Description
Describe the bug
I'm not sure if this is a true bug or if I'm merely doing something wrong. When attempting to create a client using the transport builder with some certificate files, I continuously get the error Cert(reqwest::Error { kind: Builder, source: "incompatible TLS identity type" }). I've tested these certificates with the exact same server using reqwest directly, which works precisely as intended. If this isn't a bug, it would be very helpful to have some more documentation providing the differences between these two and how to use certificates with elasticsearch.
To Reproduce
Steps to reproduce the behavior:
Using an elasticsearch server configured to use credentials and tls certificates, this code yields the error:
let credentials = Credentials::Basic(server_username.into(), server_password.into());
let cert_ca = fs::read_to_string("ca.pem").unwrap();
let cert_elastic = fs::read_to_string("elastic.pem").unwrap();
let cert_elastic_key = fs::read_to_string("elastic-key.pem").unwrap();
let cert_vec = format!("{}{}", cert_elastic_key, cert_elastic).into_bytes();
let cert_credentials = Credentials::Certificate(ClientCertificate::Pem(cert_vec));
let conn_pool = SingleNodeConnectionPool::new(url);
let builder = TransportBuilder::new(conn_pool)
.auth(credentials)
.auth(cert_credentials)
.cert_validation(CertificateValidation::Full(Certificate::from_pem(&cert_ca.into_bytes()).unwrap()))
.disable_proxy();
let transport = builder.build().unwrap();
let client = Elasticsearch::new(transport);
Expected behavior
I would expect this to behave like Reqwest does when doing it manually, as such:
let id = reqwest::Identity::from_pem(&cert_vec).unwrap();
let client = reqwest::blocking::Client::builder()
.identity(id)
.add_root_certificate(reqwest::Certificate::from_pem(&cert_ca.into_bytes()).unwrap())
.build().unwrap();
Environment (please complete the following information):
- OS: Ubuntu 20.04
- rustc version: 1.50.0