objc2_security

Struct sec_protocol_options

Source 
#[repr(C)]
pub struct sec_protocol_options { /* private fields */ }
Available on crate feature SecProtocolOptions only.
Expand description

A sec_protocol_options instance is a container of options for security protocol instances, such as TLS. Protocol options are used to configure security protocols in the network stack. For example, clients may set the maximum and minimum allowed TLS versions through protocol options.

See also Apple’s documentation

Implementations§

Source§

impl sec_protocol_options

Source

pub unsafe fn are_equal( options_a: sec_protocol_options_t, options_b: sec_protocol_options_t, ) -> bool

Compare two sec_protocol_options_t instances.

Parameter optionsA: A sec_protocol_options_t instance.

Parameter optionsB: A sec_protocol_options_t instance.

Returns: True if equal, and false otherwise.

Source

pub unsafe fn set_local_identity( options: sec_protocol_options_t, identity: sec_identity_t, )

Available on crate feature SecProtocolTypes only.

Set the local identity to be used for this protocol instance.

Parameter options: A sec_protocol_options_t instance.

Parameter identity: A sec_identity_t instance carrying the private key and certificate.

Source

pub unsafe fn append_tls_ciphersuite( options: sec_protocol_options_t, ciphersuite: tls_ciphersuite_t, )

Available on crate feature SecProtocolTypes only.

Append a TLS ciphersuite to the set of enabled ciphersuites.

Parameter options: A sec_protocol_options_t instance.

Parameter ciphersuite: A tls_ciphersuite_t value.

Source

pub unsafe fn add_tls_ciphersuite( options: sec_protocol_options_t, ciphersuite: SSLCipherSuite, )

👎Deprecated: Use sec_protocol_options_append_tls_ciphersuite
Available on crate feature CipherSuite only.

Add a TLS ciphersuite to the set of enabled ciphersuites.

Parameter options: A sec_protocol_options_t instance.

Parameter ciphersuite: A SSLCipherSuite value.

Source

pub unsafe fn append_tls_ciphersuite_group( options: sec_protocol_options_t, group: tls_ciphersuite_group_t, )

Available on crate feature SecProtocolTypes only.

Append a TLS ciphersuite group to the set of enabled ciphersuites.

Parameter options: A sec_protocol_options_t instance.

Parameter group: A tls_ciphersuite_group_t value.

Source

pub unsafe fn add_tls_ciphersuite_group( options: sec_protocol_options_t, group: SSLCiphersuiteGroup, )

👎Deprecated: Use sec_protocol_options_append_tls_ciphersuite_group
Available on crate feature CipherSuite only.

Add a TLS ciphersuite group to the set of enabled ciphersuites.

Parameter options: A sec_protocol_options_t instance.

Parameter group: A SSLCipherSuiteGroup value.

Source

pub unsafe fn set_tls_min_version( options: sec_protocol_options_t, version: SSLProtocol, )

👎Deprecated
Available on crate feature SecProtocolTypes only.

Set the minimum support TLS version.

Parameter options: A sec_protocol_options_t instance.

Parameter version: A SSLProtocol enum value.

Source

pub unsafe fn set_min_tls_protocol_version( options: sec_protocol_options_t, version: tls_protocol_version_t, )

Available on crate feature SecProtocolTypes only.

Set the minimum support TLS version.

Parameter options: A sec_protocol_options_t instance.

Parameter version: A tls_protocol_version_t enum value.

Source

pub unsafe fn default_min_tls_protocol_version() -> tls_protocol_version_t

Available on crate feature SecProtocolTypes only.

Get the system default minimum TLS protocol version.

Returns: The default minimum TLS version.

Source

pub unsafe fn default_min_dtls_protocol_version() -> tls_protocol_version_t

Available on crate feature SecProtocolTypes only.

Get the system default minimum DTLS protocol version.

Returns: The default minimum DTLS version.

Source

pub unsafe fn set_tls_max_version( options: sec_protocol_options_t, version: SSLProtocol, )

👎Deprecated
Available on crate feature SecProtocolTypes only.

Set the maximum support TLS version.

Parameter options: A sec_protocol_options_t instance.

Parameter version: A SSLProtocol enum value.

Source

pub unsafe fn set_max_tls_protocol_version( options: sec_protocol_options_t, version: tls_protocol_version_t, )

Available on crate feature SecProtocolTypes only.

Set the maximum support TLS version.

Parameter options: A sec_protocol_options_t instance.

Parameter version: A tls_protocol_version_t enum value.

Source

pub unsafe fn default_max_tls_protocol_version() -> tls_protocol_version_t

Available on crate feature SecProtocolTypes only.

Get the system default maximum TLS protocol version.

Returns: The default maximum TLS version.

Source

pub unsafe fn default_max_dtls_protocol_version() -> tls_protocol_version_t

Available on crate feature SecProtocolTypes only.

Get the system default maximum DTLS protocol version.

Returns: The default maximum DTLS version.

Source

pub unsafe fn enabled_encrypted_client_hello( options: sec_protocol_options_t, ) -> bool

For experimental use only. Find out whether Encrypted Client Hello has been enabled.

Returns: A boolean that indicates whether or not Encrypted Client Hello has been enabled.

