Struct security_framework::secure_transport::SslContext
[−]
[src]
pub struct SslContext(_);
A Secure Transport SSL/TLS context object.
SslContext implements TCFType if the OSX_10_8 (or greater) feature is
enabled.
Methods
impl SslContext[src]
fn new(side: ProtocolSide, type_: ConnectionType) -> Result<SslContext>
Creates a new SslContext for the specified side and type of SSL
connection.
fn set_peer_domain_name(&mut self, peer_name: &str) -> Result<()>
Sets the fully qualified domain name of the peer.
This will be used on the client side of a session to validate the
common name field of the server's certificate. It has no effect if
called on a server-side SslContext.
It is highly recommended to call this method before starting the handshake process.
fn peer_domain_name(&self) -> Result<String>
Returns the peer domain name set by set_peer_domain_name.
fn set_certificate(&mut self,
identity: &SecIdentity,
certs: &[SecCertificate])
-> Result<()>
identity: &SecIdentity,
certs: &[SecCertificate])
-> Result<()>
Sets the certificate to be used by this side of the SSL session.
This must be called before the handshake for server-side connections, and can be used on the client-side to specify a client certificate.
The identity corresponds to the leaf certificate and private
key, and the certs correspond to extra certificates in the chain.
fn set_peer_id(&mut self, peer_id: &[u8]) -> Result<()>
Sets the peer ID of this session.
A peer ID is an opaque sequence of bytes that will be used by Secure Transport to identify the peer of an SSL session. If the peer ID of this session matches that of a previously terminated session, the previous session can be resumed without requiring a full handshake.
fn peer_id(&self) -> Result<Option<&[u8]>>
Returns the peer ID of this session.
fn supported_ciphers(&self) -> Result<Vec<CipherSuite>>
Returns the list of ciphers that are supported by Secure Transport.
fn enabled_ciphers(&self) -> Result<Vec<CipherSuite>>
Returns the list of ciphers that are eligible to be used for negotiation.
fn set_enabled_ciphers(&mut self, ciphers: &[CipherSuite]) -> Result<()>
Sets the list of ciphers that are eligible to be used for negotiation.
fn negotiated_cipher(&self) -> Result<CipherSuite>
Returns the cipher being used by the session.
fn set_client_side_authenticate(&mut self, auth: SslAuthenticate) -> Result<()>
Sets the requirements for client certificates.
Should only be called on server-side sessions.
fn client_certificate_state(&self) -> Result<SslClientCertificateState>
Returns the state of client certificate processing.
fn peer_trust(&self) -> Result<SecTrust>
Returns the SecTrust object corresponding to the peer.
This can be used in conjunction with set_break_on_server_auth to
validate certificates which do not have roots in the default set.
fn state(&self) -> Result<SessionState>
Returns the state of the session.
fn negotiated_protocol_version(&self) -> Result<SslProtocol>
Returns the protocol version being used by the session.
fn protocol_version_max(&self) -> Result<SslProtocol>
Returns the maximum protocol version allowed by the session.
Requires the OSX_10_8 (or greater) feature.
fn set_protocol_version_max(&mut self, max_version: SslProtocol) -> Result<()>
Sets the maximum protocol version allowed by the session.
Requires the OSX_10_8 (or greater) feature.
fn protocol_version_min(&self) -> Result<SslProtocol>
Returns the minimum protocol version allowed by the session.
Requires the OSX_10_8 (or greater) feature.
fn set_protocol_version_min(&mut self, min_version: SslProtocol) -> Result<()>
Sets the minimum protocol version allowed by the session.
Requires the OSX_10_8 (or greater) feature.
fn set_protocol_version_enabled(&mut self,
protocol: SslProtocol,
enabled: bool)
-> Result<()>
protocol: SslProtocol,
enabled: bool)
-> Result<()>
Sets whether a protocol is enabled or not.
Note that on OSX this is a deprecated API in favor of
set_protocol_version_max and set_protocol_version_min, although if
you're working with OSX 10.8 or before you may have to use this API
instead.
fn buffered_read_size(&self) -> Result<usize>
Returns the number of bytes which can be read without triggering a
read call in the underlying stream.
fn set_break_on_server_auth(&mut self, value: bool) -> Result<()>
If enabled, the handshake process will pause and return instead of automatically validating a server's certificate.
fn break_on_server_auth(&self) -> Result<bool>
If enabled, the handshake process will pause and return instead of automatically validating a server's certificate.
fn set_break_on_cert_requested(&mut self, value: bool) -> Result<()>
If enabled, the handshake process will pause and return after the server requests a certificate from the client.
fn break_on_cert_requested(&self) -> Result<bool>
If enabled, the handshake process will pause and return after the server requests a certificate from the client.
fn set_break_on_client_auth(&mut self, value: bool) -> Result<()>
If enabled, the handshake process will pause and return instead of automatically validating a client's certificate.
Requires the OSX_10_8 (or greater) feature.
fn break_on_client_auth(&self) -> Result<bool>
If enabled, the handshake process will pause and return instead of automatically validating a client's certificate.
Requires the OSX_10_8 (or greater) feature.
fn handshake<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> where S: Read + Write
Performs the SSL/TLS handshake.
Trait Implementations
impl SslContextExt for SslContext[src]
fn diffie_hellman_params(&self) -> Result<Option<&[u8]>>
Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange. Read more
fn set_diffie_hellman_params(&mut self, dh_params: &[u8]) -> Result<()>
Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL. Read more
Returns the certificate authorities used to validate client certificates. Read more
Sets the certificate authorities used to validate client certificates, replacing any that are already present. Read more
Adds certificate authorities used to validate client certificates.
impl Drop for SslContext[src]
impl TCFType<SSLContextRef> for SslContext
fn as_concrete_TypeRef(&self) -> SSLContextRef
Returns the object as its concrete TypeRef.
unsafe fn wrap_under_get_rule(reference: SSLContextRef) -> SslContext
Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation's "Get Rule". The reference count is bumped. Read more
fn as_CFTypeRef(&self) -> CFTypeRef
Returns the object as a raw CFTypeRef. The reference count is not adjusted.
unsafe fn wrap_under_create_rule(obj: SSLContextRef) -> SslContext
Returns an instance of the object, wrapping the underlying CFTypeRef subclass. Use this when following Core Foundation's "Create Rule". The reference count is not bumped. Read more
fn type_id() -> CFTypeID
Returns the type ID for this class.
fn as_CFType(&self) -> CFType
Returns the object as a wrapped CFType. The reference count is incremented by one.
fn retain_count(&self) -> i64
Returns the reference count of the object. It is unwise to do anything other than test whether the return value of this method is greater than zero. Read more
fn type_of(&self) -> u64
Returns the type ID of this object.
fn show(&self)
Writes a debugging version of this object on standard error.
fn instance_of<OtherConcreteTypeRef, OtherCFType>(&self) -> bool where OtherCFType: TCFType<OtherConcreteTypeRef>
Returns true if this value is an instance of another type.