Struct security_framework::secure_transport::SslContext

pub struct SslContext(_);

A Secure Transport SSL/TLS context object.

Methods

impl SslContext

pub fn new(
    side: SslProtocolSide,
    type_: SslConnectionType
) -> Result<SslContext>

Creates a new SslContext for the specified side and type of SSL connection.

pub fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()>

Sets the fully qualified domain name of the peer.

This will be used on the client side of a session to validate the common name field of the server's certificate. It has no effect if called on a server-side SslContext.

It is highly recommended to call this method before starting the handshake process.

pub fn peer_domain_name(&self) -> Result<String>

Returns the peer domain name set by set_peer_domain_name.

pub fn set_certificate(
    &mut self,
    identity: &SecIdentity,
    certs: &[SecCertificate]
) -> Result<()>

Sets the certificate to be used by this side of the SSL session.

This must be called before the handshake for server-side connections, and can be used on the client-side to specify a client certificate.

The identity corresponds to the leaf certificate and private key, and the certs correspond to extra certificates in the chain.

pub fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()>

Sets the peer ID of this session.

A peer ID is an opaque sequence of bytes that will be used by Secure Transport to identify the peer of an SSL session. If the peer ID of this session matches that of a previously terminated session, the previous session can be resumed without requiring a full handshake.

pub fn peer_id(&self) -> Result<Option<&[u8]>>

Returns the peer ID of this session.

pub fn supported_ciphers(&self) -> Result<Vec<CipherSuite>>

Returns the list of ciphers that are supported by Secure Transport.

pub fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>>

Returns the list of ciphers that are eligible to be used for negotiation.

pub fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result<()>

Sets the list of ciphers that are eligible to be used for negotiation.

pub fn negotiated_cipher(&self) -> Result<CipherSuite>

Returns the cipher being used by the session.

pub fn set_client_side_authenticate(
    &mut self,
    auth: SslAuthenticate
) -> Result<()>

Sets the requirements for client certificates.

Should only be called on server-side sessions.

pub fn client_certificate_state(&self) -> Result<SslClientCertificateState>

Returns the state of client certificate processing.

pub fn peer_trust2(&self) -> Result<Option<SecTrust>>

Returns the SecTrust object corresponding to the peer.

This can be used in conjunction with set_break_on_server_auth to validate certificates which do not have roots in the default set.

pub fn peer_trust(&self) -> Result<SecTrust>

Deprecated since 0.2.1:

use peer_trust2 instead

pub fn state(&self) -> Result<SessionState>

Returns the state of the session.

pub fn negotiated_protocol_version(&self) -> Result<SslProtocol>

Returns the protocol version being used by the session.

pub fn protocol_version_max(&self) -> Result<SslProtocol>

Returns the maximum protocol version allowed by the session.

pub fn set_protocol_version_max(
    &mut self,
    max_version: SslProtocol
) -> Result<()>

Sets the maximum protocol version allowed by the session.

pub fn protocol_version_min(&self) -> Result<SslProtocol>

Returns the minimum protocol version allowed by the session.

pub fn set_protocol_version_min(
    &mut self,
    min_version: SslProtocol
) -> Result<()>

Sets the minimum protocol version allowed by the session.

pub fn alpn_protocols(&self) -> Result<Vec<String>>

Returns the set of protocols selected via ALPN if it succeeded.

pub fn set_alpn_protocols(&mut self, protocols: &[&str]) -> Result<()>

Configures the set of protocols use for ALPN.

This is only used for client-side connections.

pub fn set_protocol_version_enabled(
    &mut self,
    protocol: SslProtocol,
    enabled: bool
) -> Result<()>

Sets whether a protocol is enabled or not.

Note

On OSX this is a deprecated API in favor of set_protocol_version_max and set_protocol_version_min, although if you're working with OSX 10.8 or before you may have to use this API instead.

pub fn buffered_read_size(&self) -> Result<usize>

Returns the number of bytes which can be read without triggering a read call in the underlying stream.

pub fn set_break_on_server_auth(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return instead of automatically validating a server's certificate.

pub fn break_on_server_auth(&self) -> Result<bool>

If enabled, the handshake process will pause and return instead of automatically validating a server's certificate.

pub fn set_break_on_cert_requested(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return after the server requests a certificate from the client.

pub fn break_on_cert_requested(&self) -> Result<bool>

If enabled, the handshake process will pause and return after the server requests a certificate from the client.

pub fn set_break_on_client_auth(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return instead of automatically validating a client's certificate.

pub fn break_on_client_auth(&self) -> Result<bool>

If enabled, the handshake process will pause and return instead of automatically validating a client's certificate.

pub fn set_false_start(&mut self, value: bool) -> Result<()>

If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.

