s2n_quic_rustls/
lib.rs

1// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4#![forbid(unsafe_code)]
5
6//! This crate depends on [rustls](https://github.com/rustls/rustls) which is currently
7//! 0.x and has not stabilized its APIs. Applications depending on the rustls provider
8//! should expect breaking changes to methods marked "deprecated" when the underlying
9//! rustls dependency is updated.
10
11// WARNING: Avoid adding new APIs which directly expose the underlying rustls API. If
12//          it's absolutely necessary, all rustls types must be marked as `#[deprecated]`
13//          since it's possible for those types to change in newer rustls versions.
14#[deprecated = "client and server builders should be used instead"]
15pub mod rustls {
16    pub use ::rustls::*;
17}
18
19#[deprecated = "client and server builders should be used instead"]
20pub static DEFAULT_CIPHERSUITES: &[rustls::SupportedCipherSuite] =
21    cipher_suite::DEFAULT_CIPHERSUITES;
22
23/// Wrap error types in Box to avoid leaking rustls types
24type Error = Box<dyn std::error::Error + Send + Sync + 'static>;
25
26mod cipher_suite;
27mod error;
28mod session;
29
30pub mod certificate;
31pub mod client;
32pub mod server;
33
34pub use client::Client;
35pub use server::Server;
36
37//= https://www.rfc-editor.org/rfc/rfc9001#section-4.2
38//# Clients MUST NOT offer TLS versions older than 1.3.
39static PROTOCOL_VERSIONS: &[&rustls::SupportedProtocolVersion] = &[&rustls::version::TLS13];
40
41/// The supported version of quic
42const QUIC_VERSION: rustls::quic::Version = rustls::quic::Version::V1;
43
44#[cfg(test)]
45mod tests {
46    use super::*;
47    use s2n_quic_core::crypto::tls::{self, testing::certificates::*};
48
49    #[test]
50    fn client_server_test() {
51        let mut client = client::Builder::new()
52            .with_certificate(CERT_PEM)
53            .unwrap()
54            .build()
55            .unwrap();
56
57        let mut server = server::Builder::new()
58            .with_certificate(CERT_PEM, KEY_PEM)
59            .unwrap()
60            .build()
61            .unwrap();
62
63        let mut pair = tls::testing::Pair::new(&mut server, &mut client, "localhost".into());
64
65        while pair.is_handshaking() {
66            pair.poll(None).unwrap();
67        }
68
69        pair.finish();
70    }
71
72    #[test]
73    fn client_server_der_test() {
74        let mut client = client::Builder::new()
75            .with_certificate(CERT_DER)
76            .unwrap()
77            .build()
78            .unwrap();
79
80        let mut server = server::Builder::new()
81            .with_certificate(CERT_DER, KEY_DER)
82            .unwrap()
83            .build()
84            .unwrap();
85
86        let mut pair = tls::testing::Pair::new(&mut server, &mut client, "localhost".into());
87
88        while pair.is_handshaking() {
89            pair.poll(None).unwrap();
90        }
91
92        pair.finish();
93    }
94
95    #[test]
96    fn client_server_pkcs1_test() {
97        let mut client = client::Builder::new()
98            .with_certificate(CERT_PKCS1_PEM)
99            .unwrap()
100            .build()
101            .unwrap();
102
103        let mut server = server::Builder::new()
104            .with_certificate(CERT_PKCS1_PEM, KEY_PKCS1_PEM)
105            .unwrap()
106            .build()
107            .unwrap();
108
109        let mut pair = tls::testing::Pair::new(&mut server, &mut client, "localhost".into());
110
111        while pair.is_handshaking() {
112            pair.poll(None).unwrap();
113        }
114
115        pair.finish();
116    }
117}