Struct rustls_ffi::cipher::rustls_certified_key
source · pub struct rustls_certified_key { /* private fields */ }
Expand description
The complete chain of certificates to send during a TLS handshake, plus a private key that matches the end-entity (leaf) certificate.
Corresponds to CertifiedKey
in the Rust API.
https://docs.rs/rustls/latest/rustls/sign/struct.CertifiedKey.html
Implementations§
source§impl rustls_certified_key
impl rustls_certified_key
source#[no_mangle]pub extern "C" fn rustls_certified_key_build(
cert_chain: *const u8,
cert_chain_len: size_t,
private_key: *const u8,
private_key_len: size_t,
certified_key_out: *mut *const rustls_certified_key,
) -> rustls_result
#[no_mangle]pub extern "C" fn rustls_certified_key_build(
cert_chain: *const u8,
cert_chain_len: size_t,
private_key: *const u8,
private_key_len: size_t,
certified_key_out: *mut *const rustls_certified_key,
) -> rustls_result
Build a rustls_certified_key
from a certificate chain and a private key
and the default process-wide crypto provider.
cert_chain
must point to a buffer of cert_chain_len
bytes, containing
a series of PEM-encoded certificates, with the end-entity (leaf)
certificate first.
private_key
must point to a buffer of private_key_len
bytes, containing
a PEM-encoded private key in either PKCS#1, PKCS#8 or SEC#1 format when
using aws-lc-rs
as the crypto provider. Supported formats may vary by
provider.
On success, this writes a pointer to the newly created
rustls_certified_key
in certified_key_out
. That pointer must later
be freed with rustls_certified_key_free
to avoid memory leaks. Note that
internally, this is an atomically reference-counted pointer, so even after
the original caller has called rustls_certified_key_free
, other objects
may retain a pointer to the object. The memory will be freed when all
references are gone.
This function does not take ownership of any of its input pointers. It parses the pointed-to data and makes a copy of the result. You may free the cert_chain and private_key pointers after calling it.
Typically, you will build a rustls_certified_key
, use it to create a
rustls_server_config
(which increments the reference count), and then
immediately call rustls_certified_key_free
. That leaves the
rustls_server_config
in possession of the sole reference, so the
rustls_certified_key
’s memory will automatically be released when
the rustls_server_config
is freed.
source#[no_mangle]pub extern "C" fn rustls_certified_key_build_with_signing_key(
cert_chain: *const u8,
cert_chain_len: size_t,
signing_key: *mut rustls_signing_key,
certified_key_out: *mut *const rustls_certified_key,
) -> rustls_result
#[no_mangle]pub extern "C" fn rustls_certified_key_build_with_signing_key(
cert_chain: *const u8,
cert_chain_len: size_t,
signing_key: *mut rustls_signing_key,
certified_key_out: *mut *const rustls_certified_key,
) -> rustls_result
Build a rustls_certified_key
from a certificate chain and a
rustls_signing_key
.
cert_chain
must point to a buffer of cert_chain_len
bytes, containing
a series of PEM-encoded certificates, with the end-entity (leaf)
certificate first.
signing_key
must point to a rustls_signing_key
loaded using a
rustls_crypto_provider
and rustls_crypto_provider_load_key()
.
On success, this writes a pointer to the newly created
rustls_certified_key
in certified_key_out
. That pointer must later
be freed with rustls_certified_key_free
to avoid memory leaks. Note that
internally, this is an atomically reference-counted pointer, so even after
the original caller has called rustls_certified_key_free
, other objects
may retain a pointer to the object. The memory will be freed when all
references are gone.
This function does not take ownership of any of its input pointers. It parses the pointed-to data and makes a copy of the result. You may free the cert_chain and private_key pointers after calling it.
Typically, you will build a rustls_certified_key
, use it to create a
rustls_server_config
(which increments the reference count), and then
immediately call rustls_certified_key_free
. That leaves the
rustls_server_config
in possession of the sole reference, so the
rustls_certified_key
’s memory will automatically be released when
the rustls_server_config
is freed.
source#[no_mangle]pub extern "C" fn rustls_certified_key_get_certificate<'a>(
certified_key: *const rustls_certified_key,
i: size_t,
) -> *const rustls_certificate<'a>
#[no_mangle]pub extern "C" fn rustls_certified_key_get_certificate<'a>(
certified_key: *const rustls_certified_key,
i: size_t,
) -> *const rustls_certificate<'a>
Return the i-th rustls_certificate in the rustls_certified_key.
0 gives the end-entity certificate. 1 and higher give certificates from the chain.
Indexes higher than the last available certificate return NULL.
The returned certificate is valid until the rustls_certified_key is freed.
source#[no_mangle]pub extern "C" fn rustls_certified_key_clone_with_ocsp(
certified_key: *const rustls_certified_key,
ocsp_response: *const rustls_slice_bytes<'_>,
cloned_key_out: *mut *const rustls_certified_key,
) -> rustls_result
#[no_mangle]pub extern "C" fn rustls_certified_key_clone_with_ocsp(
certified_key: *const rustls_certified_key,
ocsp_response: *const rustls_slice_bytes<'_>,
cloned_key_out: *mut *const rustls_certified_key,
) -> rustls_result
Create a copy of the rustls_certified_key with the given OCSP response data as DER encoded bytes.
The OCSP response may be given as NULL to clear any possibly present OCSP data from the cloned key.
The cloned key is independent from its original and needs to be freed by the application.
source#[no_mangle]pub extern "C" fn rustls_certified_key_free(
key: *const rustls_certified_key,
)
#[no_mangle]pub extern "C" fn rustls_certified_key_free(
key: *const rustls_certified_key,
)
“Free” a certified_key previously returned from rustls_certified_key_build
.
Since certified_key is actually an atomically reference-counted pointer, extant certified_key may still hold an internal reference to the Rust object.
However, C code must consider this pointer unusable after “free“ing it.
Calling with NULL is fine. Must not be called twice with the same value.