Struct rtc_dtls::config::ConfigBuilder

pub struct ConfigBuilder { /* private fields */ }

Config is used to configure a DTLS client or server. After a Config is passed to a DTLS function it must not be modified.

Implementations

impl ConfigBuilder

pub fn with_certificates(self, certificates: Vec<Certificate>) -> Self

certificates contains certificate chain to present to the other side of the connection. Server MUST set this if psk is non-nil client SHOULD sets this so CertificateRequests can be handled if psk is non-nil

pub fn with_cipher_suites(self, cipher_suites: Vec<CipherSuiteId>) -> Self

cipher_suites is a list of supported cipher suites. If cipher_suites is nil, a default list is used

pub fn with_signature_schemes( self, signature_schemes: Vec<SignatureScheme> ) -> Self

signature_schemes contains the signature and hash schemes that the peer requests to verify.

pub fn with_srtp_protection_profiles( self, srtp_protection_profiles: Vec<SrtpProtectionProfile> ) -> Self

srtp_protection_profiles are the supported protection profiles Clients will send this via use_srtp and assert that the server properly responds Servers will assert that clients send one of these profiles and will respond as needed

pub fn with_client_auth(self, client_auth: ClientAuthType) -> Self

client_auth determines the server’s policy for TLS Client Authentication. The default is NoClientCert.

pub fn with_extended_master_secret( self, extended_master_secret: ExtendedMasterSecretType ) -> Self

extended_master_secret determines if the “Extended Master Secret” extension should be disabled, requested, or required (default requested).

pub fn with_flight_interval(self, flight_interval: Duration) -> Self

flight_interval controls how often we send outbound handshake messages defaults to time.Second

pub fn with_psk( self, psk: Option<Arc<dyn Fn(&[u8]) -> Result<Vec<u8>> + Send + Sync>> ) -> Self

psk sets the pre-shared key used by this DTLS connection If psk is non-nil only psk cipher_suites will be used

pub fn with_psk_identity_hint(self, psk_identity_hint: Option<Vec<u8>>) -> Self

psk_identity_hint sets the pre-shared key hint

pub fn with_insecure_skip_verify(self, insecure_skip_verify: bool) -> Self

insecure_skip_verify controls whether a client verifies the server’s certificate chain and host name. If insecure_skip_verify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.

pub fn with_insecure_hashes(self, insecure_hashes: bool) -> Self

insecure_hashes allows the use of hashing algorithms that are known to be vulnerable.

pub fn with_insecure_verification(self, insecure_verification: bool) -> Self

insecure_verification allows the use of verification algorithms that are known to be vulnerable or deprecated

pub fn with_verify_peer_certificate( self, verify_peer_certificate: Option<Arc<dyn Fn(&[Vec<u8>], &[Certificate]) -> Result<()> + Send + Sync>> ) -> Self

VerifyPeerCertificate, if not nil, is called after normal certificate verification by either a client or server. It receives the certificate provided by the peer and also a flag that tells if normal verification has succeeded. If it returns a non-nil error, the handshake is aborted and that error results.

If normal verification fails then the handshake will abort before considering this callback. If normal verification is disabled by setting insecure_skip_verify, or (for a server) when client_auth is RequestClientCert or RequireAnyClientCert, then this callback will be considered but the verifiedChains will always be nil.

pub fn with_roots_cas(self, roots_cas: RootCertStore) -> Self

roots_cas defines the set of root certificate authorities that one peer uses when verifying the other peer’s certificates. If RootCAs is nil, TLS uses the host’s root CA set. Used by Client to verify server’s certificate

pub fn with_client_cas(self, client_cas: RootCertStore) -> Self

client_cas defines the set of root certificate authorities that servers use if required to verify a client certificate by the policy in client_auth. Used by Server to verify client’s certificate

pub fn with_server_name(self, server_name: String) -> Self

server_name is used to verify the hostname on the returned certificates unless insecure_skip_verify is given.

pub fn with_mtu(self, mtu: usize) -> Self

mtu is the length at which handshake messages will be fragmented to fit within the maximum transmission unit (default is 1200 bytes)

pub fn with_replay_protection_window( self, replay_protection_window: usize ) -> Self

replay_protection_window is the size of the replay attack protection window. Duplication of the sequence number is checked in this window size. Packet with sequence number older than this value compared to the latest accepted packet will be discarded. (default is 64)

impl ConfigBuilder

pub fn build( self, is_client: bool, remote_addr: Option<SocketAddr> ) -> Result<HandshakeConfig>

build handshake config

Trait Implementations

impl Clone for ConfigBuilder

fn clone(&self) -> ConfigBuilder

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for ConfigBuilder

fn default() -> Self

Returns the “default value” for a type.