Struct openssl::ssl::SslContextBuilder

pub struct SslContextBuilder(_);

A builder for SslContexts.

Methods

impl SslContextBuilder

fn new(method: SslMethod) -> Result<SslContextBuilder, ErrorStack>

unsafe fn from_ptr(ctx: *mut SSL_CTX) -> SslContextBuilder

fn as_ptr(&self) -> *mut SSL_CTX

fn set_verify(&mut self, mode: SslVerifyMode)

Configures the certificate verification method for new connections.

fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F) where F: Fn(bool, &X509StoreContextRef) -> bool + Any + 'static + Sync + Send

Configures the certificate verification method for new connections and registers a verification callback.

fn set_servername_callback<F>(&mut self, callback: F) where F: Fn(&mut SslRef) -> Result<(), SniError> + Any + 'static + Sync + Send

Configures the server name indication (SNI) callback for new connections

Obtain the server name with servername then set the corresponding context with set_ssl_context

fn set_verify_depth(&mut self, depth: u32)

Sets verification depth

fn set_read_ahead(&mut self, read_ahead: bool)

fn set_mode(&mut self, mode: SslMode) -> SslMode

fn set_tmp_dh(&mut self, dh: &DhRef) -> Result<(), ErrorStack>

fn set_tmp_dh_callback<F>(&mut self, callback: F) where F: Fn(&mut SslRef, bool, u32) -> Result<Dh, ErrorStack> + Any + 'static + Sync + Send

fn set_tmp_ecdh(&mut self, key: &EcKeyRef) -> Result<(), ErrorStack>

fn set_default_verify_paths(&mut self) -> Result<(), ErrorStack>

Use the default locations of trusted certificates for verification.

These locations are read from the SSL_CERT_FILE and SSL_CERT_DIR environment variables if present, or defaults specified at OpenSSL build time otherwise.

fn set_ca_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack>

Specifies the file that contains trusted CA certificates.

fn set_client_ca_list(&mut self, list: Stack<X509Name>)

Sets the list of CAs sent to the client.

The CA certificates must still be added to the trust root.

fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack>

Set the context identifier for sessions

This value identifies the server's session cache to a clients, telling them when they're able to reuse sessions. Should be set to a unique value per server, unless multiple servers share a session cache.

This value should be set when using client certificates, or each request will fail handshake and need to be restarted.

fn set_certificate_file<P: AsRef<Path>>(&mut self,
                                        file: P,
                                        file_type: X509FileType)
                                        -> Result<(), ErrorStack>

Loads a certificate from a file.

fn set_certificate_chain_file<P: AsRef<Path>>(&mut self,
                                              file: P)
                                              -> Result<(), ErrorStack>

Loads a certificate chain from a file.

The file should contain a sequence of PEM-formatted certificates, the first being the leaf certificate, and the remainder forming the chain of certificates up to and including the trusted root certificate.

fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack>

Sets the certificate.

fn add_extra_chain_cert(&mut self, cert: X509) -> Result<(), ErrorStack>

Appends a certificate to the certificate chain.

This chain should contain all certificates necessary to go from the certificate specified by set_certificate to a trusted root.

fn set_private_key_file<P: AsRef<Path>>(&mut self,
                                        file: P,
                                        file_type: X509FileType)
                                        -> Result<(), ErrorStack>

Loads the private key from a file.

fn set_private_key(&mut self, key: &PKeyRef) -> Result<(), ErrorStack>

Sets the private key.

fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack>

Sets the cipher configuration.

See man 1 ciphers for details on the format.

fn set_options(&mut self, option: SslOption) -> SslOption

fn options(&self) -> SslOption

fn clear_options(&mut self, option: SslOption) -> SslOption

fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack>

Set the protocols to be used during Next Protocol Negotiation (the protocols supported by the application).

fn check_private_key(&self) -> Result<(), ErrorStack>

Checks consistency between the private key and certificate.

fn cert_store(&self) -> &X509StoreBuilderRef

Returns a shared reference to the context's certificate store.

fn cert_store_mut(&mut self) -> &mut X509StoreBuilderRef

Returns a mutable reference to the context's certificate store.

fn set_status_callback<F>(&mut self, callback: F) -> Result<(), ErrorStack> where F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + Any + 'static + Sync + Send

Sets the callback dealing with OCSP stapling.

On the client side, this callback is responsible for validating the OCSP status response returned by the server. The status may be retrieved with the SslRef::ocsp_status method. A response of Ok(true) indicates that the OCSP status is valid, and a response of Ok(false) indicates that the OCSP status is invalid and the handshake should be terminated.

On the server side, this callback is resopnsible for setting the OCSP status response to be returned to clients. The status may be set with the SslRef::set_ocsp_status method. A response of Ok(true) indicates that the OCSP status should be returned to the client, and Ok(false) indicates that the status should not be returned to the client.

fn build(self) -> SslContext

Trait Implementations

impl Sync for SslContextBuilder

impl Send for SslContextBuilder

impl Drop for SslContextBuilder

fn drop(&mut self)

A method called when the value goes out of scope.