Module openssl::ssl [] [src]

SSL/TLS support.

SslConnector and SslAcceptor should be used in most cases - they handle configuration of the OpenSSL primitives for you.

Examples

To connect as a client to a remote server:

use openssl::ssl::{SslMethod, SslConnectorBuilder};
use std::io::{Read, Write};
use std::net::TcpStream;

let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();

let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = connector.connect("google.com", stream).unwrap();

stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut res = vec![];
stream.read_to_end(&mut res).unwrap();
println!("{}", String::from_utf8_lossy(&res));

To accept connections as a server from remote clients:

use openssl::pkcs12::Pkcs12;
use openssl::ssl::{SslMethod, SslAcceptorBuilder, SslStream};
use std::fs::File;
use std::io::{Read, Write};
use std::net::{TcpListener, TcpStream};
use std::sync::Arc;
use std::thread;

// In this example we retrieve our keypair and certificate chain from a PKCS #12 archive,
// but but they can also be retrieved from, for example, individual PEM- or DER-formatted
// files. See the documentation for the `PKey` and `X509` types for more details.
let mut file = File::open("identity.pfx").unwrap();
let mut pkcs12 = vec![];
file.read_to_end(&mut pkcs12).unwrap();
let pkcs12 = Pkcs12::from_der(&pkcs12).unwrap();
let identity = pkcs12.parse("password123").unwrap();

let acceptor = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(),
                                                        &identity.pkey,
                                                        &identity.cert,
                                                        &identity.chain)
    .unwrap()
    .build();
let acceptor = Arc::new(acceptor);

let listener = TcpListener::bind("0.0.0.0:8443").unwrap();

fn handle_client(stream: SslStream<TcpStream>) {
    // ...
}

for stream in listener.incoming() {
    match stream {
        Ok(stream) => {
            let acceptor = acceptor.clone();
            thread::spawn(move || {
                let stream = acceptor.accept(stream).unwrap();
                handle_client(stream);
            });
        }
        Err(e) => { /* connection failed */ }
    }
}

Structs

CipherBits
MidHandshakeSslStream

An SSL stream midway through the handshake process.

Ssl
SslAcceptor

A type which wraps server-side streams in a TLS session.

SslAcceptorBuilder

A builder for SslAcceptors.

SslCipher
SslCipherRef
SslConnector

A type which wraps client-side streams in a TLS session.

SslConnectorBuilder

A builder for SslConnectors.

SslContext
SslContextBuilder

A builder for SslContexts.

SslContextRef
SslMethod
SslMode
SslOption
SslRef
SslStream

A stream wrapper which handles SSL encryption for an underlying stream.

SslVerifyMode

Enums

Error

An SSL error.

HandshakeError

An error or intermediate state after a TLS handshake attempt.

ShutdownResult

The result of a shutdown request.

SniError

An error returned from an SNI callback.

Constants

SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
SSL_MODE_AUTO_RETRY
SSL_MODE_ENABLE_PARTIAL_WRITE
SSL_MODE_NO_AUTO_CHAIN
SSL_MODE_RELEASE_BUFFERS
SSL_MODE_SEND_CLIENTHELLO_TIME
SSL_MODE_SEND_FALLBACK_SCSV
SSL_MODE_SEND_SERVERHELLO_TIME
SSL_OP_ALL
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_CISCO_ANYCONNECT
SSL_OP_COOKIE_EXCHANGE
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
SSL_OP_NO_COMPRESSION
SSL_OP_NO_QUERY_MTU
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_OP_NO_SSLV2
SSL_OP_NO_SSLV3
SSL_OP_NO_TICKET
SSL_OP_NO_TLSV1
SSL_OP_NO_TLSV1_1
SSL_OP_NO_TLSV1_2
SSL_OP_SINGLE_DH_USE
SSL_OP_SINGLE_ECDH_USE
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_OP_TLS_BLOCK_PADDING_BUG
SSL_OP_TLS_D5_BUG
SSL_OP_TLS_ROLLBACK_BUG
SSL_VERIFY_FAIL_IF_NO_PEER_CERT

Terminate handshake if client did not return a certificate. Use together with SSL_VERIFY_PEER.

SSL_VERIFY_NONE

Do not verify the server's certificate

SSL_VERIFY_PEER

Verify that the server's certificate is trusted