pub struct Builder { /* private fields */ }
Implementations§
source§impl Builder
impl Builder
sourcepub fn new() -> Builder
pub fn new() -> Builder
§Warning
The newly created Builder will create Configs that use the default security policy.
Consider changing this depending on your security and compatibility requirements
by calling Builder::set_security_policy
.
See the s2n-tls usage guide:
https://aws.github.io/s2n-tls/usage-guide/ch06-security-policies.html
pub fn set_alert_behavior( &mut self, value: AlertBehavior, ) -> Result<&mut Builder, Error>
pub fn set_security_policy( &mut self, policy: &Policy, ) -> Result<&mut Builder, Error>
sourcepub fn set_application_protocol_preference<P, I>(
&mut self,
protocols: P,
) -> Result<&mut Builder, Error>
pub fn set_application_protocol_preference<P, I>( &mut self, protocols: P, ) -> Result<&mut Builder, Error>
sets the application protocol preferences on an s2n_config object.
protocols is a list in order of preference, with most preferred protocol first, and of length protocol_count. When acting as a client the protocol list is included in the Client Hello message as the ALPN extension. As a server, the list is used to negotiate a mutual application protocol with the client. After the negotiation for the connection has completed, the agreed upon protocol can be retrieved with s2n_get_application_protocol
pub fn append_application_protocol_preference( &mut self, protocol: &[u8], ) -> Result<&mut Builder, Error>
sourcepub unsafe fn disable_x509_verification(
&mut self,
) -> Result<&mut Builder, Error>
pub unsafe fn disable_x509_verification( &mut self, ) -> Result<&mut Builder, Error>
Turns off x509 verification
§Safety
This functionality will weaken the security of the connections. As such, it should only be used in development environments where obtaining a valid certificate would not be possible.
pub fn add_dhparams(&mut self, pem: &[u8]) -> Result<&mut Builder, Error>
pub fn load_pem( &mut self, certificate: &[u8], private_key: &[u8], ) -> Result<&mut Builder, Error>
pub fn load_public_pem( &mut self, certificate: &[u8], ) -> Result<&mut Builder, Error>
pub fn trust_pem(&mut self, certificate: &[u8]) -> Result<&mut Builder, Error>
sourcepub fn trust_location(
&mut self,
file: Option<&Path>,
dir: Option<&Path>,
) -> Result<&mut Builder, Error>
pub fn trust_location( &mut self, file: Option<&Path>, dir: Option<&Path>, ) -> Result<&mut Builder, Error>
Adds to the trust store from a CA file or directory containing trusted certificates.
NOTE: This function is equivalent to s2n_config_set_verification_ca_location
except it does
not automatically enable the client to request OCSP stapling from the server.
sourcepub fn with_system_certs(
&mut self,
load_system_certs: bool,
) -> Result<&mut Builder, Error>
pub fn with_system_certs( &mut self, load_system_certs: bool, ) -> Result<&mut Builder, Error>
Sets whether or not default system certificates will be loaded into the trust store.
Set to false for increased performance if system certificates are not needed during certificate validation.
pub fn wipe_trust_store(&mut self) -> Result<&mut Builder, Error>
sourcepub fn set_client_auth_type(
&mut self,
auth_type: ClientAuthType,
) -> Result<&mut Builder, Error>
pub fn set_client_auth_type( &mut self, auth_type: ClientAuthType, ) -> Result<&mut Builder, Error>
Sets whether or not a client certificate should be required to complete the TLS connection.
See the Usage Guide for more details.
sourcepub fn enable_ocsp(&mut self) -> Result<&mut Builder, Error>
pub fn enable_ocsp(&mut self) -> Result<&mut Builder, Error>
Clients will request OCSP stapling from the server.
sourcepub fn set_ocsp_data(&mut self, data: &[u8]) -> Result<&mut Builder, Error>
pub fn set_ocsp_data(&mut self, data: &[u8]) -> Result<&mut Builder, Error>
Sets the OCSP data for the default certificate chain associated with the Config.
Servers will send the data in response to OCSP stapling requests from clients.
sourcepub fn set_verify_host_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + VerifyHostNameCallback,
pub fn set_verify_host_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + VerifyHostNameCallback,
Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted.
The callback may be called more than once during certificate validation as each SAN on the certificate will be checked.
