Struct security_framework::secure_transport::SslContext
source · [−]pub struct SslContext(_);
Expand description
A Secure Transport SSL/TLS context object.
Implementations
Creates a new SslContext
for the specified side and type of SSL
connection.
Sets the fully qualified domain name of the peer.
This will be used on the client side of a session to validate the
common name field of the server’s certificate. It has no effect if
called on a server-side SslContext
.
It is highly recommended to call this method before starting the handshake process.
Returns the peer domain name set by set_peer_domain_name
.
pub fn set_certificate(
&mut self,
identity: &SecIdentity,
certs: &[SecCertificate]
) -> Result<()>
pub fn set_certificate(
&mut self,
identity: &SecIdentity,
certs: &[SecCertificate]
) -> Result<()>
Sets the certificate to be used by this side of the SSL session.
This must be called before the handshake for server-side connections, and can be used on the client-side to specify a client certificate.
The identity
corresponds to the leaf certificate and private
key, and the certs
correspond to extra certificates in the chain.
Sets the peer ID of this session.
A peer ID is an opaque sequence of bytes that will be used by Secure Transport to identify the peer of an SSL session. If the peer ID of this session matches that of a previously terminated session, the previous session can be resumed without requiring a full handshake.
Returns the list of ciphers that are supported by Secure Transport.
Returns the list of ciphers that are eligible to be used for negotiation.
Sets the list of ciphers that are eligible to be used for negotiation.
Returns the cipher being used by the session.
Sets the requirements for client certificates.
Should only be called on server-side sessions.
Returns the state of client certificate processing.
Returns the SecTrust
object corresponding to the peer.
This can be used in conjunction with set_break_on_server_auth
to
validate certificates which do not have roots in the default set.
Returns the state of the session.
Returns the protocol version being used by the session.
Returns the maximum protocol version allowed by the session.
Sets the maximum protocol version allowed by the session.
Returns the minimum protocol version allowed by the session.
Sets the minimum protocol version allowed by the session.
pub fn set_protocol_version_enabled(
&mut self,
protocol: SslProtocol,
enabled: bool
) -> Result<()>
👎 Deprecated: use set_protocol_version_max
pub fn set_protocol_version_enabled(
&mut self,
protocol: SslProtocol,
enabled: bool
) -> Result<()>
use set_protocol_version_max
Sets whether a protocol is enabled or not.
Note
On OSX this is a deprecated API in favor of set_protocol_version_max
and
set_protocol_version_min
, although if you’re working with OSX 10.8 or before you may have
to use this API instead.
Returns the number of bytes which can be read without triggering a
read
call in the underlying stream.
If enabled, the handshake process will pause and return instead of automatically validating a server’s certificate.
If enabled, the handshake process will pause and return instead of automatically validating a server’s certificate.
If enabled, the handshake process will pause and return after the server requests a certificate from the client.
If enabled, the handshake process will pause and return after the server requests a certificate from the client.
If enabled, the handshake process will pause and return instead of automatically validating a client’s certificate.
If enabled, the handshake process will pause and return instead of automatically validating a client’s certificate.
If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.
Requires the OSX_10_9
(or greater) feature.
If enabled, TLS false start will be performed if an appropriate cipher suite is negotiated.
Requires the OSX_10_9
(or greater) feature.
If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.
Requires the OSX_10_9
(or greater) feature.
If enabled, 1/n-1 record splitting will be enabled for TLS 1.0 connections using block ciphers to mitigate the BEAST attack.
Requires the OSX_10_9
(or greater) feature.
Trait Implementations
Returns the DER encoded data specifying the parameters used for Diffie-Hellman key exchange. Read more
Sets the parameters used for Diffie-Hellman key exchange, in the DER format used by OpenSSL. Read more
Returns the certificate authorities used to validate client certificates. Read more
Sets the certificate authorities used to validate client certificates, replacing any that are already present. Read more
Adds certificate authorities used to validate client certificates.
type Ref = SSLContextRef
type Ref = SSLContextRef
The reference type wrapped inside this type.
Returns the object as its concrete TypeRef.
Returns an instance of the object, wrapping the underlying CFTypeRef
subclass. Use this
when following Core Foundation’s “Get Rule”. The reference count is bumped. Read more
Returns the object as a raw CFTypeRef
. The reference count is not adjusted.
Returns an instance of the object, wrapping the underlying CFTypeRef
subclass. Use this
when following Core Foundation’s “Create Rule”. The reference count is not bumped. Read more
Returns the object as a wrapped CFType
. The reference count is incremented by one.
Returns the object as a wrapped CFType
. Consumes self and avoids changing the reference
count. Read more
Returns the reference count of the object. It is unwise to do anything other than test whether the return value of this method is greater than zero. Read more
Returns true if this value is an instance of another type.
Auto Trait Implementations
Blanket Implementations
Mutably borrows from an owned value. Read more