Struct scratchstack_wrapper_aws_c_io::aws_tls_ctx_options

#[repr(C)]
pub struct aws_tls_ctx_options {
    pub allocator: *mut aws_allocator,
    pub minimum_tls_version: aws_tls_versions,
    pub cipher_pref: aws_tls_cipher_pref,
    pub ca_file: aws_byte_buf,
    pub ca_path: *mut aws_string,
    pub alpn_list: *mut aws_string,
    pub certificate: aws_byte_buf,
    pub private_key: aws_byte_buf,
    pub max_fragment_size: usize,
    pub verify_peer: bool,
    pub ctx_options_extension: *mut c_void,
    pub custom_key_op_handler: *mut aws_custom_key_op_handler,
}

Fields

allocator: *mut aws_allocator

minimum_tls_version: aws_tls_versions

minimum tls version to use. If you just want us to use the system defaults, you can set: AWS_IO_TLS_VER_SYS_DEFAULTS. This has the added benefit of automatically picking up new TLS versions as your OS or distribution adds support.

cipher_pref: aws_tls_cipher_pref

The Cipher Preference List to use

ca_file: aws_byte_buf

A PEM armored PKCS#7 collection of CAs you want to trust as a string. Only use this if it’s a CA not currently installed on your system.

ca_path: *mut aws_string

Only used on Unix systems using an openssl style trust API. this is typically something like /etc/pki/tls/certs/“

alpn_list: *mut aws_string

Sets ctx wide alpn string. This is most useful for servers. This is a semi-colon delimited list. example: h2;http/1.1

certificate: aws_byte_buf

A PEM armored PKCS#7 certificate as a string. It is supported on every operating system.

private_key: aws_byte_buf

A PEM armored PKCS#7 private key as a string.

On windows, this field should be NULL only if you are using a system installed certficate.

max_fragment_size: usize

max tls fragment size. Default is the value of g_aws_channel_max_fragment_size.

verify_peer: bool

default is true for clients and false for servers. You should not change this default for clients unless you’re testing and don’t want to fool around with CA trust stores. Before you release to production, you’ll want to turn this back on and add your custom CA to the aws_tls_ctx_options.

If you set this in server mode, it enforces client authentication.

ctx_options_extension: *mut c_void

For use when adding BYO_CRYPTO implementations. You can set extra data in here for use with your TLS implementation.

custom_key_op_handler: *mut aws_custom_key_op_handler

Set if using custom private key operations. See aws_custom_key_op_handler for more details

Note: Custom key operations (and PKCS#11 integration) hasn’t been tested with TLS 1.3, so don’t use cipher preferences that allow TLS 1.3. If this is set, we will always use non TLS 1.3 preferences.

Trait Implementations

impl Clone for aws_tls_ctx_options

fn clone(&self) -> aws_tls_ctx_options

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for aws_tls_ctx_options

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for aws_tls_ctx_options

fn default() -> Self

Returns the “default value” for a type.

impl PartialEq<aws_tls_ctx_options> for aws_tls_ctx_options

fn eq(&self, other: &aws_tls_ctx_options) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Copy for aws_tls_ctx_options

impl Eq for aws_tls_ctx_options

impl StructuralEq for aws_tls_ctx_options

impl StructuralPartialEq for aws_tls_ctx_options