Corresponds to the underlying C API s2n_config_set_verify_host_callback.
sourcepub unsafe fn set_key_log_callback(
&mut self,
callback: Option<unsafe extern "C" fn(_: *mut c_void, _: *mut s2n_connection, _: *mut u8, _: usize) -> i32>,
context: *mut c_void,
) -> Result<&mut Builder, Error>
pub unsafe fn set_key_log_callback( &mut self, callback: Option<unsafe extern "C" fn(_: *mut c_void, _: *mut s2n_connection, _: *mut u8, _: usize) -> i32>, context: *mut c_void, ) -> Result<&mut Builder, Error>
§Safety
THIS SHOULD BE USED FOR DEBUGGING PURPOSES ONLY!
The context
pointer must live at least as long as the config
pub fn set_max_cert_chain_depth( &mut self, depth: u16, ) -> Result<&mut Builder, Error>
pub fn set_send_buffer_size(&mut self, size: u32) -> Result<&mut Builder, Error>
sourcepub fn set_client_hello_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + ClientHelloCallback,
pub fn set_client_hello_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + ClientHelloCallback,
Set a custom callback function which is run after parsing the client hello.
pub fn set_connection_initializer<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + ConnectionInitializer,
sourcepub fn set_session_ticket_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + SessionTicketCallback,
pub fn set_session_ticket_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + SessionTicketCallback,
Sets a custom callback which provides access to session tickets when they arrive
sourcepub fn set_private_key_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + PrivateKeyCallback,
pub fn set_private_key_callback<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + PrivateKeyCallback,
Set a callback function triggered by operations requiring the private key.
See https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md#private-key-operation-related-calls
sourcepub fn set_wall_clock<T>(&mut self, handler: T) -> Result<&mut Builder, Error>where
T: 'static + WallClock,
pub fn set_wall_clock<T>(&mut self, handler: T) -> Result<&mut Builder, Error>where
T: 'static + WallClock,
Set a callback function that will be used to get the system time.
The wall clock time is the best-guess at the real time, measured since the epoch. Unlike monotonic time, it CAN move backwards. It is used by s2n-tls for timestamps.
sourcepub fn set_monotonic_clock<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + MonotonicClock,
pub fn set_monotonic_clock<T>(
&mut self,
handler: T,
) -> Result<&mut Builder, Error>where
T: 'static + MonotonicClock,
Set a callback function that will be used to get the monotonic time.
The monotonic time is the time since an arbitrary, unspecified point. Unlike wall clock time, it MUST never move backwards. It is used by s2n-tls for timers.
sourcepub fn enable_session_tickets(
&mut self,
enable: bool,
) -> Result<&mut Builder, Error>
pub fn enable_session_tickets( &mut self, enable: bool, ) -> Result<&mut Builder, Error>
Enable negotiating session tickets in a TLS connection
sourcepub fn add_session_ticket_key(
&mut self,
key_name: &[u8],
key: &[u8],
intro_time: SystemTime,
) -> Result<&mut Builder, Error>
pub fn add_session_ticket_key( &mut self, key_name: &[u8], key: &[u8], intro_time: SystemTime, ) -> Result<&mut Builder, Error>
Adds a key which will be used to encrypt and decrypt session tickets. The intro_time parameter is time since the Unix epoch (Midnight, January 1st, 1970). The key must be at least 16 bytes.
pub fn set_ticket_key_encrypt_decrypt_lifetime( &mut self, lifetime: Duration, ) -> Result<&mut Builder, Error>
pub fn set_ticket_key_decrypt_lifetime( &mut self, lifetime: Duration, ) -> Result<&mut Builder, Error>
sourcepub fn set_serialization_version(
&mut self,
version: SerializationVersion,
) -> Result<&mut Builder, Error>
pub fn set_serialization_version( &mut self, version: SerializationVersion, ) -> Result<&mut Builder, Error>
Sets the expected connection serialization version. Must be set before serializing the connection.
sourcepub fn set_max_blinding_delay(
&mut self,
seconds: u32,
) -> Result<&mut Builder, Error>
pub fn set_max_blinding_delay( &mut self, seconds: u32, ) -> Result<&mut Builder, Error>
Sets a configurable blinding delay instead of the default
pub fn build(self) -> Result<Config, Error>
Trait Implementations§
source§impl Default for Builder
impl Default for Builder
§Warning
The newly created Builder uses the default security policy.
Consider changing this depending on your security and compatibility requirements
by using Builder::new
instead and calling Builder::set_security_policy
.
See the s2n-tls usage guide:
https://aws.github.io/s2n-tls/usage-guide/ch06-security-policies.html