Struct ntex::server::openssl::ssl::SslStream

pub struct SslStream<S> { /* fields omitted */ }

A TLS session over a stream.

Implementations

impl<S> SslStream<S> where
    S: Read + Write, 

pub fn new(ssl: Ssl, stream: S) -> Result<SslStream<S>, ErrorStack>

Creates a new SslStream.

This function performs no IO; the stream will not have performed any part of the handshake with the peer. If the Ssl was configured with SslRef::set_connect_state or SslRef::set_accept_state, the handshake can be performed automatically during the first call to read or write. Otherwise the connect and accept methods can be used to explicitly perform the handshake.

This corresponds to SSL_set_bio.

pub unsafe fn from_raw_parts(ssl: *mut SSL, stream: S) -> SslStream<S>

👎 Deprecated since 0.10.32:

use Ssl::from_ptr and SslStream::new instead

Constructs an SslStream from a pointer to the underlying OpenSSL SSL struct.

This is useful if the handshake has already been completed elsewhere.

Safety

The caller must ensure the pointer is valid.

pub fn read_early_data(&mut self, buf: &mut [u8]) -> Result<usize, Error>

Read application data transmitted by a client before handshake completion.

Useful for reducing latency, but vulnerable to replay attacks. Call SslRef::set_accept_state first.

Returns Ok(0) if all early data has been read.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_read_early_data.

pub fn write_early_data(&mut self, buf: &[u8]) -> Result<usize, Error>

Send data to the server without blocking on handshake completion.

Useful for reducing latency, but vulnerable to replay attacks. Call SslRef::set_connect_state first.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_write_early_data.

pub fn connect(&mut self) -> Result<(), Error>

Initiates a client-side TLS handshake.

This corresponds to SSL_connect.

Warning

OpenSSL’s default configuration is insecure. It is highly recommended to use SslConnector rather than Ssl directly, as it manages that configuration.

pub fn accept(&mut self) -> Result<(), Error>

Initiates a server-side TLS handshake.

This corresponds to SSL_accept.

Warning

OpenSSL’s default configuration is insecure. It is highly recommended to use SslAcceptor rather than Ssl directly, as it manages that configuration.

pub fn do_handshake(&mut self) -> Result<(), Error>

Initiates the handshake.

This will fail if set_accept_state or set_connect_state was not called first.

This corresponds to SSL_do_handshake.

pub fn stateless(&mut self) -> Result<bool, ErrorStack>

Perform a stateless server-side handshake.

Requires that cookie generation and verification callbacks were set on the SSL context.

Returns Ok(true) if a complete ClientHello containing a valid cookie was read, in which case the handshake should be continued via accept. If a HelloRetryRequest containing a fresh cookie was transmitted, Ok(false) is returned instead. If the handshake cannot proceed at all, Err is returned.

This corresponds to SSL_stateless

pub fn ssl_read(&mut self, buf: &mut [u8]) -> Result<usize, Error>

Like read, but returns an ssl::Error rather than an io::Error.

It is particularly useful with a nonblocking socket, where the error value will identify if OpenSSL is waiting on read or write readiness.

This corresponds to SSL_read.

pub fn ssl_write(&mut self, buf: &[u8]) -> Result<usize, Error>

Like write, but returns an ssl::Error rather than an io::Error.

It is particularly useful with a nonblocking socket, where the error value will identify if OpenSSL is waiting on read or write readiness.

This corresponds to SSL_write.

pub fn shutdown(&mut self) -> Result<ShutdownResult, Error>

Shuts down the session.

The shutdown process consists of two steps. The first step sends a close notify message to the peer, after which ShutdownResult::Sent is returned. The second step awaits the receipt of a close notify message from the peer, after which ShutdownResult::Received is returned.

While the connection may be closed after the first step, it is recommended to fully shut the session down. In particular, it must be fully shut down if the connection is to be used for further communication in the future.

