Struct security_framework::secure_transport::SslContext

pub struct SslContext(_);

A Secure Transport SSL/TLS context object.

SslContext implements TCFType if the OSX_10_8 (or greater) feature is enabled.

Methods

impl SslContext

pub fn new(side: ProtocolSide, type_: ConnectionType) -> Result<SslContext>

Creates a new SslContext for the specified side and type of SSL connection.

pub fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()>

Sets the fully qualified domain name of the peer.

This will be used on the client side of a session to validate the common name field of the server's certificate. It has no effect if called on a server-side SslContext.

It is highly recommended to call this method before starting the handshake process.

pub fn peer_domain_name(&self) -> Result<String>

Returns the peer domain name set by set_peer_domain_name.

pub fn set_certificate(     &mut self,     identity: &SecIdentity,     certs: &[SecCertificate] ) -> Result<()>

Sets the certificate to be used by this side of the SSL session.

This must be called before the handshake for server-side connections, and can be used on the client-side to specify a client certificate.

The identity corresponds to the leaf certificate and private key, and the certs correspond to extra certificates in the chain.

pub fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()>

Sets the peer ID of this session.

A peer ID is an opaque sequence of bytes that will be used by Secure Transport to identify the peer of an SSL session. If the peer ID of this session matches that of a previously terminated session, the previous session can be resumed without requiring a full handshake.

pub fn peer_id(&self) -> Result<Option<&[u8]>>

Returns the peer ID of this session.

pub fn supported_ciphers(&self) -> Result<Vec<CipherSuite>>

Returns the list of ciphers that are supported by Secure Transport.

pub fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>>

Returns the list of ciphers that are eligible to be used for negotiation.

pub fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result<()>

Sets the list of ciphers that are eligible to be used for negotiation.

pub fn negotiated_cipher(&self) -> Result<CipherSuite>

Returns the cipher being used by the session.

pub fn set_client_side_authenticate(     &mut self,     auth: SslAuthenticate ) -> Result<()>

Sets the requirements for client certificates.

Should only be called on server-side sessions.

pub fn client_certificate_state(&self) -> Result<SslClientCertificateState>

Returns the state of client certificate processing.

pub fn peer_trust(&self) -> Result<SecTrust>

Returns the SecTrust object corresponding to the peer.

This can be used in conjunction with set_break_on_server_auth to validate certificates which do not have roots in the default set.

pub fn state(&self) -> Result<SessionState>

Returns the state of the session.

pub fn negotiated_protocol_version(&self) -> Result<SslProtocol>

Returns the protocol version being used by the session.

pub fn protocol_version_max(&self) -> Result<SslProtocol>

Returns the maximum protocol version allowed by the session.

Requires the OSX_10_8 (or greater) feature.

pub fn set_protocol_version_max(     &mut self,     max_version: SslProtocol ) -> Result<()>

Sets the maximum protocol version allowed by the session.

Requires the OSX_10_8 (or greater) feature.

pub fn protocol_version_min(&self) -> Result<SslProtocol>

Returns the minimum protocol version allowed by the session.

Requires the OSX_10_8 (or greater) feature.

pub fn set_protocol_version_min(     &mut self,     min_version: SslProtocol ) -> Result<()>

Sets the minimum protocol version allowed by the session.

Requires the OSX_10_8 (or greater) feature.

pub fn set_protocol_version_enabled(     &mut self,     protocol: SslProtocol,     enabled: bool ) -> Result<()>

Sets whether a protocol is enabled or not.

Note that on OSX this is a deprecated API in favor of set_protocol_version_max and set_protocol_version_min, although if you're working with OSX 10.8 or before you may have to use this API instead.

pub fn buffered_read_size(&self) -> Result<usize>

Returns the number of bytes which can be read without triggering a read call in the underlying stream.

pub fn set_break_on_server_auth(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return instead of automatically validating a server's certificate.

pub fn break_on_server_auth(&self) -> Result<bool>

If enabled, the handshake process will pause and return instead of automatically validating a server's certificate.

pub fn set_break_on_cert_requested(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return after the server requests a certificate from the client.

pub fn break_on_cert_requested(&self) -> Result<bool>

If enabled, the handshake process will pause and return after the server requests a certificate from the client.

pub fn set_break_on_client_auth(&mut self, value: bool) -> Result<()>

If enabled, the handshake process will pause and return instead of automatically validating a client's certificate.

Requires the OSX_10_8 (or greater) feature.

pub fn break_on_client_auth(&self) -> Result<bool>

If enabled, the handshake process will pause and return instead of automatically validating a client's certificate.

Requires the OSX_10_8 (or greater) feature.

pub fn handshake<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where     S: Read + Write,

Performs the SSL/TLS handshake.

Trait Implementations

impl SslContextExt for SslContext

fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>

Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange.

fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>

Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL.

fn certificate_authorities(&self) -> Result<Option<Vec<SecCertificate>>>

Returns the certificate authorities used to validate client certificates.

fn set_certificate_authorities(     &mut self,     certs: &[SecCertificate] ) -> Result<()>

Sets the certificate authorities used to validate client certificates, replacing any that are already present.

fn add_certificate_authorities(     &mut self,     certs: &[SecCertificate] ) -> Result<()>

Adds certificate authorities used to validate client certificates.

impl Drop for SslContext

fn drop(&mut self)

Executes the destructor for this type.

impl TCFType<SSLContextRef> for SslContext

fn as_concrete_TypeRef(&self) -> SSLContextRef

Returns the object as its concrete TypeRef.

unsafe fn wrap_under_get_rule(reference: SSLContextRef) -> SslContext

Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation's "Get Rule". The reference count is bumped.

fn as_CFTypeRef(&self) -> CFTypeRef

Returns the object as a raw CFTypeRef. The reference count is not adjusted.

unsafe fn wrap_under_create_rule(obj: SSLContextRef) -> SslContext

Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation's "Create Rule". The reference count is not bumped.

fn type_id() -> CFTypeID

Returns the type ID for this class.

fn as_CFType(&self) -> CFType

Returns the object as a wrapped CFType. The reference count is incremented by one.

fn retain_count(&self) -> i64

Returns the reference count of the object. It is unwise to do anything other than test whether the return value of this method is greater than zero.

fn type_of(&self) -> u64

Returns the type ID of this object.

fn show(&self)

Writes a debugging version of this object on standard error.

fn instance_of<OtherConcreteTypeRef, OtherCFType>(&self) -> bool where     OtherCFType: TCFType<OtherConcreteTypeRef>,

Returns true if this value is an instance of another type.

impl Debug for SslContext

fn fmt(&self, fmt: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Sync for SslContext

impl Send for SslContext