Struct trust_dns_openssl::TlsStreamBuilder

pub struct TlsStreamBuilder<S> { /* fields omitted */ }

A builder for the TlsStream

Implementations

impl<S> TlsStreamBuilder<S> where
    S: Connect, 

pub fn new() -> TlsStreamBuilder<S>

A builder for associating trust information to the TlsStream.

pub fn add_ca(&mut self, ca: X509)

Add a custom trusted peer certificate or certificate authority.

If this is the ‘client’ then the ‘server’ must have it associated as it’s identity, or have had the identity signed by this

pub fn build(
    self,
    name_server: SocketAddr,
    dns_name: String
) -> (Pin<Box<dyn Future<Output = Result<TcpStream<AsyncIoTokioAsStd<SslStream<AsyncIoStdAsTokio<S>>>>, Error>> + Send + 'static, Global>>, BufDnsStreamHandle)

Creates a new TlsStream to the specified name_server

RFC 7858, DNS over TLS, May 2016

3.2.  TLS Handshake and Authentication

  Once the DNS client succeeds in connecting via TCP on the well-known
  port for DNS over TLS, it proceeds with the TLS handshake [RFC5246],
  following the best practices specified in [BCP195].

  The client will then authenticate the server, if required.  This
  document does not propose new ideas for authentication.  Depending on
  the privacy profile in use (Section 4), the DNS client may choose not
  to require authentication of the server, or it may make use of a
  trusted Subject Public Key Info (SPKI) Fingerprint pin set.

  After TLS negotiation completes, the connection will be encrypted and
  is now protected from eavesdropping.

Arguments

• name_server - IP and Port for the remote DNS resolver
• dns_name - The DNS name, Subject Public Key Info (SPKI) name, as associated to a certificate

Trait Implementations

impl<S> Default for TlsStreamBuilder<S> where
    S: Default, 

pub fn default() -> TlsStreamBuilder<S>

Returns the “default value” for a type.