mssql-tls 0.7.0

TLS negotiation for SQL Server connections (TDS 7.x and 8.0)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

//! TLS-related error types.

use thiserror::Error;

/// Errors that can occur during TLS operations.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum TlsError {
    /// TLS handshake failed.
    #[error("TLS handshake failed: {0}")]
    HandshakeFailed(String),

    /// Certificate validation failed.
    #[error("certificate validation failed: {0}")]
    CertificateValidation(String),

    /// Hostname verification failed.
    #[error("hostname verification failed: expected {expected}, got {actual}")]
    HostnameVerification {
        /// Expected hostname.
        expected: String,
        /// Actual hostname from certificate.
        actual: String,
    },

    /// Invalid certificate format.
    #[error("invalid certificate: {0}")]
    InvalidCertificate(String),

    /// Invalid private key format.
    #[error("invalid private key: {0}")]
    InvalidPrivateKey(String),

    /// TLS configuration error.
    #[error("TLS configuration error: {0}")]
    Configuration(String),

    /// IO error during TLS operations.
    #[error("IO error: {0}")]
    Io(#[from] std::io::Error),

    /// Rustls error.
    #[error("rustls error: {0}")]
    Rustls(#[from] rustls::Error),

    /// Server requires encryption but client disabled it.
    #[error("server requires encryption")]
    EncryptionRequired,

    /// Client requires encryption but server doesn't support it.
    #[error("server does not support encryption")]
    EncryptionNotSupported,

    /// TDS 8.0 strict mode is required but not supported.
    #[error("TDS 8.0 strict mode required")]
    StrictModeRequired,

    /// Connection closed during TLS negotiation.
    #[error("connection closed during TLS negotiation")]
    ConnectionClosed,
}

impl TlsError {
    /// Check if this error is transient and may succeed on retry.
    ///
    /// IO errors and connection closures are transient. Certificate and
    /// configuration errors are terminal.
    #[must_use]
    pub fn is_transient(&self) -> bool {
        matches!(self, Self::Io(_) | Self::ConnectionClosed)
    }

    /// Check if this error is terminal and will never succeed on retry.
    ///
    /// Certificate validation failures, configuration errors, and encryption
    /// mode mismatches are permanent.
    #[must_use]
    pub fn is_terminal(&self) -> bool {
        !self.is_transient()
    }
}