Requires the OSX_10_9 (or greater) feature.

pub fn false_start(&self) -> Result<bool>

If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.

Requires the OSX_10_9 (or greater) feature.

pub fn set_send_one_byte_record(&mut self, value: bool) -> Result<()>

If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.

Requires the OSX_10_9 (or greater) feature.

pub fn send_one_byte_record(&self) -> Result<bool>

If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.

Requires the OSX_10_9 (or greater) feature.

pub fn handshake<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where
    S: Read + Write, 

Performs the SSL/TLS handshake.

Trait Implementations

impl SslContextExt for SslContext

fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>

Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange.

fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>

Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL.

fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>

Returns the certificate authorities used to validate client certificates.

fn set_certificate_authorities(
    &mut self,
    certs: &[SecCertificate]
) -> Result<()>

Sets the certificate authorities used to validate client certificates, replacing any that are already present.

fn add_certificate_authorities(
    &mut self,
    certs: &[SecCertificate]
) -> Result<()>

Adds certificate authorities used to validate client certificates.

fn set_allow_server_identity_change(&mut self, value: bool) -> Result<()>

If enabled, server identity changes are allowed during renegotiation.

fn allow_server_identity_change(&self) -> Result<bool>

If enabled, server identity changes are allowed during renegotiation.

fn set_fallback(&mut self, value: bool) -> Result<()>

If enabled, fallback countermeasures will be used during negotiation.

fn fallback(&self) -> Result<bool>

If enabled, fallback countermeasures will be used during negotiation.

fn set_break_on_client_hello(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification.

fn break_on_client_hello(&self) -> Result<bool>

If enabled, the handshake process will pause and return when the client hello is recieved to support server name identification.

impl Eq for SslContext

impl Send for SslContext

impl Sync for SslContext

impl PartialEq<SslContext> for SslContext

fn eq(&self, other: &SslContext) -> bool

This method tests for self and other values to be equal, and is used by ==.

#[must_use]

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Clone for SslContext

fn clone(&self) -> SslContext

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Drop for SslContext

fn drop(&mut self)

Executes the destructor for this type.

impl Debug for SslContext

fn fmt(&self, fmt: &mut Formatter) -> Result

Formats the value using the given formatter.

impl ConcreteCFType for SslContext

impl TCFType for SslContext

type Ref = SSLContextRef

The reference type wrapped inside this type.

fn as_concrete_TypeRef(&self) -> SSLContextRef

Returns the object as its concrete TypeRef.

unsafe fn wrap_under_get_rule(reference: SSLContextRef) -> Self

Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation's "Get Rule". The reference count is bumped.

fn as_CFTypeRef(&self) -> CFTypeRef

Returns the object as a raw CFTypeRef. The reference count is not adjusted.

unsafe fn wrap_under_create_rule(reference: SSLContextRef) -> Self

Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation's "Create Rule". The reference count is not bumped.

fn type_id() -> CFTypeID

Returns the type ID for this class.

fn as_CFType(&self) -> CFType

Returns the object as a wrapped CFType. The reference count is incremented by one.

fn into_CFType(self) -> CFType

Returns the object as a wrapped CFType. Consumes self and avoids changing the reference count.

fn retain_count(&self) -> i64

Returns the reference count of the object. It is unwise to do anything other than test whether the return value of this method is greater than zero.

fn type_of(&self) -> u64

Returns the type ID of this object.

fn show(&self)

Writes a debugging version of this object on standard error.

fn instance_of<OtherCFType>(&self) -> bool where
    OtherCFType: TCFType, 

Returns true if this value is an instance of another type.

impl<'a> ToVoid<SslContext> for &'a SslContext

fn to_void(&self) -> *const c_void

impl ToVoid<SslContext> for SslContext

fn to_void(&self) -> *const c_void

impl ToVoid<SslContext> for SSLContextRef

fn to_void(&self) -> *const c_void