Expand description
Rust bindings for LibreSSL’s libtls library.
The LibreSSL project provides a free TLS and crypto stack that was forked from OpenSSL in 2014. The goals are to provide a modernized codebase, improved security, and to apply best practice development processes.
LibreSSL provides C APIs that are compatible to OpenSSL’s libssl and libcrypto libraries. It also provides libtls, a new TLS library that is designed to make it easier to write foolproof applications.
This crate provides Rust language bindings for libtls only, as the other LibreSSL APIs can be used with the existing rust-openssl crate. LibreSSL versions 2.9.0 through 3.1.0 (or later) are supported. TLSv1.3 requires LibreSSL 3.1.0 or later.
§Examples
use libtls::{config::Config, error};
fn tls_server_config() -> error::Result<Config> {
let mut tls_config = Config::new()?;
tls_config.set_keypair_file("tests/eccert.crt", "tests/eccert.key")?;
tls_config.set_protocols(libtls_sys::TLS_PROTOCOL_TLSv1_3);
Ok(tls_config)
}
fn main() {
let tls_config = tls_server_config().unwrap();
}
The same configuration can be created using the config::Builder
builder pattern:
fn tls_server_config() -> error::Result<Config> {
let tls_config = Builder::new()
.keypair_file("tests/eccert.crt", "tests/eccert.key", None)
.protocols(libtls_sys::TLS_PROTOCOL_TLSv1_3)
.build()?;
Ok(tls_config)
}§Copyright and license
Copyright (c) 2019, 2020 Reyk Floeter <contact@reykfloeter.com>The documentation is based on the libtls manpages of the LibreSSL project:
Copyright (c) 2015, 2016 Bob Beck <beck@openbsd.org>
Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
Copyright (c) 2014, 2015, 2016, 2017, 2018 Joel Sing <jsing@openbsd.org>
Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
Copyright (c) 2014, 2015 Ted Unangst <tedu@openbsd.org>Both are provided under the same OpenBSD-ISC-style license:
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.Modules§
- config
- TLS configuration for connections.
- error
- Error handling.
- tls
- TLS connections, clients and servers.
Macros§
- try_tls
- Convert return value of
TlsI/O functions intoio::Error.
Constants§
- TLS_API
- TLS API version.
- TLS_
CRL_ REASON_ AA_ COMPROMISE - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ AFFILIATION_ CHANGED - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ CA_ COMPROMISE - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ CERTIFICATE_ HOLD - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ CESSATION_ OF_ OPERATION - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ KEY_ COMPROMISE - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ PRIVILEGE_ WITHDRAWN - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ REMOVE_ FROM_ CRL - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ SUPERSEDED - CRL (RFC 5280 Section 5.3.1).
- TLS_
CRL_ REASON_ UNSPECIFIED - CRL (RFC 5280 Section 5.3.1).
- TLS_
MAX_ SESSION_ ID_ LENGTH - TLS session.
- TLS_
OCSP_ CERT_ GOOD - OCSP certificate (RFC 6960 Section 2.2).
- TLS_
OCSP_ CERT_ REVOKED - OCSP certificate (RFC 6960 Section 2.2).
- TLS_
OCSP_ CERT_ UNKNOWN - OCSP certificate (RFC 6960 Section 2.2).
- TLS_
OCSP_ RESPONSE_ INTERNALERROR - OCSP response (RFC 6960 Section 2.3).
- TLS_
OCSP_ RESPONSE_ MALFORMED - OCSP response (RFC 6960 Section 2.3).
- TLS_
OCSP_ RESPONSE_ SIGREQUIRED - OCSP response (RFC 6960 Section 2.3).
- TLS_
OCSP_ RESPONSE_ SUCCESSFUL - OCSP response (RFC 6960 Section 2.3).
- TLS_
OCSP_ RESPONSE_ TRYLATER - OCSP response (RFC 6960 Section 2.3).
- TLS_
OCSP_ RESPONSE_ UNAUTHORIZED - OCSP response (RFC 6960 Section 2.3).
- TLS_
PROTOCOLS_ ALL - TLS major/minor protocol version.
- TLS_
PROTOCOLS_ DEFAULT - TLS major/minor protocol version.
- TLS_
PROTOCOL_ TLSv1 - TLS major/minor protocol version.
- TLS_
PROTOCOL_ TLSv1_ 0 - TLS major/minor protocol version.
- TLS_
PROTOCOL_ TLSv1_ 1 - TLS major/minor protocol version.
- TLS_
PROTOCOL_ TLSv1_ 2 - TLS major/minor protocol version.
- TLS_
PROTOCOL_ TLSv1_ 3 - TLSv1.3 is only supported by LibreSSL 3.1.0 or later.
- TLS_
TICKET_ KEY_ SIZE - TLS session.
- TLS_
WANT_ POLLIN - TLS async I/O.
- TLS_
WANT_ POLLOUT - TLS async I/O.
Functions§
- init
Deprecated - Initialize global data structures.