Struct security_framework::secure_transport::SslContext
source · pub struct SslContext(/* private fields */);
Expand description
A Secure Transport SSL/TLS context object.
Implementations§
source§impl SslContext
impl SslContext
sourcepub fn new(side: SslProtocolSide, type_: SslConnectionType) -> Result<Self>
pub fn new(side: SslProtocolSide, type_: SslConnectionType) -> Result<Self>
Creates a new SslContext
for the specified side and type of SSL
connection.
sourcepub fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()>
pub fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()>
Sets the fully qualified domain name of the peer.
This will be used on the client side of a session to validate the
common name field of the server’s certificate. It has no effect if
called on a server-side SslContext
.
It is highly recommended to call this method before starting the handshake process.
sourcepub fn peer_domain_name(&self) -> Result<String>
pub fn peer_domain_name(&self) -> Result<String>
Returns the peer domain name set by set_peer_domain_name
.
sourcepub fn set_certificate(
&mut self,
identity: &SecIdentity,
certs: &[SecCertificate],
) -> Result<()>
pub fn set_certificate( &mut self, identity: &SecIdentity, certs: &[SecCertificate], ) -> Result<()>
Sets the certificate to be used by this side of the SSL session.
This must be called before the handshake for server-side connections, and can be used on the client-side to specify a client certificate.
The identity
corresponds to the leaf certificate and private
key, and the certs
correspond to extra certificates in the chain.
sourcepub fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()>
pub fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()>
Sets the peer ID of this session.
A peer ID is an opaque sequence of bytes that will be used by Secure Transport to identify the peer of an SSL session. If the peer ID of this session matches that of a previously terminated session, the previous session can be resumed without requiring a full handshake.
sourcepub fn supported_ciphers(&self) -> Result<Vec<CipherSuite>>
pub fn supported_ciphers(&self) -> Result<Vec<CipherSuite>>
Returns the list of ciphers that are supported by Secure Transport.
sourcepub fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>>
pub fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>>
Returns the list of ciphers that are eligible to be used for negotiation.
sourcepub fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result<()>
pub fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result<()>
Sets the list of ciphers that are eligible to be used for negotiation.
sourcepub fn negotiated_cipher(&self) -> Result<CipherSuite>
pub fn negotiated_cipher(&self) -> Result<CipherSuite>
Returns the cipher being used by the session.
sourcepub fn set_client_side_authenticate(
&mut self,
auth: SslAuthenticate,
) -> Result<()>
pub fn set_client_side_authenticate( &mut self, auth: SslAuthenticate, ) -> Result<()>
Sets the requirements for client certificates.
Should only be called on server-side sessions.
sourcepub fn client_certificate_state(&self) -> Result<SslClientCertificateState>
pub fn client_certificate_state(&self) -> Result<SslClientCertificateState>
Returns the state of client certificate processing.
sourcepub fn peer_trust2(&self) -> Result<Option<SecTrust>>
pub fn peer_trust2(&self) -> Result<Option<SecTrust>>
Returns the SecTrust
object corresponding to the peer.
This can be used in conjunction with set_break_on_server_auth
to
validate certificates which do not have roots in the default set.
sourcepub fn state(&self) -> Result<SessionState>
pub fn state(&self) -> Result<SessionState>
Returns the state of the session.
sourcepub fn negotiated_protocol_version(&self) -> Result<SslProtocol>
pub fn negotiated_protocol_version(&self) -> Result<SslProtocol>
Returns the protocol version being used by the session.
sourcepub fn protocol_version_max(&self) -> Result<SslProtocol>
pub fn protocol_version_max(&self) -> Result<SslProtocol>
Returns the maximum protocol version allowed by the session.
sourcepub fn set_protocol_version_max(
&mut self,
max_version: SslProtocol,
) -> Result<()>
pub fn set_protocol_version_max( &mut self, max_version: SslProtocol, ) -> Result<()>
Sets the maximum protocol version allowed by the session.
sourcepub fn protocol_version_min(&self) -> Result<SslProtocol>
pub fn protocol_version_min(&self) -> Result<SslProtocol>
Returns the minimum protocol version allowed by the session.
sourcepub fn set_protocol_version_min(
&mut self,
min_version: SslProtocol,
) -> Result<()>
pub fn set_protocol_version_min( &mut self, min_version: SslProtocol, ) -> Result<()>
Sets the minimum protocol version allowed by the session.
sourcepub fn alpn_protocols(&self) -> Result<Vec<String>>
pub fn alpn_protocols(&self) -> Result<Vec<String>>
Returns the set of protocols selected via ALPN if it succeeded.
sourcepub fn set_alpn_protocols(&mut self, protocols: &[&str]) -> Result<()>
pub fn set_alpn_protocols(&mut self, protocols: &[&str]) -> Result<()>
Configures the set of protocols use for ALPN.
This is only used for client-side connections.
sourcepub fn set_session_tickets_enabled(&mut self, enabled: bool) -> Result<()>
pub fn set_session_tickets_enabled(&mut self, enabled: bool) -> Result<()>
Sets whether the client sends the SessionTicket
extension in its ClientHello
.
On its own, this will just cause the client to send an empty SessionTicket
extension on
every connection. SslContext::set_peer_id
must also be used to key the session
ticket returned by the server.
sourcepub fn set_protocol_version_enabled(
&mut self,
protocol: SslProtocol,
enabled: bool,
) -> Result<()>
👎Deprecated: use set_protocol_version_max
pub fn set_protocol_version_enabled( &mut self, protocol: SslProtocol, enabled: bool, ) -> Result<()>
set_protocol_version_max
Sets whether a protocol is enabled or not.
