Struct TlsClient

pub struct TlsClient { /* private fields */ }

PipeBuf wrapper of Rustls ClientConnection

If TLS is not configured then just passes data through unchanged.

There is a single “process” call that takes care of all the calls required to move data between the encrypted and plain-text sides of a Rustls ClientConnection.

Implementations

impl TlsClient

pub fn new( config: Option<(Arc<ClientConfig>, ServerName<'static>)>, ) -> Result<Self, Error>

Create a new TLS engine using the given Rustls configuration, or set it up to just pass data straight through if there is no configuration provided

pub fn connection(&self) -> Option<&ClientConnection>

Get immutable access to the wrapped ClientConnection, if available

pub fn process( &mut self, ext: PBufRdWr<'_>, int: PBufRdWr<'_>, ) -> Result<bool, TlsError>

Process as much data as possible, moving data between ext and int. ext is the pipe which typically carries TLS protocol data to/from an external TCP connection. int is the pipe carrying plain-text data to/from whatever handlers there are on the internal side.

If TLS is disabled, this just passes data straight through.

Normal “Closing” end-of-file indicated from the internal side is converted into a TLS close_notify, i.e. a clean TLS shutdown. “Aborting” end-of-file causes the TLS protocol stream to be abruptly closed, which will result in an “aborted” end-of-file status at the remote end.

A clean close_notify end-of-file received by TLS from the external side results in a normal “Closing” end-of-file being indicated for the internal handlers. Any other end-of-file results in an “Aborting” end-of-file. Note that some TLS libraries always end their streams with an unclean shutdown.

Returns Ok(true) if there was activity, Ok(false) if no progress could be made, and Err(_) if there was an error.