Crate roa_tls

This crate provides an acceptor implementing roa_core::Accept and an app extension.

TlsIncoming

use roa_core::{App, Context, Error};
use roa_tls::{TlsIncoming, ServerConfig, NoClientAuth};
use roa_tls::internal::pemfile::{certs, rsa_private_keys};
use std::fs::File;
use std::io::BufReader;

async fn end(_ctx: &mut Context<()>) -> Result<(), Error> {
    Ok(())
}

let mut config = ServerConfig::new(NoClientAuth::new());
let mut cert_file = BufReader::new(File::open("../assets/cert.pem")?);
let mut key_file = BufReader::new(File::open("../assets/key.pem")?);
let cert_chain = certs(&mut cert_file).unwrap();
let mut keys = rsa_private_keys(&mut key_file).unwrap();
config.set_single_cert(cert_chain, keys.remove(0))?;

let incoming = TlsIncoming::bind("127.0.0.1:0", config)?;
let server = App::new(()).end(end).accept(incoming);
// server.await
Ok(())

TlsListener

use roa_core::{App, Context, Error};
use roa_tls::{TlsListener, ServerConfig, NoClientAuth};
use roa_tls::internal::pemfile::{certs, rsa_private_keys};
use std::fs::File;
use std::io::BufReader;

async fn end(_ctx: &mut Context<()>) -> Result<(), Error> {
    Ok(())
}

let mut config = ServerConfig::new(NoClientAuth::new());
let mut cert_file = BufReader::new(File::open("../assets/cert.pem")?);
let mut key_file = BufReader::new(File::open("../assets/key.pem")?);
let cert_chain = certs(&mut cert_file).unwrap();
let mut keys = rsa_private_keys(&mut key_file).unwrap();
config.set_single_cert(cert_chain, keys.remove(0))?;
let (addr, server) = App::new(()).end(end).bind_tls("127.0.0.1:0", config)?;
// server.await
Ok(())

Modules

internal	Internal classes which may be useful outside the library. The contents of this section DO NOT form part of the stable interface.
manual	This is the rustls manual. This documentation primarily aims to explain design decisions taken in rustls.
sign	Message signing interfaces and implementations.

Structs

AllowAnyAnonymousOrAuthenticatedClient	A ClientCertVerifier that will allow both anonymous and authenticated clients, without any name checking.
AllowAnyAuthenticatedClient	A ClientCertVerifier that will ensure that every client provides a trusted certificate, without any name checking.
Certificate	This type contains a single certificate by value.
ClientConfig	Common configuration for (typically) all connections made by a program.
ClientHello	A struct representing the received Client Hello
ClientSession	This represents a single TLS client session.
ClientSessionMemoryCache	An implementor of StoresClientSessions that stores everything in memory. It enforces a limit on the number of entries to bound memory usage.
KeyLogFile	KeyLog implementation that opens a file whose name is given by the SSLKEYLOGFILE environment variable, and writes keys into it.
NoClientAuth	Turns off client authentication.
NoClientSessionStorage	An implementor of StoresClientSessions which does nothing.
NoKeyLog	KeyLog that does exactly nothing.
NoServerSessionStorage	Something which never stores sessions.
PrivateKey	This type contains a private key by value.
ResolvesServerCertUsingSNI	Something that resolves do different cert chains/keys based on client-supplied server name (via SNI).
RootCertStore	A container for root certificates able to provide a root-of-trust for connection authentication.
ServerConfig	Common configuration for a set of server sessions.
ServerSession	This represents a single TLS server session.
ServerSessionMemoryCache	An implementor of StoresServerSessions that stores everything in memory. If enforces a limit on the number of stored sessions to bound memory usage.
Stream	This type implements io::Read and io::Write, encapsulating a Session S and an underlying transport T, such as a socket.
StreamOwned	This type implements io::Read and io::Write, encapsulating and owning a Session S and an underlying blocking transport T, such as a socket.
SupportedCipherSuite	A cipher suite supported by rustls.
Ticketer	A concrete, safe ticket creation mechanism.
TlsIncoming	A stream of connections from a TcpIncoming. As an implementation of roa_core::Accept.
WriteEarlyData	Stub that implements io::Write and dispatches to write_early_data.
WriteVAdapter	This is a simple wrapper around an object which implements std::io::Write in order to autoimplement WriteV. It uses the write_vectored method from std::io::Write in order to do this.

Enums

BulkAlgorithm	Bulk symmetric encryption scheme used by a cipher suite.
CipherSuite	The CipherSuite TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
ProtocolVersion	The ProtocolVersion TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
SignatureScheme	The SignatureScheme TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
TLSError	rustls reports protocol errors using this type.
WrapTlsStream	A finite-state machine to do tls handshake.

Statics

ALL_CIPHERSUITES

A list of all the cipher suites supported by rustls.

Traits

KeyLog	This trait represents the ability to do something useful with key material, such as logging it to a file for debugging.
ProducesTickets	A trait for the ability to encrypt and decrypt tickets.
ResolvesClientCert	A trait for the ability to choose a certificate chain and private key for the purposes of client authentication.
ResolvesServerCert	How to choose a certificate chain and signing key for use in server authentication.
Session	Generalises ClientSession and ServerSession
StoresClientSessions	A trait for the ability to store client session data. The keys and values are opaque.
StoresServerSessions	A trait for the ability to store server session data.
TlsListener	An app extension.
WriteV	This trait specifies rustls's precise requirements doing writes with vectored IO.

Type Definitions

DistinguishedNames