Skip to main content

TlsManager

synapse_pingora::tls

Struct TlsManager 

Source 
pub struct TlsManager { /* private fields */ }
Expand description

TLS manager with SNI-based certificate selection and hot reload.

§Performance (PERF-P2-2)

Uses ahash::RandomState for 2-3x faster HashMap operations.

Implementations§

Source§

impl TlsManager

Source

pub fn new(min_version: TlsVersion) -> Self

Creates a new TLS manager with the specified minimum version.

Source

pub fn with_tls12_minimum() -> Self

Creates a TLS manager with TLS 1.2 minimum.

Source

pub fn load_cert(&self, config: &TlsCertConfig) -> Result<(), TlsError>

Loads a certificate from files.

§Security
  • Validates file paths for traversal attacks
  • Enforces file size limits
  • Never logs private key paths or contents
Source

pub fn set_default_cert(&self, config: &TlsCertConfig) -> Result<(), TlsError>

Sets the default certificate for unmatched domains.

Source

pub fn get_cert(&self, domain: &str) -> Option<Arc<CertifiedKey>>

Gets the certificate for a domain using SNI matching.

§Matching Order
  1. Exact domain match
  2. Wildcard match (*.example.com matches sub.example.com)
  3. Default certificate
Source

pub fn reload_all(&self) -> ReloadResult

Reloads all certificates from their original paths. This is called on SIGHUP for hot reload.

§Hot Reload Strategy

Certificates are reloaded atomically: new certificates are loaded into temporary maps, then swapped in all at once. If any certificate fails to load, all successfully loaded certificates are still applied and failures are reported.

§Returns

ReloadResult containing counts of succeeded/failed reloads and error details.

Source

pub fn reload_cert(&self, domain: &str) -> Result<(), TlsError>

Reloads a single certificate by domain.

§Arguments
  • domain - The domain to reload (case-insensitive)
§Returns

Ok(()) if successful, or the error that occurred.

Source

pub fn configured_domains(&self) -> Vec<String>

Returns the list of configured domains (for monitoring/diagnostics).

Source

pub fn has_cert_config(&self, domain: &str) -> bool

Returns true if a certificate is configured for the given domain.

Source

pub fn min_version(&self) -> TlsVersion

Returns the minimum TLS version.

Source

pub fn cert_count(&self) -> usize

Returns the number of loaded certificates.

Trait Implementations§

Source§

impl Default for TlsManager

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> Downcast for T
where T: Any,

Source§

fn into_any(self: Box<T>) -> Box<dyn Any>

Convert Box<dyn Trait> (where Trait: Downcast) to Box<dyn Any>. Box<dyn Any> can then be further downcast into Box<ConcreteType> where ConcreteType implements Trait.
Source§

fn into_any_rc(self: Rc<T>) -> Rc<dyn Any>

Convert Rc<Trait> (where Trait: Downcast) to Rc<Any>. Rc<Any> can then be further downcast into Rc<ConcreteType> where ConcreteType implements Trait.
Source§

fn as_any(&self) -> &(dyn Any + 'static)

Convert &Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &Any’s vtable from &Trait’s.
Source§

fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)

Convert &mut Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &mut Any’s vtable from &mut Trait’s.
Source§

impl<T> DowncastSync for T
where T: Any + Send + Sync,

Source§

fn into_any_arc(self: Arc<T>) -> Arc<dyn Any + Sync + Send>

Convert Arc<Trait> (where Trait: Downcast) to Arc<Any>. Arc<Any> can then be further downcast into Arc<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,