Struct rustls::server::ServerConnection

pub struct ServerConnection { /* fields omitted */ }

This represents a single TLS server connection.

Send TLS-protected data to the peer using the io::Write trait implementation. Read data from the peer using the io::Read trait implementation.

Implementations

impl ServerConnection

pub fn new(config: Arc<ServerConfig>) -> Result<Self, Error>

Make a new ServerConnection. config controls how we behave in the TLS protocol.

pub fn sni_hostname(&self) -> Option<&str>

Retrieves the SNI hostname, if any, used to select the certificate and private key.

This returns None until some time after the client’s SNI extension value is processed during the handshake. It will never be None when the connection is ready to send or process application data, unless the client does not support SNI.

This is useful for application protocols that need to enforce that the SNI hostname matches an application layer protocol hostname. For example, HTTP/1.1 servers commonly expect the Host: header field of every request on a connection to match the hostname in the SNI extension when the client provides the SNI extension.

The SNI hostname is also used to match sessions during session resumption.

pub fn received_resumption_data(&self) -> Option<&[u8]>

Application-controlled portion of the resumption ticket supplied by the client, if any.

Recovered from the prior session’s set_resumption_data. Integrity is guaranteed by rustls.

Returns Some iff a valid resumption ticket has been received from the client.

pub fn set_resumption_data(&mut self, data: &[u8])

Set the resumption data to embed in future resumption tickets supplied to the client.

Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other data. Should be called while is_handshaking returns true to ensure all transmitted resumption tickets are affected.

Integrity will be assured by rustls, but the data will be visible to the client. If secrecy from the client is desired, encrypt the data separately.

pub fn reject_early_data(&mut self)

Explicitly discard early data, notifying the client

Useful if invariants encoded in received_resumption_data() cannot be respected.

Must be called while is_handshaking is true.

Methods from Deref<Target = ConnectionCommon<ServerConnectionData>>

pub fn reader(&mut self) -> Reader<'_>

Returns an object that allows reading plaintext.

pub fn writer(&mut self) -> Writer<'_>

Returns an object that allows writing plaintext.

pub fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error> where
    Self: Sized,
    T: Read + Write, 

This function uses io to complete any outstanding IO for this connection.

This is a convenience function which solely uses other parts of the public API.

What this means depends on the connection state:

• If the connection is_handshaking, then IO is performed until the handshake is complete.
• Otherwise, if wants_write is true, write_tls is invoked until it is all written.
• Otherwise, if wants_read is true, read_tls is invoked once.

The return value is the number of bytes read from and written to io, respectively.

This function will block if io blocks.

Errors from TLS record handling (i.e., from process_new_packets) are wrapped in an io::ErrorKind::InvalidData-kind error.

pub fn process_new_packets(&mut self) -> Result<IoState, Error>

Processes any new packets read by a previous call to Connection::read_tls.

Errors from this function relate to TLS protocol errors, and are fatal to the connection. Future calls after an error will do no new work and will return the same error. After an error is received from process_new_packets, you should not call read_tls any more (it will fill up buffers to no purpose). However, you may call the other methods on the connection, including write, send_close_notify, and write_tls. Most likely you will want to call write_tls to send any alerts queued by the error and then close the underlying connection.

Success from this function comes with some sundry state data about the connection.

pub fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>

Read TLS content from rd. This method does internal buffering, so rd can supply TLS messages in arbitrary- sized chunks (like a socket or pipe might).

You should call process_new_packets each time a call to this function succeeds.

The returned error only relates to IO on rd. TLS-level errors are emitted from process_new_packets.

This function returns Ok(0) when the underlying rd does so. This typically happens when a socket is cleanly closed, or a file is at EOF.

pub fn export_keying_material(
    &self,
    output: &mut [u8],
    label: &[u8],
    context: Option<&[u8]>
) -> Result<(), Error>

Derives key material from the agreed connection secrets.

This function fills in output with output.len() bytes of key material derived from the master session secret using label and context for diversification.

See RFC5705 for more details on what this does and is for.

For TLS1.3 connections, this function does not use the “early” exporter at any point.

This function fails if called prior to the handshake completing; check with CommonState::is_handshaking first.

Trait Implementations

impl Debug for ServerConnection

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Deref for ServerConnection

type Target = ConnectionCommon<ServerConnectionData>

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl DerefMut for ServerConnection

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.

impl From<ServerConnection> for Connection

fn from(conn: ServerConnection) -> Self

Performs the conversion.

impl QuicExt for ServerConnection

fn quic_transport_parameters(&self) -> Option<&[u8]>

This is supported on crate feature quic only.

Return the TLS-encoded transport parameters for the session’s peer.

fn zero_rtt_keys(&self) -> Option<DirectionalKeys>

This is supported on crate feature quic only.

Compute the keys for encrypting/decrypting 0-RTT packets, if available

fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error>

This is supported on crate feature quic only.

Consume unencrypted TLS handshake data.

fn write_hs(&mut self, buf: &mut Vec<u8>) -> Option<KeyChange>

This is supported on crate feature quic only.

Emit unencrypted TLS handshake data.

fn alert(&self) -> Option<AlertDescription>

This is supported on crate feature quic only.

Emit the TLS description code of a fatal alert, if one has arisen.

impl ServerQuicExt for ServerConnection

fn new_quic(
    config: Arc<ServerConfig>,
    quic_version: Version,
    params: Vec<u8>
) -> Result<ServerConnection, Error>

Make a new QUIC ServerConnection. This differs from ServerConnection::new() in that it takes an extra argument, params, which contains the TLS-encoded transport parameters to send.