[−]Struct openssl::ssl::Ssl
The state of an SSL/TLS session.
Ssl
objects are created from an SslContext
, which provides configuration defaults.
These defaults can be overridden on a per-Ssl
basis, however.
Methods
impl Ssl
[src]
pub fn new_ex_index<T>() -> Result<Index<Ssl, T>, ErrorStack> where
T: 'static + Sync + Send,
[src]
T: 'static + Sync + Send,
Returns a new extra data index.
Each invocation of this function is guaranteed to return a distinct index. These can be used to store data in the context that can be retrieved later by callbacks, for example.
This corresponds to SSL_get_ex_new_index
.
pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack>
[src]
Creates a new Ssl
.
This corresponds to SSL_new
.
pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where
S: Read + Write,
[src]
S: Read + Write,
Initiates a client-side TLS handshake.
This corresponds to SSL_connect
.
Warning
OpenSSL's default configuration is insecure. It is highly recommended to use
SslConnector
rather than Ssl
directly, as it manages that configuration.
pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where
S: Read + Write,
[src]
S: Read + Write,
Initiates a server-side TLS handshake.
This corresponds to SSL_accept
.
Warning
OpenSSL's default configuration is insecure. It is highly recommended to use
SslAcceptor
rather than Ssl
directly, as it manages that configuration.
Methods from Deref<Target = SslRef>
pub fn set_verify(&mut self, mode: SslVerifyMode)
[src]
Like SslContextBuilder::set_verify
.
This corresponds to SSL_set_verify
.
pub fn verify_mode(&self) -> SslVerifyMode
[src]
Returns the verify mode that was set using set_verify
.
This corresponds to SSL_get_verify_mode
.
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F) where
F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
[src]
F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
Like SslContextBuilder::set_verify_callback
.
This corresponds to SSL_set_verify
.
pub fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack>
[src]
Like SslContextBuilder::set_tmp_dh
.
This corresponds to SSL_set_tmp_dh
.
pub fn set_tmp_dh_callback<F>(&mut self, callback: F) where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
[src]
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
Like SslContextBuilder::set_tmp_dh_callback
.
This corresponds to SSL_set_tmp_dh_callback
.
pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack>
[src]
Like SslContextBuilder::set_tmp_ecdh
.
This corresponds to SSL_set_tmp_ecdh
.
pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F) where
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
[src]
F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
Like SslContextBuilder::set_tmp_ecdh_callback
.
Requires OpenSSL 1.0.1 or 1.0.2.
This corresponds to SSL_set_tmp_ecdh_callback
.
pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack>
[src]
Like [SslContextBuilder::set_ecdh_auto
].
Requires OpenSSL 1.0.2.
This corresponds to SSL_set_ecdh_auto
.
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack>
[src]
Like SslContextBuilder::set_alpn_protos
.
Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
This corresponds to SSL_set_alpn_protos
.
pub fn current_cipher(&self) -> Option<&SslCipherRef>
[src]
Returns the current cipher if the session is active.
This corresponds to SSL_get_current_cipher
.
pub fn state_string(&self) -> &'static str
[src]
Returns a short string describing the state of the session.
This corresponds to SSL_state_string
.
pub fn state_string_long(&self) -> &'static str
[src]
Returns a longer string describing the state of the session.
This corresponds to SSL_state_string_long
.
pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack>
[src]
Sets the host name to be sent to the server for Server Name Indication (SNI).
It has no effect for a server-side connection.
This corresponds to SSL_set_tlsext_host_name
.
pub fn peer_certificate(&self) -> Option<X509>
[src]
Returns the peer's certificate, if present.
This corresponds to SSL_get_peer_certificate
.
pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>>
[src]
Returns the certificate chain of the peer, if present.
On the client side, the chain includes the leaf certificate, but on the server side it does not. Fun!
This corresponds to SSL_get_peer_cert_chain
.
pub fn certificate(&self) -> Option<&X509Ref>
[src]
Like SslContext::certificate
.
This corresponds to SSL_get_certificate
.
pub fn private_key(&self) -> Option<&PKeyRef<Private>>
[src]
Like SslContext::private_key
.
This corresponds to SSL_get_privatekey
.
pub fn version(&self) -> &str
[src]
renamed to version_str
pub fn version2(&self) -> Option<SslVersion>
[src]
Returns the protocol version of the session.
This corresponds to SSL_version
.
pub fn version_str(&self) -> &'static str
[src]
Returns a string describing the protocol version of the session.
This corresponds to SSL_get_version
.
pub fn selected_alpn_protocol(&self) -> Option<&[u8]>
[src]
Returns the protocol selected via Application Layer Protocol Negotiation (ALPN).
The protocol's name is returned is an opaque sequence of bytes. It is up to the client to interpret it.
Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
This corresponds to SSL_get0_alpn_selected
.
pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack>
[src]
Enables the DTLS extension "use_srtp" as defined in RFC5764.
This corresponds to SSL_set_tlsext_use_srtp
.
pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>>
[src]
Gets all SRTP profiles that are enabled for handshake via set_tlsext_use_srtp
DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
This corresponds to SSL_get_srtp_profiles
.
pub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef>
[src]
Gets the SRTP profile selected by handshake.
DTLS extension "use_srtp" as defined in RFC5764 has to be enabled.
This corresponds to SSL_get_selected_srtp_profile
.
pub fn pending(&self) -> usize
[src]
Returns the number of bytes remaining in the currently processed TLS record.
