Struct rustls::server::ServerConnection [−][src]
pub struct ServerConnection { /* fields omitted */ }
Expand description
This represents a single TLS server connection.
Send TLS-protected data to the peer using the io::Write
trait implementation.
Read data from the peer using the io::Read
trait implementation.
Implementations
Make a new ServerConnection. config
controls how
we behave in the TLS protocol.
Retrieves the SNI hostname, if any, used to select the certificate and private key.
This returns None
until some time after the client’s SNI extension
value is processed during the handshake. It will never be None
when
the connection is ready to send or process application data, unless the
client does not support SNI.
This is useful for application protocols that need to enforce that the
SNI hostname matches an application layer protocol hostname. For
example, HTTP/1.1 servers commonly expect the Host:
header field of
every request on a connection to match the hostname in the SNI extension
when the client provides the SNI extension.
The SNI hostname is also used to match sessions during session resumption.
Application-controlled portion of the resumption ticket supplied by the client, if any.
Recovered from the prior session’s set_resumption_data
. Integrity is guaranteed by rustls.
Returns Some
iff a valid resumption ticket has been received from the client.
Set the resumption data to embed in future resumption tickets supplied to the client.
Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other
data. Should be called while is_handshaking
returns true to ensure all transmitted
resumption tickets are affected.
Integrity will be assured by rustls, but the data will be visible to the client. If secrecy from the client is desired, encrypt the data separately.
Explicitly discard early data, notifying the client
Useful if invariants encoded in received_resumption_data()
cannot be respected.
Must be called while is_handshaking
is true.
Methods from Deref<Target = ConnectionCommon<ServerConnectionData>>
Returns an object that allows reading plaintext.
Returns an object that allows writing plaintext.
This function uses io
to complete any outstanding IO for
this connection.
This is a convenience function which solely uses other parts of the public API.
What this means depends on the connection state:
- If the connection
is_handshaking
, then IO is performed until the handshake is complete. - Otherwise, if
wants_write
is true,write_tls
is invoked until it is all written. - Otherwise, if
wants_read
is true,read_tls
is invoked once.
The return value is the number of bytes read from and written
to io
, respectively.
This function will block if io
blocks.
Errors from TLS record handling (i.e., from process_new_packets
)
are wrapped in an io::ErrorKind::InvalidData
-kind error.
Processes any new packets read by a previous call to
Connection::read_tls
.
Errors from this function relate to TLS protocol errors, and
are fatal to the connection. Future calls after an error will do
no new work and will return the same error. After an error is
received from process_new_packets
, you should not call read_tls
any more (it will fill up buffers to no purpose). However, you
may call the other methods on the connection, including write
,
send_close_notify
, and write_tls
. Most likely you will want to
call write_tls
to send any alerts queued by the error and then
close the underlying connection.
Success from this function comes with some sundry state data about the connection.
Read TLS content from rd
. This method does internal
buffering, so rd
can supply TLS messages in arbitrary-
sized chunks (like a socket or pipe might).
You should call process_new_packets
each time a call to
this function succeeds.
The returned error only relates to IO on rd
. TLS-level
errors are emitted from process_new_packets
.
This function returns Ok(0)
when the underlying rd
does
so. This typically happens when a socket is cleanly closed,
or a file is at EOF.
Derives key material from the agreed connection secrets.
This function fills in output
with output.len()
bytes of key
material derived from the master session secret using label
and context
for diversification.
See RFC5705 for more details on what this does and is for.
For TLS1.3 connections, this function does not use the “early” exporter at any point.
This function fails if called prior to the handshake completing;
check with CommonState::is_handshaking
first.
Trait Implementations
The resulting type after dereferencing.
Performs the conversion.
quic
only.Return the TLS-encoded transport parameters for the session’s peer. Read more
quic
only.Compute the keys for encrypting/decrypting 0-RTT packets, if available
quic
only.Emit the TLS description code of a fatal alert, if one has arisen. Read more
fn new_quic(
config: Arc<ServerConfig>,
quic_version: Version,
params: Vec<u8>
) -> Result<ServerConnection, Error>
fn new_quic(
config: Arc<ServerConfig>,
quic_version: Version,
params: Vec<u8>
) -> Result<ServerConnection, Error>
Make a new QUIC ServerConnection. This differs from ServerConnection::new()
in that it takes an extra argument, params
, which contains the
TLS-encoded transport parameters to send. Read more