readd client credentials support

ARogovskyy · ARogovskyy · commit ad9c617406c1 · 2026-02-17T22:20:47.000+01:00
diff --git a/src/client.rs b/src/client.rs
@@ -43,9 +43,12 @@ pub struct TlsConfig<'a, const RX_SIZE: usize = 4096, const TX_SIZE: usize = 409
     /// Minimum TLS version for the connection
     version: crate::TlsVersion,
 
-    /// Client certificates. See [mbedtls_rs::Certificates]
+    /// Root certificates to trust. See [mbedtls_rs::Certificates]
     certificates: crate::Certificate<'a>,
 
+    /// Client certificate and private key for mutual TLS. See [mbedtls_rs::Certificates]
+    client_credentials: Option<crate::Credentials<'a>>,
+
     /// A reference to instance of the MbedTLS library.
     tls_reference: mbedtls_rs::TlsReference<'a>,
 }
@@ -186,7 +189,7 @@ where
                     conn,
                     &mbedtls_rs::SessionConfig::Client(mbedtls_rs::ClientSessionConfig {
                         ca_chain: Some(tls.certificates.clone()),
-                        creds: None,
+                        creds: tls.client_credentials.clone(),
                         server_name: None, // don't set it here because it would reference a local variable
                         auth_mode: mbedtls_rs::AuthMode::Required,
                         min_version: tls.version,
diff --git a/src/lib.rs b/src/lib.rs
@@ -84,7 +84,7 @@ impl From<embedded_tls::TlsError> for Error {
 
 /// Re-export those members since they're used for [client::TlsConfig].
 #[cfg(feature = "mbedtls-rs")]
-pub use mbedtls_rs::{Certificate, TlsReference, TlsVersion, X509};
+pub use mbedtls_rs::{Certificate, Credentials, TlsReference, TlsVersion, X509};
 
 #[cfg(feature = "mbedtls-rs")]
 impl From<mbedtls_rs::SessionError> for Error {
