Struct trust_dns_native_tls::tls_stream::TlsStreamBuilder
[−]
[src]
pub struct TlsStreamBuilder { /* fields omitted */ }A builder for the TlsStream
Methods
impl TlsStreamBuilder[src]
pub fn new() -> TlsStreamBuilder[src]
Constructs a new TlsStreamBuilder
pub fn add_ca(&mut self, ca: Certificate)[src]
Add a custom trusted peer certificate or certificate auhtority.
If this is the 'client' then the 'server' must have it associated as it's identity, or have had the identity signed by this certificate.
pub fn build<E>(
self,
name_server: SocketAddr,
dns_name: String
) -> (Box<Future<Item = TlsStream, Error = Error> + Send>, BufStreamHandle<E>) where
E: FromProtoError, [src]
self,
name_server: SocketAddr,
dns_name: String
) -> (Box<Future<Item = TlsStream, Error = Error> + Send>, BufStreamHandle<E>) where
E: FromProtoError,
Creates a new TlsStream to the specified name_server
RFC 7858, DNS over TLS, May 2016
3.2. TLS Handshake and Authentication
Once the DNS client succeeds in connecting via TCP on the well-known
port for DNS over TLS, it proceeds with the TLS handshake [RFC5246],
following the best practices specified in [BCP195].
The client will then authenticate the server, if required. This
document does not propose new ideas for authentication. Depending on
the privacy profile in use (Section 4), the DNS client may choose not
to require authentication of the server, or it may make use of a
trusted Subject Public Key Info (SPKI) Fingerprint pin set.
After TLS negotiation completes, the connection will be encrypted and
is now protected from eavesdropping.
Arguments
name_server- IP and Port for the remote DNS resolverdns_name- The DNS name, Public Key Info (SPKI) name, as associated to a certificate