Struct security_framework::secure_transport::SslContext

source ·
pub struct SslContext(/* private fields */);
Expand description

A Secure Transport SSL/TLS context object.

Implementations§

source§

impl SslContext

source

pub fn new(side: SslProtocolSide, type_: SslConnectionType) -> Result<Self>

Creates a new SslContext for the specified side and type of SSL connection.

source

pub fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()>

Sets the fully qualified domain name of the peer.

This will be used on the client side of a session to validate the common name field of the server’s certificate. It has no effect if called on a server-side SslContext.

It is highly recommended to call this method before starting the handshake process.

source

pub fn peer_domain_name(&self) -> Result<String>

Returns the peer domain name set by set_peer_domain_name.

source

pub fn set_certificate( &mut self, identity: &SecIdentity, certs: &[SecCertificate], ) -> Result<()>

Sets the certificate to be used by this side of the SSL session.

This must be called before the handshake for server-side connections, and can be used on the client-side to specify a client certificate.

The identity corresponds to the leaf certificate and private key, and the certs correspond to extra certificates in the chain.

source

pub fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()>

Sets the peer ID of this session.

A peer ID is an opaque sequence of bytes that will be used by Secure Transport to identify the peer of an SSL session. If the peer ID of this session matches that of a previously terminated session, the previous session can be resumed without requiring a full handshake.

source

pub fn peer_id(&self) -> Result<Option<&[u8]>>

Returns the peer ID of this session.

source

pub fn supported_ciphers(&self) -> Result<Vec<CipherSuite>>

Returns the list of ciphers that are supported by Secure Transport.

source

pub fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>>

Returns the list of ciphers that are eligible to be used for negotiation.

source

pub fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result<()>

Sets the list of ciphers that are eligible to be used for negotiation.

source

pub fn negotiated_cipher(&self) -> Result<CipherSuite>

Returns the cipher being used by the session.

source

pub fn set_client_side_authenticate( &mut self, auth: SslAuthenticate, ) -> Result<()>

Sets the requirements for client certificates.

Should only be called on server-side sessions.

source

pub fn client_certificate_state(&self) -> Result<SslClientCertificateState>

Returns the state of client certificate processing.

source

pub fn peer_trust2(&self) -> Result<Option<SecTrust>>

Returns the SecTrust object corresponding to the peer.

This can be used in conjunction with set_break_on_server_auth to validate certificates which do not have roots in the default set.

source

pub fn state(&self) -> Result<SessionState>

Returns the state of the session.

source

pub fn negotiated_protocol_version(&self) -> Result<SslProtocol>

Returns the protocol version being used by the session.

source

pub fn protocol_version_max(&self) -> Result<SslProtocol>

Returns the maximum protocol version allowed by the session.

source

pub fn set_protocol_version_max( &mut self, max_version: SslProtocol, ) -> Result<()>

Sets the maximum protocol version allowed by the session.

source

pub fn protocol_version_min(&self) -> Result<SslProtocol>

Returns the minimum protocol version allowed by the session.

source

pub fn set_protocol_version_min( &mut self, min_version: SslProtocol, ) -> Result<()>

Sets the minimum protocol version allowed by the session.

source

pub fn alpn_protocols(&self) -> Result<Vec<String>>

Returns the set of protocols selected via ALPN if it succeeded.

source

pub fn set_alpn_protocols(&mut self, protocols: &[&str]) -> Result<()>

Configures the set of protocols use for ALPN.

This is only used for client-side connections.

source

pub fn set_session_tickets_enabled(&mut self, enabled: bool) -> Result<()>

Sets whether the client sends the SessionTicket extension in its ClientHello.

On its own, this will just cause the client to send an empty SessionTicket extension on every connection. SslContext::set_peer_id must also be used to key the session ticket returned by the server.

source

pub fn set_protocol_version_enabled( &mut self, protocol: SslProtocol, enabled: bool, ) -> Result<()>

👎Deprecated: use set_protocol_version_max

Sets whether a protocol is enabled or not.

