1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

use super::{Identity, Protocol, TlsAcceptor};
use openssl::ssl::{SslAcceptor, SslMethod};

/// A builder for `TlsAcceptor`s.
#[derive(Debug)]
pub struct TlsAcceptorBuilder {
    pub(crate) identity: Identity,
    pub(crate) min_protocol: Option<Protocol>,
    pub(crate) max_protocol: Option<Protocol>,
}

impl TlsAcceptorBuilder {
    /// Sets the minimum supported protocol version.
    ///
    /// A value of `None` enables support for the oldest protocols supported by the implementation.
    ///
    /// Defaults to `Some(Protocol::Tlsv10)`.
    pub fn min_protocol_version(&mut self, protocol: Option<Protocol>) -> &mut Self {
        self.min_protocol = protocol;
        self
    }

    /// Sets the maximum supported protocol version.
    ///
    /// A value of `None` enables support for the newest protocols supported by the implementation.
    ///
    /// Defaults to `None`.
    pub fn max_protocol_version(&mut self, protocol: Option<Protocol>) -> &mut Self {
        self.max_protocol = protocol;
        self
    }

    /// Creates a new `TlsAcceptor`.
    pub fn build(&self) -> crate::Result<TlsAcceptor> {
        let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
        acceptor.set_private_key(&self.identity.pkey)?;
        acceptor.set_certificate(&self.identity.cert)?;

        for cert in self.identity.chain.iter().rev() {
            acceptor.add_extra_chain_cert(cert.to_owned())?;
        }

        crate::supported_protocols(self.min_protocol, self.max_protocol, &mut acceptor)?;

        Ok(TlsAcceptor(acceptor.build()))
    }
}