Struct openssl::ssl::SslConnectorBuilder
[−]
[src]
pub struct SslConnectorBuilder(_);
A builder for SslConnector
s.
Methods
impl SslConnectorBuilder
[src]
fn build(self) -> SslConnector
[src]
Consumes the builder, returning an SslConnector
.
Methods from Deref<Target = SslContextBuilder>
fn as_ptr(&self) -> *mut SSL_CTX
[src]
Returns a pointer to the raw OpenSSL value.
fn set_verify(&mut self, mode: SslVerifyMode)
[src]
Configures the certificate verification method for new connections.
This corresponds to SSL_CTX_set_verify
.
fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F) where
F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
[src]
F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send,
Configures the certificate verification method for new connections and registers a verification callback.
The callback is passed a boolean indicating if OpenSSL's internal verification succeeded as
well as a reference to the X509StoreContext
which can be used to examine the certificate
chain. It should return a boolean indicating if verification succeeded.
This corresponds to SSL_CTX_set_verify
.
fn set_servername_callback<F>(&mut self, callback: F) where
F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,
[src]
F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send,
Configures the server name indication (SNI) callback for new connections.
SNI is used to allow a single server to handle requests for multiple domains, each of which has its own certificate chain and configuration.
Obtain the server name with the servername
method and then set the corresponding context
with set_ssl_context
This corresponds to SSL_CTX_set_tlsext_servername_callback
.
fn set_verify_depth(&mut self, depth: u32)
[src]
Sets the certificate verification depth.
If the peer's certificate chain is longer than this value, verification will fail.
This corresponds to SSL_CTX_set_verify_depth
.
fn set_verify_cert_store(
&mut self,
cert_store: X509Store
) -> Result<(), ErrorStack>
[src]
&mut self,
cert_store: X509Store
) -> Result<(), ErrorStack>
Sets a custom certificate store for verifying peer certificates.
Requires the v102
feature and OpenSSL 1.0.2, or the v110
feature and OpenSSL 1.1.0.
This corresponds to SSL_CTX_set0_verify_cert_store
.
fn set_read_ahead(&mut self, read_ahead: bool)
[src]
Controls read ahead behavior.
If enabled, OpenSSL will read as much data as is available from the underlying stream, instead of a single record at a time.
It has no effect when used with DTLS.
This corresponds to SSL_CTX_set_read_ahead
.
fn set_mode(&mut self, mode: SslMode) -> SslMode
[src]
Sets the mode used by the context, returning the previous mode.
This corresponds to SSL_CTX_set_mode
.
fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack>
[src]
Sets the parameters to be used during ephemeral Diffie-Hellman key exchange.
This corresponds to SSL_CTX_set_tmp_dh
.
fn set_tmp_dh_callback<F>(&mut self, callback: F) where
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
[src]
F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send,
Sets the callback which will generate parameters to be used during ephemeral Diffie-Hellman key exchange.
The callback is provided with a reference to the Ssl
for the session, as well as a boolean
indicating if the selected cipher is export-grade, and the key length. The export and key
length options are archaic and should be ignored in almost all cases.
This corresponds to SSL_CTX_set_tmp_dh_callback
.
fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack>
[src]
Sets the parameters to be used during ephemeral elliptic curve Diffie-Hellman key exchange.
This corresponds to SSL_CTX_set_tmp_ecdh
.
fn set_default_verify_paths(&mut self) -> Result<(), ErrorStack>
[src]
Use the default locations of trusted certificates for verification.
These locations are read from the SSL_CERT_FILE
and SSL_CERT_DIR
environment variables
if present, or defaults specified at OpenSSL build time otherwise.
This corresponds to SSL_CTX_set_default_verify_paths
.
fn set_ca_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack>
[src]
Loads trusted root certificates from a file.
The file should contain a sequence of PEM-formatted CA certificates.
This corresponds to SSL_CTX_set_default_verify_file
.
fn set_client_ca_list(&mut self, list: Stack<X509Name>)
[src]
Sets the list of CA names sent to the client.
The CA certificates must still be added to the trust root - they are not automatically set as trusted by this method.
This corresponds to SSL_CTX_set_client_CA_list
.
fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack>
[src]
Set the context identifier for sessions.
This value identifies the server's session cache to clients, telling them when they're able to reuse sessions. It should be be set to a unique value per server, unless multiple servers share a session cache.
This value should be set when using client certificates, or each request will fail its handshake and need to be restarted.
This corresponds to SSL_CTX_set_session_id_context
.
fn set_certificate_file<P: AsRef<Path>>(
&mut self,
file: P,
file_type: SslFiletype
) -> Result<(), ErrorStack>
[src]
&mut self,
file: P,
file_type: SslFiletype
) -> Result<(), ErrorStack>
Loads a leaf certificate from a file.
Only a single certificate will be loaded - use add_extra_chain_cert
to add the remainder
of the certificate chain, or set_certificate_chain_file
to load the entire chain from a
single file.
This corresponds to SSL_CTX_use_certificate_file
.
fn set_certificate_chain_file<P: AsRef<Path>>(
&mut self,
file: P
) -> Result<(), ErrorStack>
[src]
&mut self,
file: P
) -> Result<(), ErrorStack>
Loads a certificate chain from a file.
The file should contain a sequence of PEM-formatted certificates, the first being the leaf certificate, and the remainder forming the chain of certificates up to and including the trusted root certificate.