§Note

On OSX this is a deprecated API in favor of set_protocol_version_max and set_protocol_version_min, although if you’re working with OSX 10.8 or before you may have to use this API instead.

source

pub fn buffered_read_size(&self) -> Result<usize>

Returns the number of bytes which can be read without triggering a read call in the underlying stream.

source

pub fn set_break_on_server_auth(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return instead of automatically validating a server’s certificate.

source

pub fn break_on_server_auth(&self) -> Result<bool>

If enabled, the handshake process will pause and return instead of automatically validating a server’s certificate.

source

pub fn set_break_on_cert_requested(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return after the server requests a certificate from the client.

source

pub fn break_on_cert_requested(&self) -> Result<bool>

If enabled, the handshake process will pause and return after the server requests a certificate from the client.

source

pub fn set_break_on_client_auth(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return instead of automatically validating a client’s certificate.

source

pub fn break_on_client_auth(&self) -> Result<bool>

If enabled, the handshake process will pause and return instead of automatically validating a client’s certificate.

source

pub fn set_false_start(&mut self, value: bool) -> Result<()>

If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.

source

pub fn false_start(&self) -> Result<bool>

If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.

source

pub fn set_send_one_byte_record(&mut self, value: bool) -> Result<()>

If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.

source

pub fn send_one_byte_record(&self) -> Result<bool>

If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.

source

pub fn handshake<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write,

Performs the SSL/TLS handshake.

Trait Implementations§

source§

impl Clone for SslContext

source§

fn clone(&self) -> SslContext

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for SslContext

source§

fn fmt(&self, fmt: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Drop for SslContext

source§

fn drop(&mut self)

Executes the destructor for this type. Read more
source§

impl PartialEq for SslContext

source§

fn eq(&self, other: &SslContext) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl SslContextExt for SslContext

source§

fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>

Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange.
source§

fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>

Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL. Read more
source§

fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>

Returns the certificate authorities used to validate client certificates.
source§

fn set_certificate_authorities( &mut self, certs: &[SecCertificate], ) -> Result<()>

Sets the certificate authorities used to validate client certificates, replacing any that are already present.
source§

fn add_certificate_authorities( &mut self, certs: &[SecCertificate], ) -> Result<()>

Adds certificate authorities used to validate client certificates.
source§

fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>

If enabled, server identity changes are allowed during renegotiation. Read more
source§

fn allow_server_identity_change(&self) -> Result<bool>

If enabled, server identity changes are allowed during renegotiation. Read more
source§

fn set_fallback(&mut self, value: bool) -> Result<()>

If enabled, fallback countermeasures will be used during negotiation. Read more
source§

fn fallback(&self) -> Result<bool>

If enabled, fallback countermeasures will be used during negotiation. Read more
source§

fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification. Read more
source§

fn break_on_client_hello(&self) -> Result<bool>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification. Read more
source§

impl TCFType for SslContext

§

type Ref = *mut SSLContext

The reference type wrapped inside this type.
source§

fn as_concrete_TypeRef(&self) -> SSLContextRef

Returns the object as its concrete TypeRef.
source§

unsafe fn wrap_under_get_rule(reference: SSLContextRef) -> Self

Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation’s “Get Rule”. The reference count is bumped.
source§

fn as_CFTypeRef(&self) -> CFTypeRef

Returns the object as a raw CFTypeRef. The reference count is not adjusted.
source§

unsafe fn wrap_under_create_rule(reference: SSLContextRef) -> Self

Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation’s “Create Rule”. The reference count is not bumped.
source§

fn type_id() -> CFTypeID

Returns the type ID for this class.
source§

fn as_CFType(&self) -> CFType

Returns the object as a wrapped CFType. The reference count is incremented by one.
source§

fn into_CFType(self) -> CFType
where Self: Sized,

Returns the object as a wrapped CFType. Consumes self and avoids changing the reference count.
source§

fn retain_count(&self) -> isize

Returns the reference count of the object. It is unwise to do anything other than test whether the return value of this method is greater than zero.
source§

fn type_of(&self) -> usize

Returns the type ID of this object.
source§

fn show(&self)

Writes a debugging version of this object on standard error.
source§

fn instance_of<OtherCFType>(&self) -> bool
where OtherCFType: TCFType,

Returns true if this value is an instance of another type.
source§

impl<'a> ToVoid<SslContext> for &'a SslContext

source§

impl ToVoid<SslContext> for SSLContextRef

source§

impl ToVoid<SslContext> for SslContext

source§

impl ConcreteCFType for SslContext

source§

impl Eq for SslContext

source§

impl Send for SslContext

source§

impl Sync for SslContext

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> FromMutVoid for T
where T: TCFType,

source§

unsafe fn from_mut_void<'a>(x: *mut c_void) -> ItemMutRef<'a, T>

source§

impl<T> FromVoid for T
where T: TCFType,

source§

unsafe fn from_void<'a>(x: *const c_void) -> ItemRef<'a, T>

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.