Struct s2n_tls::config::Builder

source · 
pub struct Builder { /* private fields */ }

Implementations§

source§

impl Builder

source

pub fn new() -> Self

§Warning

The newly created Builder will create Configs that use the default security policy. Consider changing this depending on your security and compatibility requirements by calling Builder::set_security_policy. See the s2n-tls usage guide: https://aws.github.io/s2n-tls/usage-guide/ch06-security-policies.html

source

pub fn set_alert_behavior( &mut self, value: AlertBehavior ) -> Result<&mut Self, Error>

source

pub fn set_security_policy( &mut self, policy: &Policy ) -> Result<&mut Self, Error>

source

pub fn set_application_protocol_preference<P: IntoIterator<Item = I>, I: AsRef<[u8]>>( &mut self, protocols: P ) -> Result<&mut Self, Error>

sets the application protocol preferences on an s2n_config object.

protocols is a list in order of preference, with most preferred protocol first, and of length protocol_count. When acting as a client the protocol list is included in the Client Hello message as the ALPN extension. As a server, the list is used to negotiate a mutual application protocol with the client. After the negotiation for the connection has completed, the agreed upon protocol can be retrieved with s2n_get_application_protocol

source

pub fn append_application_protocol_preference( &mut self, protocol: &[u8] ) -> Result<&mut Self, Error>

source

pub unsafe fn disable_x509_verification(&mut self) -> Result<&mut Self, Error>

Turns off x509 verification

§Safety

This functionality will weaken the security of the connections. As such, it should only be used in development environments where obtaining a valid certificate would not be possible.

source

pub fn add_dhparams(&mut self, pem: &[u8]) -> Result<&mut Self, Error>

source

pub fn load_pem( &mut self, certificate: &[u8], private_key: &[u8] ) -> Result<&mut Self, Error>

source

pub fn load_public_pem( &mut self, certificate: &[u8] ) -> Result<&mut Self, Error>

source

pub fn trust_pem(&mut self, certificate: &[u8]) -> Result<&mut Self, Error>

source

pub fn trust_location( &mut self, file: Option<&Path>, dir: Option<&Path> ) -> Result<&mut Self, Error>

Adds to the trust store from a CA file or directory containing trusted certificates.

NOTE: This function is equivalent to s2n_config_set_verification_ca_location except it does not automatically enable the client to request OCSP stapling from the server.

source

pub fn with_system_certs( &mut self, load_system_certs: bool ) -> Result<&mut Self, Error>

Sets whether or not default system certificates will be loaded into the trust store.

Set to false for increased performance if system certificates are not needed during certificate validation.

source

pub fn wipe_trust_store(&mut self) -> Result<&mut Self, Error>

source

pub fn set_client_auth_type( &mut self, auth_type: ClientAuthType ) -> Result<&mut Self, Error>

Sets whether or not a client certificate should be required to complete the TLS connection.

See the Usage Guide for more details.

source

pub fn enable_ocsp(&mut self) -> Result<&mut Self, Error>

Clients will request OCSP stapling from the server.

source

pub fn set_ocsp_data(&mut self, data: &[u8]) -> Result<&mut Self, Error>

Sets the OCSP data for the default certificate chain associated with the Config.

Servers will send the data in response to OCSP stapling requests from clients.

source

pub fn set_verify_host_callback<T: 'static + VerifyHostNameCallback>( &mut self, handler: T ) -> Result<&mut Self, Error>

Sets the callback to use for verifying that a hostname from an X.509 certificate is trusted.

The callback may be called more than once during certificate validation as each SAN on the certificate will be checked.

Corresponds to the underlying C API s2n_config_set_verify_host_callback.

source

pub unsafe fn set_key_log_callback( &mut self, callback: s2n_key_log_fn, context: *mut c_void ) -> Result<&mut Self, Error>

§Safety

THIS SHOULD BE USED FOR DEBUGGING PURPOSES ONLY! The context pointer must live at least as long as the config

source

pub fn set_max_cert_chain_depth( &mut self, depth: u16 ) -> Result<&mut Self, Error>

source

pub fn set_send_buffer_size(&mut self, size: u32) -> Result<&mut Self, Error>

source

pub fn set_client_hello_callback<T: 'static + ClientHelloCallback>( &mut self, handler: T ) -> Result<&mut Self, Error>

Set a custom callback function which is run after parsing the client hello.

source

pub fn set_connection_initializer<T: 'static + ConnectionInitializer>( &mut self, handler: T ) -> Result<&mut Self, Error>

source

pub fn set_session_ticket_callback<T: 'static + SessionTicketCallback>( &mut self, handler: T ) -> Result<&mut Self, Error>

Sets a custom callback which provides access to session tickets when they arrive

source

pub fn set_private_key_callback<T: 'static + PrivateKeyCallback>( &mut self, handler: T ) -> Result<&mut Self, Error>

Set a callback function triggered by operations requiring the private key.

See https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md#private-key-operation-related-calls

source

pub fn set_wall_clock<T: 'static + WallClock>( &mut self, handler: T ) -> Result<&mut Self, Error>

Set a callback function that will be used to get the system time.

The wall clock time is the best-guess at the real time, measured since the epoch. Unlike monotonic time, it CAN move backwards. It is used by s2n-tls for timestamps.

source

pub fn set_monotonic_clock<T: 'static + MonotonicClock>( &mut self, handler: T ) -> Result<&mut Self, Error>

Set a callback function that will be used to get the monotonic time.

The monotonic time is the time since an arbitrary, unspecified point. Unlike wall clock time, it MUST never move backwards. It is used by s2n-tls for timers.

source

pub fn enable_session_tickets( &mut self, enable: bool ) -> Result<&mut Self, Error>

Enable negotiating session tickets in a TLS connection

source

pub fn add_session_ticket_key( &mut self, key_name: &[u8], key: &[u8], intro_time: SystemTime ) -> Result<&mut Self, Error>

Adds a key which will be used to encrypt and decrypt session tickets. The intro_time parameter is time since the Unix epoch (Midnight, January 1st, 1970). The key must be at least 16 bytes.

source

pub fn set_ticket_key_encrypt_decrypt_lifetime( &mut self, lifetime: Duration ) -> Result<&mut Self, Error>

source

pub fn set_ticket_key_decrypt_lifetime( &mut self, lifetime: Duration ) -> Result<&mut Self, Error>

source

pub fn set_serialization_version( &mut self, version: SerializationVersion ) -> Result<&mut Self, Error>

Sets the expected connection serialization version. Must be set before serializing the connection.

source

pub fn build(self) -> Result<Config, Error>

Trait Implementations§

source§

impl Default for Builder

§Warning

The newly created Builder uses the default security policy. Consider changing this depending on your security and compatibility requirements by using Builder::new instead and calling Builder::set_security_policy. See the s2n-tls usage guide: https://aws.github.io/s2n-tls/usage-guide/ch06-security-policies.html

source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.