§Note
On OSX this is a deprecated API in favor of set_protocol_version_max
and
set_protocol_version_min
, although if you’re working with OSX 10.8 or before you may have
to use this API instead.
sourcepub fn buffered_read_size(&self) -> Result<usize>
pub fn buffered_read_size(&self) -> Result<usize>
Returns the number of bytes which can be read without triggering a
read
call in the underlying stream.
sourcepub fn set_break_on_server_auth(&mut self, value: bool) -> Result<()>
pub fn set_break_on_server_auth(&mut self, value: bool) -> Result<()>
If enabled, the handshake process will pause and return instead of automatically validating a server’s certificate.
sourcepub fn break_on_server_auth(&self) -> Result<bool>
pub fn break_on_server_auth(&self) -> Result<bool>
If enabled, the handshake process will pause and return instead of automatically validating a server’s certificate.
sourcepub fn set_break_on_cert_requested(&mut self, value: bool) -> Result<()>
pub fn set_break_on_cert_requested(&mut self, value: bool) -> Result<()>
If enabled, the handshake process will pause and return after the server requests a certificate from the client.
sourcepub fn break_on_cert_requested(&self) -> Result<bool>
pub fn break_on_cert_requested(&self) -> Result<bool>
If enabled, the handshake process will pause and return after the server requests a certificate from the client.
sourcepub fn set_break_on_client_auth(&mut self, value: bool) -> Result<()>
pub fn set_break_on_client_auth(&mut self, value: bool) -> Result<()>
If enabled, the handshake process will pause and return instead of automatically validating a client’s certificate.
sourcepub fn break_on_client_auth(&self) -> Result<bool>
pub fn break_on_client_auth(&self) -> Result<bool>
If enabled, the handshake process will pause and return instead of automatically validating a client’s certificate.
sourcepub fn set_false_start(&mut self, value: bool) -> Result<()>
pub fn set_false_start(&mut self, value: bool) -> Result<()>
If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.
sourcepub fn false_start(&self) -> Result<bool>
pub fn false_start(&self) -> Result<bool>
If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.
sourcepub fn set_send_one_byte_record(&mut self, value: bool) -> Result<()>
pub fn set_send_one_byte_record(&mut self, value: bool) -> Result<()>
If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.
sourcepub fn send_one_byte_record(&self) -> Result<bool>
pub fn send_one_byte_record(&self) -> Result<bool>
If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.
Trait Implementations§
source§impl Clone for SslContext
impl Clone for SslContext
source§fn clone(&self) -> SslContext
fn clone(&self) -> SslContext
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for SslContext
impl Debug for SslContext
source§impl Drop for SslContext
impl Drop for SslContext
source§impl PartialEq for SslContext
impl PartialEq for SslContext
source§fn eq(&self, other: &SslContext) -> bool
fn eq(&self, other: &SslContext) -> bool
self
and other
values to be equal, and is used
by ==
.source§impl SslContextExt for SslContext
impl SslContextExt for SslContext
source§fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>
fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>
source§fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>
fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>
source§fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>
fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>
source§fn allow_server_identity_change(&self) -> Result<bool>
fn allow_server_identity_change(&self) -> Result<bool>
source§fn set_fallback(&mut self, value: bool) -> Result<()>
fn set_fallback(&mut self, value: bool) -> Result<()>
source§fn fallback(&self) -> Result<bool>
fn fallback(&self) -> Result<bool>
source§impl TCFType for SslContext
impl TCFType for SslContext
§type Ref = *mut SSLContext
type Ref = *mut SSLContext
source§fn as_concrete_TypeRef(&self) -> SSLContextRef
fn as_concrete_TypeRef(&self) -> SSLContextRef
TypeRef
.source§unsafe fn wrap_under_get_rule(reference: SSLContextRef) -> Self
unsafe fn wrap_under_get_rule(reference: SSLContextRef) -> Self
CFTypeRef
subclass. Use this
when following Core Foundation’s “Get Rule”. The reference count is bumped.source§fn as_CFTypeRef(&self) -> CFTypeRef
fn as_CFTypeRef(&self) -> CFTypeRef
CFTypeRef
. The reference count is not adjusted.source§unsafe fn wrap_under_create_rule(reference: SSLContextRef) -> Self
unsafe fn wrap_under_create_rule(reference: SSLContextRef) -> Self
CFTypeRef
subclass. Use this
when following Core Foundation’s “Create Rule”. The reference count is not bumped.source§fn as_CFType(&self) -> CFType
fn as_CFType(&self) -> CFType
CFType
. The reference count is incremented by one.source§fn into_CFType(self) -> CFTypewhere
Self: Sized,
fn into_CFType(self) -> CFTypewhere
Self: Sized,
CFType
. Consumes self and avoids changing the reference
count.source§fn retain_count(&self) -> isize
fn retain_count(&self) -> isize
source§fn instance_of<OtherCFType>(&self) -> boolwhere
OtherCFType: TCFType,
fn instance_of<OtherCFType>(&self) -> boolwhere
OtherCFType: TCFType,
true
if this value is an instance of another type.source§impl<'a> ToVoid<SslContext> for &'a SslContext
impl<'a> ToVoid<SslContext> for &'a SslContext
source§impl ToVoid<SslContext> for SSLContextRef
impl ToVoid<SslContext> for SSLContextRef
source§impl ToVoid<SslContext> for SslContext
impl ToVoid<SslContext> for SslContext
impl ConcreteCFType for SslContext
impl Eq for SslContext
impl Send for SslContext
impl Sync for SslContext
Auto Trait Implementations§
impl Freeze for SslContext
impl RefUnwindSafe for SslContext
impl Unpin for SslContext
impl UnwindSafe for SslContext
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)