Struct Ssl 

pub struct Ssl { /* private fields */ }

Per-connection TLS object (SSL*).

Has exclusive ownership over its state; no Clone. BIOs passed to Ssl::set_bio_duplex or Ssl::set_bio are owned by the Ssl thereafter.

Implementations

impl Ssl

pub fn set_bio_duplex(&mut self, bio: Bio)

Set a single duplex BIO for both reading and writing.

Transfers ownership of bio to the SSL object; do not use bio afterwards. Suitable for BIO_new_bio_pair endpoints.

When rbio == wbio (same pointer), OpenSSL only increments the reference count once, so the single reference in bio is correct.

pub fn set_bio(&mut self, rbio: Bio, wbio: Bio)

Set separate read and write BIOs.

Transfers ownership of both rbio and wbio to the SSL object.

pub fn set_hostname(&mut self, hostname: &CStr) -> Result<(), ErrorStack>

Set the SNI hostname extension sent during the TLS handshake.

Call before Self::connect on client connections to enable SNI. hostname must be a NUL-terminated ASCII/UTF-8 hostname.

SSL_set_tlsext_host_name is a C macro expanding to SSL_ctrl(s, 55 /*SSL_CTRL_SET_TLSEXT_HOSTNAME*/, 0 /*TLSEXT_NAMETYPE_host_name*/, name).

Errors

Returns Err if the control call fails.

pub fn set_connect_state(&mut self)

Set this SSL object to operate in client (connect) mode.

Required before calling Self::do_handshake if neither Self::connect nor Self::accept will be used.

pub fn set_accept_state(&mut self)

Set this SSL object to operate in server (accept) mode.

pub fn connect(&mut self) -> Result<(), SslIoError>

Initiate a client-side TLS handshake (SSL_connect).

Returns Ok(()) on success, SslIoError::WantRead / SslIoError::WantWrite when the operation must be retried after more data is available.

Errors

pub fn accept(&mut self) -> Result<(), SslIoError>

Accept an incoming TLS connection (SSL_accept).

Returns Ok(()) on success, SslIoError::WantRead / SslIoError::WantWrite on non-blocking retry.

Errors

pub fn do_handshake(&mut self) -> Result<(), SslIoError>

Drive the TLS handshake in either role (SSL_do_handshake).

The role must have been set via Self::set_connect_state or Self::set_accept_state (or implicitly by Self::connect / Self::accept).

Errors

pub fn read(&mut self, buf: &mut [u8]) -> Result<usize, SslIoError>

Read decrypted application data (SSL_read_ex).

Returns the number of bytes written into buf on success.

Errors

pub fn write(&mut self, buf: &[u8]) -> Result<usize, SslIoError>

Write application data (SSL_write_ex).

Returns the number of bytes consumed from buf on success.

Errors

pub fn shutdown(&mut self) -> Result<ShutdownResult, ErrorStack>

Send a TLS close-notify alert (SSL_shutdown).

Returns ShutdownResult::Sent after the first shutdown stage and ShutdownResult::Complete after a bidirectional shutdown. Call twice on a non-blocking connection to complete the exchange.

Errors

Returns Err on a fatal error during shutdown.

pub fn peer_certificate(&self) -> Option<X509>

Return the peer’s certificate, or None if unavailable.

The returned certificate has its reference count incremented, so it outlives self.

pub fn get1_session(&self) -> Option<SslSession>

Get an owned reference to the current session (SSL_get1_session).

Returns None if no session is established. The session can be passed to Self::set_session on a new Ssl for resumption.

pub fn set_session(&mut self, session: &SslSession) -> Result<(), ErrorStack>

Set a previously obtained session for resumption (SSL_set_session).

Call before the handshake.

Errors

Trait Implementations

impl Drop for Ssl

fn drop(&mut self)

Executes the destructor for this type.

impl Send for Ssl