udp_dtls

Struct DtlsConnectorBuilder

Source 
pub struct DtlsConnectorBuilder { /* private fields */ }
Expand description

A builder for DtlsConnectors.

With this builder you can configure the following DTLS properties:

  • The identity to be used for client certificate authentication
  • Adding and enabling the the DTLS extension ‘use_srtp’
  • Configuring min/max supported DTLS versions
  • Adding a certificate to the set of roots that the connector will trust
  • Allowing invalid hostnames/certs for the connection
  • Enabling Server Name Indication (SNI)

Implementations§

Source§

impl DtlsConnectorBuilder

Source

pub fn identity(&mut self, identity: Identity) -> &mut DtlsConnectorBuilder

Sets the identity to be used for client certificate authentication.

Source

pub fn min_protocol_version( &mut self, protocol: Option<Protocol>, ) -> &mut DtlsConnectorBuilder

Sets the minimum supported protocol version.

A value of None enables support for the oldest protocols supported by the implementation.

Defaults to Some(Protocol::Dtlsv10).

§Underlying SSL

This will be used for setting the ssl options witch corresponds to SSL_CTX_set_options.

Source

pub fn max_protocol_version( &mut self, protocol: Option<Protocol>, ) -> &mut DtlsConnectorBuilder

Sets the maximum supported protocol version.

A value of None enables support for the newest protocols supported by the implementation.

Defaults to None.

§Underlying SSL

This will be used for setting the ssl options witch corresponds to SSL_CTX_set_options.

Source

pub fn add_srtp_profile( &mut self, profile: SrtpProfile, ) -> &mut DtlsConnectorBuilder

Enables the DTLS extension ‘use_srtp’ as defined in RFC5764.

§Underlying SSL

This corresponds to SSL_CTX_set_tlsext_use_srtp.

Examples found in repository?
examples/udp_socket.rs (line 21)
12fn main() {
13    let buffer = include_bytes!("../test/identity.p12");
14    let identity = Identity::from_pkcs12(buffer, "mypass").unwrap();
15
16    let root_ca = include_bytes!("../test/root-ca.der");
17    let root_ca = Certificate::from_der(root_ca).unwrap();
18
19    let acceptor = DtlsAcceptor::builder(identity).build().unwrap();
20    let connector = DtlsConnector::builder()
21        .add_srtp_profile(SrtpProfile::Aes128CmSha180)
22        .add_srtp_profile(SrtpProfile::AeadAes256Gcm)
23        .add_root_certificate(root_ca)
24        .build()
25        .unwrap();
26
27    let server = UdpSocket::bind("127.0.0.1:0").unwrap();
28    let client = UdpSocket::bind("127.0.0.1:0").unwrap();
29
30    let server_addr = server.local_addr().unwrap();
31    let client_addr = client.local_addr().unwrap();
32
33    let server_channel = UdpChannel {
34        socket: server,
35        remote_addr: client_addr,
36    };
37
38    let client_channel = UdpChannel {
39        socket: client,
40        remote_addr: server_addr,
41    };
42
43    let guard = thread::spawn(move || {
44        let mut dtls_server = acceptor.accept(server_channel).unwrap();
45
46        let mut count = 0;
47
48        while true {
49            let mut received = [0; 5];
50
51            dtls_server.read_exact(&mut received);
52
53            println!(
54                "{:?} {:?}",
55                count,
56                String::from_utf8_lossy(received.as_ref())
57            );
58
59            count = count + 1;
60            thread::sleep(Duration::from_millis(2));
61        }
62    });
63
64    let mut dtls_client = connector.connect("foobar.com", client_channel).unwrap();
65
66    while true {
67        let mut buf = [0; 5];
68
69        let buf = b"hello";
70        dtls_client.write_all(buf);
71
72        thread::sleep(Duration::from_millis(30));
73    }
74}
Source

pub fn add_root_certificate( &mut self, cert: Certificate, ) -> &mut DtlsConnectorBuilder

Adds a certificate to the set of roots that the connector will trust.

The connector will use the system’s trust root by default. This method can be used to add to that set when communicating with servers not trusted by the system.

Defaults to an empty set.

§Underlying SSL

This will add a certificate to the certificate store. X509_STORE_add_cert.