Source

pub unsafe fn quic_use_legacy_codepoint(options: sec_protocol_options_t) -> bool

Check whether the QUIC legacy codepoint has been enabled.

Returns: A boolean that indicates whether or not the QUIC legacy codepoint has been enabled.

Source

pub unsafe fn add_tls_application_protocol( options: sec_protocol_options_t, application_protocol: NonNull<c_char>, )

Add an application protocol supported by clients of this protocol instance.

Parameter options: A sec_protocol_options_t instance.

Parameter application_protocol: A NULL-terminated string defining the application protocol.

Source

pub unsafe fn set_tls_server_name( options: sec_protocol_options_t, server_name: NonNull<c_char>, )

Set the server name to be used when verifying the peer’s certificate. This will override the server name obtained from the endpoint.

Parameter options: A sec_protocol_options_t instance.

Parameter server_name: A NULL-terminated string carrying the server name.

Source

pub unsafe fn set_tls_tickets_enabled( options: sec_protocol_options_t, tickets_enabled: bool, )

Enable or disable TLS session ticket support.

Parameter options: A sec_protocol_options_t instance.

Parameter tickets_enabled: Flag to enable or disable TLS session ticket support.

Source

pub unsafe fn set_tls_is_fallback_attempt( options: sec_protocol_options_t, is_fallback_attempt: bool, )

Signal if this is a TLS fallback attempt.

A fallback attempt is one following a previously failed TLS connection due to version or parameter incompatibility, e.g., when speaking to a server that does not support a client-offered ciphersuite.

Clients MUST NOT enable fallback for fresh connections.

Parameter options: A sec_protocol_options_t instance.

Parameter is_fallback_attempt: Set a flag indicating that this is a TLS fallback attempt.

Source

pub unsafe fn set_tls_resumption_enabled( options: sec_protocol_options_t, resumption_enabled: bool, )

Enable or disable TLS session resumption.

Parameter options: A sec_protocol_options_t instance.

Parameter resumption_enabled: Flag to enable or disable TLS session resumption.

Source

pub unsafe fn set_tls_false_start_enabled( options: sec_protocol_options_t, false_start_enabled: bool, )

Enable or disable TLS False Start.

Parameter options: A sec_protocol_options_t instance.

Parameter false_start_enabled: Flag to enable or disable TLS False Start.

Source

pub unsafe fn set_tls_ocsp_enabled( options: sec_protocol_options_t, ocsp_enabled: bool, )

Enable or disable OCSP support.

Parameter options: A sec_protocol_options_t instance.

Parameter ocsp_enabled: Flag to enable or disable OCSP support.

Source

pub unsafe fn set_tls_sct_enabled( options: sec_protocol_options_t, sct_enabled: bool, )

Enable or disable SCT (signed certificate timestamp) support.

Parameter options: A sec_protocol_options_t instance.

Parameter sct_enabled: Flag to enable or disable SCT support.

Source

pub unsafe fn set_tls_renegotiation_enabled( options: sec_protocol_options_t, renegotiation_enabled: bool, )

Enable or disable TLS (1.2 and prior) session renegotiation. This defaults to true.

Parameter options: A sec_protocol_options_t instance.

Parameter renegotiation_enabled: Flag to enable or disable TLS (1.2 and prior) session renegotiation.

Source

pub unsafe fn set_peer_authentication_required( options: sec_protocol_options_t, peer_authentication_required: bool, )

Enable or disable peer authentication. Clients default to true, whereas servers default to false.

Parameter options: A sec_protocol_options_t instance.

Parameter peer_authentication_required: Flag to enable or disable mandatory peer authentication.

Source

pub unsafe fn set_peer_authentication_optional( options: sec_protocol_options_t, peer_authentication_optional: bool, )

When this is enabled, the endpoint requests the peer certificate, but if none is provided, the endpoint still proceeds with the connection. Default false for servers; always false for clients (clients ignore this option). If peer_authentication_required is set to true via sec_protocol_options_set_peer_authentication_required(), peer_authentication_optional will be disregarded and the peer certificate will be required.

Parameter options: A sec_protocol_options_t instance.

Parameter peer_authentication_optional: Flag to enable or disable requested peer authentication.

Source

pub unsafe fn set_enable_encrypted_client_hello( options: sec_protocol_options_t, enable_encrypted_client_hello: bool, )

For experimental use only. When this is enabled, the Encrypted Client Hello extension will be sent on the Client Hello if TLS 1.3 is among the supported TLS versions. Default false.

Parameter options: A sec_protocol_options_t instance.

Parameter peer_authentication_optional: Flag to enable or disable Encrypted Client Hello.

Source

pub unsafe fn set_quic_use_legacy_codepoint( options: sec_protocol_options_t, quic_use_legacy_codepoint: bool, )

Set QUIC to use the legacy codepoint. Defaults to true.

Parameter options: A sec_protocol_options_t instance.

Parameter quic_use_legacy_codepoint: A boolean to enable/disable the legacy codepoint.

Trait Implementations§

Source§

impl Debug for sec_protocol_options

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl RefEncode for sec_protocol_options

Available on crate feature objc2 only.
Source§

const ENCODING_REF: Encoding

The Objective-C type-encoding for a reference of this type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> AutoreleaseSafe for T
where T: ?Sized,