Enum rustls::Connection
source · pub enum Connection {
Client(ClientConnection),
Server(ServerConnection),
}
Expand description
A client or server connection.
Variants§
Implementations§
source§impl Connection
impl Connection
sourcepub fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>
pub fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>
Read TLS content from rd
.
See ConnectionCommon::read_tls()
for more information.
sourcepub fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>
pub fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>
Writes TLS messages to wr
.
See ConnectionCommon::write_tls()
for more information.
sourcepub fn process_new_packets(&mut self) -> Result<IoState, Error>
pub fn process_new_packets(&mut self) -> Result<IoState, Error>
Processes any new packets read by a previous call to Connection::read_tls
.
See ConnectionCommon::process_new_packets()
for more information.
sourcepub fn export_keying_material<T: AsMut<[u8]>>(
&self,
output: T,
label: &[u8],
context: Option<&[u8]>
) -> Result<T, Error>
pub fn export_keying_material<T: AsMut<[u8]>>( &self, output: T, label: &[u8], context: Option<&[u8]> ) -> Result<T, Error>
Derives key material from the agreed connection secrets.
See ConnectionCommon::export_keying_material()
for more information.
sourcepub fn extract_secrets(self) -> Result<ExtractedSecrets, Error>
Available on crate feature secret_extraction
only.
pub fn extract_secrets(self) -> Result<ExtractedSecrets, Error>
secret_extraction
only.Extract secrets, to set up kTLS for example
Methods from Deref<Target = CommonState>§
sourcepub fn wants_write(&self) -> bool
pub fn wants_write(&self) -> bool
Returns true if the caller should call Connection::write_tls
as soon as possible.
sourcepub fn is_handshaking(&self) -> bool
pub fn is_handshaking(&self) -> bool
Returns true if the connection is currently performing the TLS handshake.
During this time plaintext written to the connection is buffered in memory. After
Connection::process_new_packets()
has been called, this might start to return false
while the final handshake packets still need to be extracted from the connection’s buffers.
sourcepub fn peer_certificates(&self) -> Option<&[Certificate]>
pub fn peer_certificates(&self) -> Option<&[Certificate]>
Retrieves the certificate chain used by the peer to authenticate.
The order of the certificate chain is as it appears in the TLS protocol: the first certificate relates to the peer, the second certifies the first, the third certifies the second, and so on.
This is made available for both full and resumed handshakes.
For clients, this is the certificate chain of the server.
For servers, this is the certificate chain of the client, if client authentication was completed.
The return value is None until this value is available.
sourcepub fn alpn_protocol(&self) -> Option<&[u8]>
pub fn alpn_protocol(&self) -> Option<&[u8]>
Retrieves the protocol agreed with the peer via ALPN.
A return value of None
after handshake completion
means no protocol was agreed (because no protocols
were offered or accepted by the peer).
sourcepub fn negotiated_cipher_suite(&self) -> Option<SupportedCipherSuite>
pub fn negotiated_cipher_suite(&self) -> Option<SupportedCipherSuite>
Retrieves the ciphersuite agreed with the peer.
This returns None until the ciphersuite is agreed.
sourcepub fn protocol_version(&self) -> Option<ProtocolVersion>
pub fn protocol_version(&self) -> Option<ProtocolVersion>
Retrieves the protocol version agreed with the peer.
This returns None
until the version is agreed.
sourcepub fn set_buffer_limit(&mut self, limit: Option<usize>)
pub fn set_buffer_limit(&mut self, limit: Option<usize>)
Sets a limit on the internal buffers used to buffer
unsent plaintext (prior to completing the TLS handshake)
and unsent TLS records. This limit acts only on application
data written through Connection::writer
.
By default the limit is 64KB. The limit can be set at any time, even if the current buffer use is higher.
None
means no limit applies, and will mean that written
data is buffered without bound – it is up to the application
to appropriately schedule its plaintext and TLS writes to bound
memory usage.
For illustration: Some(1)
means a limit of one byte applies:
Connection::writer
will accept only one byte, encrypt it and
add a TLS header. Once this is sent via Connection::write_tls
,
another byte may be sent.
§Internal write-direction buffering
rustls has two buffers whose size are bounded by this setting:
§Buffering of unsent plaintext data prior to handshake completion
Calls to Connection::writer
before or during the handshake
are buffered (up to the limit specified here). Once the
handshake completes this data is encrypted and the resulting
TLS records are added to the outgoing buffer.
§Buffering of outgoing TLS records
This buffer is used to store TLS records that rustls needs to send to the peer. It is used in these two circumstances:
- by
Connection::process_new_packets
when a handshake or alert TLS record needs to be sent. - by
Connection::writer
post-handshake: the plaintext is encrypted and the resulting TLS record is buffered.
This buffer is emptied by Connection::write_tls
.
sourcepub fn send_close_notify(&mut self)
pub fn send_close_notify(&mut self)
Queues a close_notify warning alert to be sent in the next
Connection::write_tls
call. This informs the peer that the
connection is being closed.
sourcepub fn wants_read(&self) -> bool
pub fn wants_read(&self) -> bool
Returns true if the caller should call Connection::read_tls
as soon
as possible.
If there is pending plaintext data to read with Connection::reader
,
this returns false. If your application respects this mechanism,
only one full TLS message will be buffered by rustls.