[][src]Trait security_framework::os::macos::secure_transport::SslContextExt

pub trait SslContextExt {
    fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>;

    fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>;

    fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>;

    fn set_certificate_authorities(
        &mut self, 
        certs: &[SecCertificate]
    ) -> Result<()>;

    fn add_certificate_authorities(
        &mut self, 
        certs: &[SecCertificate]
    ) -> Result<()>;

    fn allow_server_identity_change(&self) -> Result<bool>;

    fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>;

    fn fallback(&self) -> Result<bool>;

    fn set_fallback(&mut self, value: bool) -> Result<()>;

    fn break_on_client_hello(&self) -> Result<bool>;

    fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>;
}

An extension trait adding OSX specific functionality to the SslContext type.

Required methods

fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>

Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange.

fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>

Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL.

If a cipher suite which uses Diffie-Hellman key exchange is selected, parameters will automatically be generated if none are provided with this method, but this process can take up to 30 seconds.

This can only be called on server-side sessions.

fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>

Returns the certificate authorities used to validate client certificates.

fn set_certificate_authorities(
    &mut self,
    certs: &[SecCertificate]
) -> Result<()>

Sets the certificate authorities used to validate client certificates, replacing any that are already present.

fn add_certificate_authorities(
    &mut self,
    certs: &[SecCertificate]
) -> Result<()>

Adds certificate authorities used to validate client certificates.

fn allow_server_identity_change(&self) -> Result<bool>

If enabled, server identity changes are allowed during renegotiation.

It is disabled by default to protect against triple handshake attacks.

Requires the OSX_10_11 (or greater) feature.

fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>

If enabled, server identity changes are allowed during renegotiation.

It is disabled by default to protect against triple handshake attacks.

Requires the OSX_10_11 (or greater) feature.

fn fallback(&self) -> Result<bool>

If enabled, fallback countermeasures will be used during negotiation.

It should be enabled when renegotiating with a peer with a lower maximum protocol version due to an earlier failure to connect.

Requires the OSX_10_10 (or greater) feature.

fn set_fallback(&mut self, value: bool) -> Result<()>

If enabled, fallback countermeasures will be used during negotiation.

It should be enabled when renegotiating with a peer with a lower maximum protocol version due to an earlier failure to connect.

Requires the OSX_10_10 (or greater) feature.

fn break_on_client_hello(&self) -> Result<bool>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification.

Requires the OSX_10_11 (or greater) feature.

fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification.

Requires the OSX_10_11 (or greater) feature.

Loading content...

Implementors

impl SslContextExt for SslContext[src]

Loading content...