Module ssl
Expand description
SSL/TLS support.
SslConnector
and SslAcceptor
should be used in most cases - they handle
configuration of the OpenSSL primitives for you.
§Examples
To connect as a client to a remote server:
use boring::ssl::{SslMethod, SslConnector};
use std::io::{Read, Write};
use std::net::TcpStream;
let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();
let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = connector.connect("google.com", stream).unwrap();
stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut res = vec![];
stream.read_to_end(&mut res).unwrap();
println!("{}", String::from_utf8_lossy(&res));
To accept connections as a server from remote clients:
use boring::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype};
use std::net::{TcpListener, TcpStream};
use std::sync::Arc;
use std::thread;
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
acceptor.set_private_key_file("key.pem", SslFiletype::PEM).unwrap();
acceptor.set_certificate_chain_file("certs.pem").unwrap();
acceptor.check_private_key().unwrap();
let acceptor = Arc::new(acceptor.build());
let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
fn handle_client(stream: SslStream<TcpStream>) {
// ...
}
for stream in listener.incoming() {
match stream {
Ok(stream) => {
let acceptor = acceptor.clone();
thread::spawn(move || {
let stream = acceptor.accept(stream).unwrap();
handle_client(stream);
});
}
Err(e) => { /* connection failed */ }
}
}
Structs§
- An error returned from an ALPN selection callback.
- A fatal error to be returned from async private key methods.
- A fatal error to be returned from async select certificate callbacks.
- Information about the state of a cipher.
- A compliance policy.
- A type which allows for configuration of a client-side TLS session before connection.
- An SSL error.
- An error code returned from SSL functions.
- Extension types, to be used with
ClientHello::get_extension
. - Error returned by the callback to get a session when operation could not complete and should be retried later.
- An SSL stream midway through the handshake process.
- An identifier of a session name type.
- An error returned from a private key method.
- An error returned from a certificate selection callback.
- The shutdown state of a session.
- An error returned from the SNI callback.
- The state of an SSL/TLS session.
- A type which wraps server-side streams in a TLS session.
- A builder for
SslAcceptor
s. - An SSL/TLS alert.
- Information about a cipher.
- Reference to an
SslCipher
. - A type which wraps client-side streams in a TLS session.
- A builder for
SslConnector
s. - A context object for TLS streams.
- A builder for
SslContext
s. - A borrowed reference to a
SslContext
. - A TLS Curve.
- An identifier of the format of a certificate or key file.
- Options controlling the behavior of the info callback.
- A type specifying the kind of protocol an
SslContext
will speak. - Options controlling the behavior of an
SslContext
. - Options controlling the behavior of an
SslContext
. - A borrowed reference to a
Ssl
. - An encoded SSL session.
- Options controlling the behavior of session caching.
- A borrowed reference to a
SslSession
. - A signature verification algorithm.
- A TLS session over a stream.
- A partially constructed
SslStream
, useful for unusual handshakes. - Options controlling the behavior of certificate verification.
- An SSL/TLS protocol version.
- An identifier of a certificate status type.
Enums§
- An error or intermediate state after a TLS handshake attempt.
- The result of a shutdown request.
- The
value
argument to an info callback. The most-significant byte is the alert level, while the least significant byte is the alert itself.
Traits§
- Describes async private key hooks. This is used to off-load signing operations to a custom, potentially asynchronous, backend. Metadata about the key such as the type and size are parsed out of the certificate.
- Describes private key hooks. This is used to off-load signing operations to a custom, potentially asynchronous, backend. Metadata about the key such as the type and size are parsed out of the certificate.
Functions§
- A standard implementation of protocol selection for Application Layer Protocol Negotiation (ALPN).
Type Aliases§
- The type of callbacks returned by
BoxCustomVerifyFuture
methods. - The type of futures to pass to [
SslContextBuilderExt::set_async_custom_verify_callback
]. - The type of callbacks returned by
BoxSelectCertFuture
methods. - The type of futures to pass to [
SslContextBuilderExt::set_async_get_session_callback
]. - The type of callbacks returned by
BoxPrivateKeyMethodFuture
. - The type of futures returned by
AsyncPrivateKeyMethod
methods. - The type of callbacks returned by
BoxSelectCertFuture
methods. - The type of futures to pass to [
SslContextBuilderExt::set_async_select_certificate_callback
]. - Convenience alias for futures stored in
Ssl
ex data by [SslContextBuilderExt
] methods.