security_framework

Module secure_transport

Source
Expand description

SSL/TLS encryption support using Secure Transport.

§Examples

To connect as a client to a server with a certificate trusted by the system:

use security_framework::secure_transport::ClientBuilder;
use std::io::prelude::*;
use std::net::TcpStream;

let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = ClientBuilder::new().handshake("google.com", stream).unwrap();

stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut page = vec![];
stream.read_to_end(&mut page).unwrap();
println!("{}", String::from_utf8_lossy(&page));

To connect to a server with a certificate that’s not trusted by the system, specify the root certificates for the server’s chain to the ClientBuilder:

use security_framework::secure_transport::ClientBuilder;
use std::io::prelude::*;
use std::net::TcpStream;

let stream = TcpStream::connect("my_server.com:443").unwrap();
let mut stream = ClientBuilder::new()
    .anchor_certificates(&[root_cert])
    .handshake("my_server.com", stream)
    .unwrap();

stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut page = vec![];
stream.read_to_end(&mut page).unwrap();
println!("{}", String::from_utf8_lossy(&page));

For more advanced configuration, the SslContext type can be used directly.

To run a server:

use security_framework::secure_transport::{SslConnectionType, SslContext, SslProtocolSide};
use std::net::TcpListener;
use std::thread;

// Create a TCP listener and start accepting on it.
let mut listener = TcpListener::bind("0.0.0.0:443").unwrap();

for stream in listener.incoming() {
    let stream = stream.unwrap();
    thread::spawn(move || {
        // Create a new context configured to operate on the server side of
        // a traditional SSL/TLS session.
        let mut ctx = SslContext::new(SslProtocolSide::SERVER, SslConnectionType::STREAM)
                          .unwrap();

        // Install the certificate chain that we will be using.
        ctx.set_certificate(identity, &[intermediate_cert, root_cert]).unwrap();

        // Perform the SSL/TLS handshake and get our stream.
        let mut stream = ctx.handshake(stream).unwrap();
    });
}

Structs§

ClientBuilder
A builder type to simplify the creation of client side SslStreams.
MidHandshakeClientBuilder
An SSL stream midway through the handshake process.
MidHandshakeSslStream
An SSL stream midway through the handshake process.
ServerBuilder
A builder type to simplify the creation of server-side SslStreams.
SessionState
Specifies the state of a TLS session.
SslAuthenticate
Specifies a server’s requirement for client certificates.
SslClientCertificateState
Specifies the state of client certificate processing.
SslConnectionType
Specifies the type of TLS session.
SslContext
A Secure Transport SSL/TLS context object.
SslProtocol
Specifies protocol versions.
SslProtocolSide
Specifies a side of a TLS session.
SslStream
A type implementing SSL/TLS encryption over an underlying stream.

Enums§

ClientHandshakeError
An error or intermediate state after a TLS handshake attempt.
HandshakeError
An error or intermediate state after a TLS handshake attempt.