Module rama::tls::boring::dep::boring::ssl

Expand description

SSL/TLS support.

SslConnector and SslAcceptor should be used in most cases - they handle configuration of the OpenSSL primitives for you.

§Examples

To connect as a client to a remote server:

use boring::ssl::{SslMethod, SslConnector};
use std::io::{Read, Write};
use std::net::TcpStream;

let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();

let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = connector.connect("google.com", stream).unwrap();

stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut res = vec![];
stream.read_to_end(&mut res).unwrap();
println!("{}", String::from_utf8_lossy(&res));

To accept connections as a server from remote clients:

use boring::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype};
use std::net::{TcpListener, TcpStream};
use std::sync::Arc;
use std::thread;


let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
acceptor.set_private_key_file("key.pem", SslFiletype::PEM).unwrap();
acceptor.set_certificate_chain_file("certs.pem").unwrap();
acceptor.check_private_key().unwrap();
let acceptor = Arc::new(acceptor.build());

let listener = TcpListener::bind("0.0.0.0:8443").unwrap();

fn handle_client(stream: SslStream<TcpStream>) {
    // ...
}

for stream in listener.incoming() {
    match stream {
        Ok(stream) => {
            let acceptor = acceptor.clone();
            thread::spawn(move || {
                let stream = acceptor.accept(stream).unwrap();
                handle_client(stream);
            });
        }
        Err(e) => { /* connection failed */ }
    }
}

Structs§

AlpnError
An error returned from an ALPN selection callback.
AsyncPrivateKeyMethodError
A fatal error to be returned from async private key methods.
AsyncSelectCertError
A fatal error to be returned from async select certificate callbacks.
CipherBits
Information about the state of a cipher.
ClientHello
CompliancePolicy
A compliance policy.
ConnectConfiguration
A type which allows for configuration of a client-side TLS session before connection.
Error
An SSL error.
ErrorCode
An error code returned from SSL functions.
ExtensionType
Extension types, to be used with ClientHello::get_extension.
GetSessionPendingError
Error returned by the callback to get a session when operation could not complete and should be retried later.
MidHandshakeSslStream
An SSL stream midway through the handshake process.
NameType
An identifier of a session name type.
PrivateKeyMethodError
An error returned from a private key method.
SelectCertError
An error returned from a certificate selection callback.
ShutdownState
The shutdown state of a session.
SniError
An error returned from the SNI callback.
Ssl
The state of an SSL/TLS session.
Ssl3AlertLevel
SslAcceptor
A type which wraps server-side streams in a TLS session.
SslAcceptorBuilder
A builder for SslAcceptors.
SslAlert
An SSL/TLS alert.
SslCipher
Information about a cipher.
SslCipherRef
Reference to an SslCipher.
SslConnector
A type which wraps client-side streams in a TLS session.
SslConnectorBuilder
A builder for SslConnectors.
SslContext
A context object for TLS streams.
SslContextBuilder
A builder for SslContexts.
SslContextRef
A borrowed reference to a SslContext.
SslCurve
A TLS Curve.
SslFiletype
An identifier of the format of a certificate or key file.
SslInfoCallbackAlert
SslInfoCallbackMode
Options controlling the behavior of the info callback.
SslMethod
A type specifying the kind of protocol an SslContext will speak.
SslMode
Options controlling the behavior of an SslContext.
SslOptions
Options controlling the behavior of an SslContext.
SslRef
A borrowed reference to a Ssl.
SslSession
An encoded SSL session.
SslSessionCacheMode
Options controlling the behavior of session caching.
SslSessionRef
A borrowed reference to a SslSession.
SslSignatureAlgorithm
A signature verification algorithm.
SslStream
A TLS session over a stream.
SslStreamBuilder
A partially constructed SslStream, useful for unusual handshakes.
SslVerifyMode
Options controlling the behavior of certificate verification.
SslVersion
An SSL/TLS protocol version.
StatusType
An identifier of a certificate status type.

Enums§

HandshakeError
An error or intermediate state after a TLS handshake attempt.
ShutdownResult
The result of a shutdown request.
SslInfoCallbackValue
The value argument to an info callback. The most-significant byte is the alert level, while the least significant byte is the alert itself.
SslVerifyError

Traits§

AsyncPrivateKeyMethod
Describes async private key hooks. This is used to off-load signing operations to a custom, potentially asynchronous, backend. Metadata about the key such as the type and size are parsed out of the certificate.
PrivateKeyMethod
Describes private key hooks. This is used to off-load signing operations to a custom, potentially asynchronous, backend. Metadata about the key such as the type and size are parsed out of the certificate.

Functions§

select_next_proto
A standard implementation of protocol selection for Application Layer Protocol Negotiation (ALPN).

Type Aliases§

BoxCustomVerifyFinish
The type of callbacks returned by BoxCustomVerifyFuture methods.
BoxCustomVerifyFuture
The type of futures to pass to [SslContextBuilderExt::set_async_custom_verify_callback].
BoxGetSessionFinish
The type of callbacks returned by BoxSelectCertFuture methods.
BoxGetSessionFuture
The type of futures to pass to [SslContextBuilderExt::set_async_get_session_callback].
BoxPrivateKeyMethodFinish
The type of callbacks returned by BoxPrivateKeyMethodFuture.
BoxPrivateKeyMethodFuture
The type of futures returned by AsyncPrivateKeyMethod methods.
BoxSelectCertFinish
The type of callbacks returned by BoxSelectCertFuture methods.
BoxSelectCertFuture
The type of futures to pass to [SslContextBuilderExt::set_async_select_certificate_callback].
ExDataFuture
Convenience alias for futures stored in Ssl ex data by [SslContextBuilderExt] methods.