This corresponds to SSL_shutdown.

pub fn get_shutdown(&mut self) -> ShutdownState

Returns the session’s shutdown state.

This corresponds to SSL_get_shutdown.

pub fn set_shutdown(&mut self, state: ShutdownState)

Sets the session’s shutdown state.

This can be used to tell OpenSSL that the session should be cached even if a full two-way shutdown was not completed.

This corresponds to SSL_set_shutdown.

impl<S> SslStream<S>

pub fn get_ref(&self) -> &S

Returns a shared reference to the underlying stream.

pub fn get_mut(&mut self) -> &mut S

Returns a mutable reference to the underlying stream.

Warning

It is inadvisable to read from or write to the underlying stream as it will most likely corrupt the SSL session.

pub fn ssl(&self) -> &SslRef

Returns a shared reference to the Ssl object associated with this stream.

Trait Implementations

impl<S> Debug for SslStream<S> where
    S: Debug, 

pub fn fmt(&self, fmt: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<S> Drop for SslStream<S>

pub fn drop(&mut self)

Executes the destructor for this type.

impl<S> Read for SslStream<S> where
    S: Read + Write, 

pub fn read(&mut self, buf: &mut [u8]) -> Result<usize, Error>

Pull some bytes from this source into the specified buffer, returning how many bytes were read.

fn read_vectored(&mut self, bufs: &mut [IoSliceMut<'_>]) -> Result<usize, Error>

Like read, except that it reads into a slice of buffers.

fn is_read_vectored(&self) -> bool

🔬 This is a nightly-only experimental API. (can_vector)

Determines if this Reader has an efficient read_vectored implementation.

unsafe fn initializer(&self) -> Initializer

🔬 This is a nightly-only experimental API. (read_initializer)

Determines if this Reader can work with buffers of uninitialized memory.

fn read_to_end(&mut self, buf: &mut Vec<u8, Global>) -> Result<usize, Error>

Read all bytes until EOF in this source, placing them into buf.

fn read_to_string(&mut self, buf: &mut String) -> Result<usize, Error>

Read all bytes until EOF in this source, appending them to buf.

fn read_exact(&mut self, buf: &mut [u8]) -> Result<(), Error>

Read the exact number of bytes required to fill buf.

fn by_ref(&mut self) -> &mut Self

Creates a “by reference” adaptor for this instance of Read.

fn bytes(self) -> Bytes<Self>

Transforms this Read instance to an Iterator over its bytes.

fn chain<R>(self, next: R) -> Chain<Self, R> where
    R: Read, 

Creates an adaptor which will chain this stream with another.

fn take(self, limit: u64) -> Take<Self>

Creates an adaptor which will read at most limit bytes from it.

impl<S> Write for SslStream<S> where
    S: Read + Write, 

pub fn write(&mut self, buf: &[u8]) -> Result<usize, Error>

Write a buffer into this writer, returning how many bytes were written.

pub fn flush(&mut self) -> Result<(), Error>

Flush this output stream, ensuring that all intermediately buffered contents reach their destination.

fn write_vectored(&mut self, bufs: &[IoSlice<'_>]) -> Result<usize, Error>

Like write, except that it writes from a slice of buffers.

fn is_write_vectored(&self) -> bool

🔬 This is a nightly-only experimental API. (can_vector)

Determines if this Writer has an efficient write_vectored implementation.

fn write_all(&mut self, buf: &[u8]) -> Result<(), Error>

Attempts to write an entire buffer into this writer.

fn write_all_vectored(&mut self, bufs: &mut [IoSlice<'_>]) -> Result<(), Error>

🔬 This is a nightly-only experimental API. (write_all_vectored)

Attempts to write multiple buffers into this writer.

fn write_fmt(&mut self, fmt: Arguments<'_>) -> Result<(), Error>

Writes a formatted string into this writer, returning any error encountered.

fn by_ref(&mut self) -> &mut Self

Creates a “by reference” adaptor for this instance of Write.