Struct security_framework::secure_transport::ClientBuilder

pub struct ClientBuilder { /* private fields */ }

A builder type to simplify the creation of client side SslStreams.

Implementations

impl ClientBuilder

pub fn new() -> Self

Creates a new builder with default options.

pub fn anchor_certificates(&mut self, certs: &[SecCertificate]) -> &mut Self

Specifies the set of root certificates to trust when verifying the server’s certificate.

pub fn add_anchor_certificate(&mut self, certs: &SecCertificate) -> &mut Self

Add the certificate the set of root certificates to trust when verifying the server’s certificate.

pub fn trust_anchor_certificates_only(&mut self, only: bool) -> &mut Self

Specifies whether to trust the built-in certificates in addition to specified anchor certificates.

pub fn danger_accept_invalid_certs(&mut self, noverify: bool) -> &mut Self

Specifies whether to trust invalid certificates.

Warning

You should think very carefully before using this method. If invalid certificates are trusted, any certificate for any site will be trusted for use. This includes expired certificates. This introduces significant vulnerabilities, and should only be used as a last resort.

pub fn use_sni(&mut self, use_sni: bool) -> &mut Self

Specifies whether to use Server Name Indication (SNI).

pub fn danger_accept_invalid_hostnames( &mut self, danger_accept_invalid_hostnames: bool, ) -> &mut Self

Specifies whether to verify that the server’s hostname matches its certificate.

Warning

You should think very carefully before using this method. If hostnames are not verified, any valid certificate for any site will be trusted for use. This introduces significant vulnerabilities, and should only be used as a last resort.

pub fn whitelist_ciphers( &mut self, whitelisted_ciphers: &[CipherSuite], ) -> &mut Self

Set a whitelist of enabled ciphers. Any ciphers not whitelisted will be disabled.

pub fn blacklist_ciphers( &mut self, blacklisted_ciphers: &[CipherSuite], ) -> &mut Self

Set a blacklist of disabled ciphers. Blacklisted ciphers will be disabled.

pub fn identity( &mut self, identity: &SecIdentity, chain: &[SecCertificate], ) -> &mut Self

Use the specified identity as a SSL/TLS client certificate.

pub fn protocol_min(&mut self, min: SslProtocol) -> &mut Self

Configure the minimum protocol that this client will support.

pub fn protocol_max(&mut self, max: SslProtocol) -> &mut Self

Configure the minimum protocol that this client will support.

pub fn alpn_protocols(&mut self, protocols: &[&str]) -> &mut Self

Configures the set of protocols used for ALPN.

pub fn enable_session_tickets(&mut self, enable: bool) -> &mut Self

Configures the use of the RFC 5077 SessionTicket extension.

Defaults to false.

pub fn handshake<S>( &self, domain: &str, stream: S, ) -> Result<SslStream<S>, ClientHandshakeError<S>>

where S: Read + Write,

Initiates a new SSL/TLS session over a stream connected to the specified domain.

If both SNI and hostname verification are disabled, the value of domain will be ignored.

Trait Implementations

impl Debug for ClientBuilder

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ClientBuilder

fn default() -> Self

Returns the “default value” for a type.