This corresponds to SSL_CTX_use_certificate_chain_file
.
fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack>
[src]
Sets the leaf certificate.
Use add_extra_chain_cert
to add the remainder of the certificate chain.
This corresponds to SSL_CTX_use_certificate
.
fn add_extra_chain_cert(&mut self, cert: X509) -> Result<(), ErrorStack>
[src]
Appends a certificate to the certificate chain.
This chain should contain all certificates necessary to go from the certificate specified by
set_certificate
to a trusted root.
This corresponds to SSL_CTX_add_extra_chain_cert
.
fn set_private_key_file<P: AsRef<Path>>(
&mut self,
file: P,
file_type: SslFiletype
) -> Result<(), ErrorStack>
[src]
&mut self,
file: P,
file_type: SslFiletype
) -> Result<(), ErrorStack>
Loads the private key from a file.
This corresponds to SSL_CTX_use_PrivateKey_file
.
fn set_private_key<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack> where
T: HasPrivate,
[src]
T: HasPrivate,
Sets the private key.
This corresponds to SSL_CTX_use_PrivateKey
.
fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack>
[src]
Sets the list of supported ciphers.
See ciphers
for details on the format.
This corresponds to SSL_CTX_set_cipher_list
.
fn set_options(&mut self, option: SslOptions) -> SslOptions
[src]
Sets the options used by the context, returning the old set.
This corresponds to SSL_CTX_set_options
.
fn options(&self) -> SslOptions
[src]
Returns the options used by the context.
This corresponds to SSL_CTX_get_options
.
fn clear_options(&mut self, option: SslOptions) -> SslOptions
[src]
Clears the options used by the context, returning the old set.
This corresponds to SSL_CTX_clear_options
.
fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack>
[src]
Sets the protocols to sent to the server for Application Layer Protocol Negotiation (ALPN).
The input must be in ALPN "wire format". It consists of a sequence of supported protocol
names prefixed by their byte length. For example, the protocol list consisting of spdy/1
and http/1.1
is encoded as b"\x06spdy/1\x08http/1.1"
. The protocols are ordered by
preference.
This corresponds to SSL_CTX_set_alpn_protos
.
Requires the v102
or v110
features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
fn set_alpn_select_callback<F>(&mut self, callback: F) where
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
[src]
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send,
Sets the callback used by a server to select a protocol for Application Layer Protocol Negotiation (ALPN).
The callback is provided with the client's protocol list in ALPN wire format. See the
documentation for SslContextBuilder::set_alpn_protos
for details. It should return one
of those protocols on success. The select_next_proto
function implements the standard
protocol selection algorithm.
This corresponds to SSL_CTX_set_alpn_select_cb
.
Requires the v102
or v110
features and OpenSSL 1.0.2 or OpenSSL 1.1.0.
fn check_private_key(&self) -> Result<(), ErrorStack>
[src]
Checks for consistency between the private key and certificate.
This corresponds to SSL_CTX_check_private_key
.
fn cert_store(&self) -> &X509StoreBuilderRef
[src]
Returns a shared reference to the context's certificate store.
This corresponds to SSL_CTX_get_cert_store
.
fn cert_store_mut(&mut self) -> &mut X509StoreBuilderRef
[src]
Returns a mutable reference to the context's certificate store.
This corresponds to SSL_CTX_get_cert_store
.
fn set_status_callback<F>(&mut self, callback: F) -> Result<(), ErrorStack> where
F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,
[src]
F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send,
Sets the callback dealing with OCSP stapling.
On the client side, this callback is responsible for validating the OCSP status response
returned by the server. The status may be retrieved with the SslRef::ocsp_status
method.
A response of Ok(true)
indicates that the OCSP status is valid, and a response of
Ok(false)
indicates that the OCSP status is invalid and the handshake should be
terminated.
On the server side, this callback is resopnsible for setting the OCSP status response to be
returned to clients. The status may be set with the SslRef::set_ocsp_status
method. A
response of Ok(true)
indicates that the OCSP status should be returned to the client, and
Ok(false)
indicates that the status should not be returned to the client.
This corresponds to SSL_CTX_set_tlsext_status_cb
.
fn set_psk_callback<F>(&mut self, callback: F) where
F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
[src]
F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send,
Sets the callback for providing an identity and pre-shared key for a TLS-PSK client.
The callback will be called with the SSL context, an identity hint if one was provided by the server, a mutable slice for each of the identity and pre-shared key bytes. The identity must be written as a null-terminated C string.
This corresponds to SSL_CTX_set_psk_client_callback
.
fn set_ex_data<T>(&mut self, index: Index<SslContext, T>, data: T)
[src]
Sets the extra data at the specified index.
This can be used to provide data to callbacks registered with the context. Use the
SslContext::new_ex_index
method to create an Index
.
This corresponds to SSL_CTX_set_ex_data
.
fn build(self) -> SslContext
[src]
Consumes the builder, returning a new SslContext
.
Trait Implementations
impl Deref for SslConnectorBuilder
[src]
type Target = SslContextBuilder
The resulting type after dereferencing.
fn deref(&self) -> &SslContextBuilder
[src]
Dereferences the value.
impl DerefMut for SslConnectorBuilder
[src]
fn deref_mut(&mut self) -> &mut SslContextBuilder
[src]
Mutably dereferences the value.