security_framework::os::macos::secure_transport

Trait SslContextExt

Source 
pub trait SslContextExt {
    // Required methods
    fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>;
    fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>;
    fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>;
    fn set_certificate_authorities(
        &mut self,
        certs: &[SecCertificate],
    ) -> Result<()>;
    fn add_certificate_authorities(
        &mut self,
        certs: &[SecCertificate],
    ) -> Result<()>;
    fn allow_server_identity_change(&self) -> Result<bool>;
    fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>;
    fn fallback(&self) -> Result<bool>;
    fn set_fallback(&mut self, value: bool) -> Result<()>;
    fn break_on_client_hello(&self) -> Result<bool>;
    fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>;
}
Expand description

An extension trait adding OSX specific functionality to the SslContext type.

Required Methodsยง

Source

fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>

Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange.

Source

fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>

Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL.

If a cipher suite which uses Diffie-Hellman key exchange is selected, parameters will automatically be generated if none are provided with this method, but this process can take up to 30 seconds.

This can only be called on server-side sessions.

Source

fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>

Returns the certificate authorities used to validate client certificates.

Source

fn set_certificate_authorities( &mut self, certs: &[SecCertificate], ) -> Result<()>

Sets the certificate authorities used to validate client certificates, replacing any that are already present.

Source

fn add_certificate_authorities( &mut self, certs: &[SecCertificate], ) -> Result<()>

Adds certificate authorities used to validate client certificates.

Source

fn allow_server_identity_change(&self) -> Result<bool>

If enabled, server identity changes are allowed during renegotiation.

It is disabled by default to protect against triple handshake attacks.

Source

fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>

๐Ÿ‘ŽDeprecated: kSSLSessionOptionAllowServerIdentityChange is deprecated by Apple

If enabled, server identity changes are allowed during renegotiation.

It is disabled by default to protect against triple handshake attacks.

Source

fn fallback(&self) -> Result<bool>

If enabled, fallback countermeasures will be used during negotiation.

It should be enabled when renegotiating with a peer with a lower maximum protocol version due to an earlier failure to connect.

Source

fn set_fallback(&mut self, value: bool) -> Result<()>

๐Ÿ‘ŽDeprecated: kSSLSessionOptionFallback is deprecated by Apple

If enabled, fallback countermeasures will be used during negotiation.

It should be enabled when renegotiating with a peer with a lower maximum protocol version due to an earlier failure to connect.

Source

fn break_on_client_hello(&self) -> Result<bool>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification.

Source

fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>

๐Ÿ‘ŽDeprecated: kSSLSessionOptionBreakOnClientHello is deprecated by Apple

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification.

Implementorsยง