Module security_framework::secure_transport

SSL/TLS encryption support using Secure Transport.

Examples

To connect as a client to a server with a certificate trusted by the system:

use std::io::prelude::*;
use std::net::TcpStream;
use security_framework::secure_transport::ClientBuilder;

let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = ClientBuilder::new().handshake("google.com", stream).unwrap();

stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut page = vec![];
stream.read_to_end(&mut page).unwrap();
println!("{}", String::from_utf8_lossy(&page));

To connect to a server with a certificate that’s not trusted by the system, specify the root certificates for the server’s chain to the ClientBuilder:

use std::io::prelude::*;
use std::net::TcpStream;
use security_framework::secure_transport::ClientBuilder;

let stream = TcpStream::connect("my_server.com:443").unwrap();
let mut stream = ClientBuilder::new()
                     .anchor_certificates(&[root_cert])
                     .handshake("my_server.com", stream)
                     .unwrap();

stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut page = vec![];
stream.read_to_end(&mut page).unwrap();
println!("{}", String::from_utf8_lossy(&page));

For more advanced configuration, the SslContext type can be used directly.

To run a server:

use std::net::TcpListener;
use std::thread;
use security_framework::secure_transport::{SslContext, SslProtocolSide, SslConnectionType};

// Create a TCP listener and start accepting on it.
let mut listener = TcpListener::bind("0.0.0.0:443").unwrap();

for stream in listener.incoming() {
    let stream = stream.unwrap();
    thread::spawn(move || {
        // Create a new context configured to operate on the server side of
        // a traditional SSL/TLS session.
        let mut ctx = SslContext::new(SslProtocolSide::SERVER, SslConnectionType::STREAM)
                          .unwrap();

        // Install the certificate chain that we will be using.
        ctx.set_certificate(identity, &[intermediate_cert, root_cert]).unwrap();

        // Perform the SSL/TLS handshake and get our stream.
        let mut stream = ctx.handshake(stream).unwrap();
    });
}

Structs

• ClientBuilder
  A builder type to simplify the creation of client side SslStreams.
• MidHandshakeClientBuilder
  An SSL stream midway through the handshake process.
• MidHandshakeSslStream
  An SSL stream midway through the handshake process.
• ServerBuilder
  A builder type to simplify the creation of server-side SslStreams.
• SessionState
  Specifies the state of a TLS session.
• SslAuthenticate
  Specifies a server’s requirement for client certificates.
• SslClientCertificateState
  Specifies the state of client certificate processing.
• SslConnectionType
  Specifies the type of TLS session.
• SslContext
  A Secure Transport SSL/TLS context object.
• SslProtocol
  Specifies protocol versions.
• SslProtocolSide
  Specifies a side of a TLS session.
• SslStream
  A type implementing SSL/TLS encryption over an underlying stream.

Enums

• ClientHandshakeError
  An error or intermediate state after a TLS handshake attempt.
• HandshakeError
  An error or intermediate state after a TLS handshake attempt.