If this is greater than 0, the next call to read
will not call down to the underlying
stream.
This corresponds to SSL_pending
.
pub fn servername(&self, type_: NameType) -> Option<&str>
[src]
Returns the servername sent by the client via Server Name Indication (SNI).
It is only useful on the server side.
This corresponds to SSL_get_servername
.
Note
While the SNI specification requires that servernames be valid domain names (and therefore
ASCII), OpenSSL does not enforce this restriction. If the servername provided by the client
is not valid UTF-8, this function will return None
. The servername_raw
method returns
the raw bytes and does not have this restriction.
pub fn servername_raw(&self, type_: NameType) -> Option<&[u8]>
[src]
Returns the servername sent by the client via Server Name Indication (SNI).
It is only useful on the server side.
This corresponds to SSL_get_servername
.
Note
Unlike servername
, this method does not require the name be valid UTF-8.
pub fn set_ssl_context(&mut self, ctx: &SslContextRef) -> Result<(), ErrorStack>
[src]
Changes the context corresponding to the current connection.
It is most commonly used in the Server Name Indication (SNI) callback.
This corresponds to SSL_set_SSL_CTX
.
pub fn ssl_context(&self) -> &SslContextRef
[src]
Returns the context corresponding to the current connection.
This corresponds to SSL_get_SSL_CTX
.
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef
[src]
Returns a mutable reference to the X509 verification configuration.
Requires OpenSSL 1.0.2 or newer.
This corresponds to SSL_get0_param
.
pub fn verify_result(&self) -> X509VerifyResult
[src]
Returns the certificate verification result.
This corresponds to SSL_get_verify_result
.
pub fn session(&self) -> Option<&SslSessionRef>
[src]
Returns a shared reference to the SSL session.
This corresponds to SSL_get_session
.
pub fn export_keying_material(
&self,
out: &mut [u8],
label: &str,
context: Option<&[u8]>
) -> Result<(), ErrorStack>
[src]
&self,
out: &mut [u8],
label: &str,
context: Option<&[u8]>
) -> Result<(), ErrorStack>
Derives keying material for application use in accordance to RFC 5705.
This corresponds to SSL_export_keying_material
.
pub unsafe fn set_session(
&mut self,
session: &SslSessionRef
) -> Result<(), ErrorStack>
[src]
&mut self,
session: &SslSessionRef
) -> Result<(), ErrorStack>
Sets the session to be used.
This should be called before the handshake to attempt to reuse a previously established session. If the server is not willing to reuse the session, a new one will be transparently negotiated.
This corresponds to SSL_set_session
.
Safety
The caller of this method is responsible for ensuring that the session is associated
with the same SslContext
as this Ssl
.
pub fn session_reused(&self) -> bool
[src]
Determines if the session provided to set_session
was successfully reused.
This corresponds to SSL_session_reused
.
pub fn set_status_type(&mut self, type_: StatusType) -> Result<(), ErrorStack>
[src]
Sets the status response a client wishes the server to reply with.
This corresponds to SSL_set_tlsext_status_type
.
pub fn ocsp_status(&self) -> Option<&[u8]>
[src]
Returns the server's OCSP response, if present.
This corresponds to SSL_get_tlsext_status_ocsp_resp
.
pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack>
[src]
Sets the OCSP response to be returned to the client.
This corresponds to SSL_set_tlsext_status_ocsp_resp
.
pub fn is_server(&self) -> bool
[src]
Determines if this Ssl
is configured for server-side or client-side use.
This corresponds to SSL_is_server
.
pub fn set_ex_data<T>(&mut self, index: Index<Ssl, T>, data: T)
[src]
Sets the extra data at the specified index.
This can be used to provide data to callbacks registered with the context. Use the
Ssl::new_ex_index
method to create an Index
.
This corresponds to SSL_set_ex_data
.
pub fn ex_data<T>(&self, index: Index<Ssl, T>) -> Option<&T>
[src]
Returns a reference to the extra data at the specified index.
This corresponds to SSL_get_ex_data
.
pub fn ex_data_mut<T>(&mut self, index: Index<Ssl, T>) -> Option<&mut T>
[src]
Returns a mutable reference to the extra data at the specified index.
This corresponds to SSL_get_ex_data
.
pub fn finished(&self, buf: &mut [u8]) -> usize
[src]
Copies the contents of the last Finished message sent to the peer into the provided buffer.
The total size of the message is returned, so this can be used to determine the size of the buffer required.
This corresponds to SSL_get_finished
.
pub fn peer_finished(&self, buf: &mut [u8]) -> usize
[src]
Copies the contents of the last Finished message received from the peer into the provided buffer.
The total size of the message is returned, so this can be used to determine the size of the buffer required.
This corresponds to SSL_get_finished
.
Trait Implementations
impl AsRef<SslRef> for Ssl
impl Borrow<SslRef> for Ssl
impl Debug for Ssl
[src]
impl Deref for Ssl
impl DerefMut for Ssl
impl Drop for Ssl
fn drop(&mut self)
impl ForeignType for Ssl
type CType = SSL
The raw C type.
type Ref = SslRef
The type representing a reference to this type.
unsafe fn from_ptr(ptr: *mut SSL) -> Ssl
fn as_ptr(&self) -> *mut SSL
impl Send for Ssl
[src]
impl Sync for Ssl
[src]
Auto Trait Implementations
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,