Examples found in repository?
examples/udp_socket.rs (line 23)
12fn main() {
13    let buffer = include_bytes!("../test/identity.p12");
14    let identity = Identity::from_pkcs12(buffer, "mypass").unwrap();
15
16    let root_ca = include_bytes!("../test/root-ca.der");
17    let root_ca = Certificate::from_der(root_ca).unwrap();
18
19    let acceptor = DtlsAcceptor::builder(identity).build().unwrap();
20    let connector = DtlsConnector::builder()
21        .add_srtp_profile(SrtpProfile::Aes128CmSha180)
22        .add_srtp_profile(SrtpProfile::AeadAes256Gcm)
23        .add_root_certificate(root_ca)
24        .build()
25        .unwrap();
26
27    let server = UdpSocket::bind("127.0.0.1:0").unwrap();
28    let client = UdpSocket::bind("127.0.0.1:0").unwrap();
29
30    let server_addr = server.local_addr().unwrap();
31    let client_addr = client.local_addr().unwrap();
32
33    let server_channel = UdpChannel {
34        socket: server,
35        remote_addr: client_addr,
36    };
37
38    let client_channel = UdpChannel {
39        socket: client,
40        remote_addr: server_addr,
41    };
42
43    let guard = thread::spawn(move || {
44        let mut dtls_server = acceptor.accept(server_channel).unwrap();
45
46        let mut count = 0;
47
48        while true {
49            let mut received = [0; 5];
50
51            dtls_server.read_exact(&mut received);
52
53            println!(
54                "{:?} {:?}",
55                count,
56                String::from_utf8_lossy(received.as_ref())
57            );
58
59            count = count + 1;
60            thread::sleep(Duration::from_millis(2));
61        }
62    });
63
64    let mut dtls_client = connector.connect("foobar.com", client_channel).unwrap();
65
66    while true {
67        let mut buf = [0; 5];
68
69        let buf = b"hello";
70        dtls_client.write_all(buf);
71
72        thread::sleep(Duration::from_millis(30));
73    }
74}
Source

pub fn danger_accept_invalid_certs( &mut self, accept_invalid_certs: bool, ) -> &mut DtlsConnectorBuilder

Controls the use of certificate validation.

Defaults to false.

§Warning

You should think very carefully before using this method. If invalid certificates are trusted, any certificate for any site will be trusted for use. This includes expired certificates. This introduces significant vulnerabilities, and should only be used as a last resort.

Source

pub fn use_sni(&mut self, use_sni: bool) -> &mut DtlsConnectorBuilder

Controls the use of Server Name Indication (SNI).

Defaults to true.

Source

pub fn danger_accept_invalid_hostnames( &mut self, accept_invalid_hostnames: bool, ) -> &mut DtlsConnectorBuilder

Controls the use of hostname verification.

Defaults to false.

§Warning

You should think very carefully before using this method. If invalid hostnames are trusted, any valid certificate for any site will be trusted for use. This introduces significant vulnerabilities, and should only be used as a last resort.

Source

pub fn build(&self) -> Result<DtlsConnector>

Creates a new DtlsConnector with the settings from this builder.

Examples found in repository?
examples/udp_socket.rs (line 24)
12fn main() {
13    let buffer = include_bytes!("../test/identity.p12");
14    let identity = Identity::from_pkcs12(buffer, "mypass").unwrap();
15
16    let root_ca = include_bytes!("../test/root-ca.der");
17    let root_ca = Certificate::from_der(root_ca).unwrap();
18
19    let acceptor = DtlsAcceptor::builder(identity).build().unwrap();
20    let connector = DtlsConnector::builder()
21        .add_srtp_profile(SrtpProfile::Aes128CmSha180)
22        .add_srtp_profile(SrtpProfile::AeadAes256Gcm)
23        .add_root_certificate(root_ca)
24        .build()
25        .unwrap();
26
27    let server = UdpSocket::bind("127.0.0.1:0").unwrap();
28    let client = UdpSocket::bind("127.0.0.1:0").unwrap();
29
30    let server_addr = server.local_addr().unwrap();
31    let client_addr = client.local_addr().unwrap();
32
33    let server_channel = UdpChannel {
34        socket: server,
35        remote_addr: client_addr,
36    };
37
38    let client_channel = UdpChannel {
39        socket: client,
40        remote_addr: server_addr,
41    };
42
43    let guard = thread::spawn(move || {
44        let mut dtls_server = acceptor.accept(server_channel).unwrap();
45
46        let mut count = 0;
47
48        while true {
49            let mut received = [0; 5];
50
51            dtls_server.read_exact(&mut received);
52
53            println!(
54                "{:?} {:?}",
55                count,
56                String::from_utf8_lossy(received.as_ref())
57            );
58
59            count = count + 1;
60            thread::sleep(Duration::from_millis(2));
61        }
62    });
63
64    let mut dtls_client = connector.connect("foobar.com", client_channel).unwrap();
65
66    while true {
67        let mut buf = [0; 5];
68
69        let buf = b"hello";
70        dtls_client.write_all(buf);
71
72        thread::sleep(Duration::from_millis(30));
73    }
74}

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.