"
	edition = "2021"

	[dependencies]
	rcgen = "0.14.4"
	rustls = { version = "0.23.23" }
	use std::sync::Arc;

	use rcgen::{BasicConstraints, CertificateParams, CertifiedIssuer, IsCa, KeyPair, KeyUsagePurpose};
	use rustls::{
	ClientConfig, ClientConnection, RootCertStore, ServerConfig, ServerConnection, pki_types::{PrivateKeyDer, ServerName}
	};

	fn main() -> Result<(), Box<dyn std::error::Error>> {
	let mut params = CertificateParams::new(vec!["example.com".to_string()])?;
	params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
	params.key_usages = vec![
	KeyUsagePurpose::DigitalSignature,
	KeyUsagePurpose::KeyEncipherment,
	KeyUsagePurpose::KeyCertSign,
	];

	let ca_key = KeyPair::generate()?;
	let issuer = CertifiedIssuer::self_signed(params, ca_key)?;

	let params = CertificateParams::new(vec!["www.example.com".to_string()])?;
	let server_key = KeyPair::generate()?;
	let signed = params.signed_by(&server_key, &issuer)?;

	let mut root_store = RootCertStore::empty();
	root_store.add(issuer.der().clone())?;
	let client_config = Arc::new(
	ClientConfig::builder()
	.with_root_certificates(root_store)
	.with_no_client_auth(),
	);

	let server_config = Arc::new(
	ServerConfig::builder()
	.with_no_client_auth()
	.with_single_cert(
	vec![signed.der().clone()],
	PrivateKeyDer::try_from(server_key.serialize_der())?,
	)?,
	);

	let mut client = ClientConnection::new(client_config, ServerName::try_from("example.com")?)?;
	let mut buf = Vec::with_capacity(1_048_576);
	client.write_tls(&mut buf)?;

	let mut server = ServerConnection::new(server_config)?;
	server.read_tls(&mut &buf[..])?;
	server.process_new_packets()?;
	buf.clear();
	server.write_tls(&mut buf)?;

	client.read_tls(&mut &buf[..])?;
	if let Err(err) = client.process_new_packets() {
	eprintln!("{err}");
	};

	Ok(())
	}