Struct webrtc_dtls::config::Config

pub struct Config {

    pub certificates: Vec<Certificate>,
    pub cipher_suites: Vec<CipherSuiteId>,
    pub signature_schemes: Vec<SignatureScheme>,
    pub srtp_protection_profiles: Vec<SrtpProtectionProfile>,
    pub client_auth: ClientAuthType,
    pub extended_master_secret: ExtendedMasterSecretType,
    pub flight_interval: Duration,
    pub psk: Option<fn(_: &[u8]) -> Result<Vec<u8>, Error>>,
    pub psk_identity_hint: Option<Vec<u8>>,
    pub insecure_skip_verify: bool,
    pub insecure_hashes: bool,
    pub verify_peer_certificate: Option<fn(rawCerts: &[Vec<u8>], verifiedChains: &[Certificate]) -> Result<(), Error>>,
    pub roots_cas: RootCertStore,
    pub client_cert_verifier: Option<Arc<dyn ClientCertVerifier>>,
    pub server_name: String,
    pub mtu: usize,
    pub replay_protection_window: usize,
}

Config is used to configure a DTLS client or server. After a Config is passed to a DTLS function it must not be modified.

Fields

certificates: Vec<Certificate>

certificates contains certificate chain to present to the other side of the connection. Server MUST set this if psk is non-nil client SHOULD sets this so CertificateRequests can be handled if psk is non-nil

cipher_suites: Vec<CipherSuiteId>

cipher_suites is a list of supported cipher suites. If cipher_suites is nil, a default list is used

signature_schemes: Vec<SignatureScheme>

signature_schemes contains the signature and hash schemes that the peer requests to verify.

srtp_protection_profiles: Vec<SrtpProtectionProfile>

srtp_protection_profiles are the supported protection profiles Clients will send this via use_srtp and assert that the server properly responds Servers will assert that clients send one of these profiles and will respond as needed

client_auth: ClientAuthType

client_auth determines the server’s policy for TLS Client Authentication. The default is NoClientCert.

extended_master_secret: ExtendedMasterSecretType

extended_master_secret determines if the “Extended Master Secret” extension should be disabled, requested, or required (default requested).

flight_interval: Duration

flight_interval controls how often we send outbound handshake messages defaults to time.Second

psk: Option<fn(_: &[u8]) -> Result<Vec<u8>, Error>>

psk sets the pre-shared key used by this DTLS connection If psk is non-nil only psk cipher_suites will be used

psk_identity_hint: Option<Vec<u8>>

insecure_skip_verify: bool

insecure_skip_verify controls whether a client verifies the server’s certificate chain and host name. If insecure_skip_verify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.

insecure_hashes: bool

insecure_hashes allows the use of hashing algorithms that are known to be vulnerable.

verify_peer_certificate: Option<fn(rawCerts: &[Vec<u8>], verifiedChains: &[Certificate]) -> Result<(), Error>>

VerifyPeerCertificate, if not nil, is called after normal certificate verification by either a client or server. It receives the certificate provided by the peer and also a flag that tells if normal verification has succeeded. If it returns a non-nil error, the handshake is aborted and that error results.

If normal verification fails then the handshake will abort before considering this callback. If normal verification is disabled by setting insecure_skip_verify, or (for a server) when client_auth is RequestClientCert or RequireAnyClientCert, then this callback will be considered but the verifiedChains will always be nil.

roots_cas: RootCertStore

roots_cas defines the set of root certificate authorities that one peer uses when verifying the other peer’s certificates. If RootCAs is nil, TLS uses the host’s root CA set. Used by Client to verify server’s certificate

client_cert_verifier: Option<Arc<dyn ClientCertVerifier>>

client_cas defines the set of root certificate authorities that servers use if required to verify a client certificate by the policy in client_auth. Used by Server to verify client’s certificate

server_name: String

server_name is used to verify the hostname on the returned certificates unless insecure_skip_verify is given.

mtu: usize

mtu is the length at which handshake messages will be fragmented to fit within the maximum transmission unit (default is 1200 bytes)

replay_protection_window: usize

replay_protection_window is the size of the replay attack protection window. Duplication of the sequence number is checked in this window size. Packet with sequence number older than this value compared to the latest accepted packet will be discarded. (default is 64)

Trait Implementations

impl Clone for Config

fn clone(&self) -> Config

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for Config

fn default() -> Self

Returns the “default value” for a type.