Struct wolfssl::Session

pub struct Session<IOCB: IOCallbacks> { /* private fields */ }

Wraps a WOLFSSL pointer, as well as the additional fields needed to write into, and read from, wolfSSL’s custom IO callbacks.

Implementations

impl<IOCB: IOCallbacks> Session<IOCB>

pub fn new_from_context( ctx: &Context, config: SessionConfig<IOCB>, ) -> Result<Self, NewSessionError>

Invokes wolfSSL_new

pub fn version(&mut self) -> ProtocolVersion

Gets the protocol version used for the session. Invokes wolfssl_sys::wolfSSL_version

No online documentation available for wolfSSL_version

pub fn get_current_cipher_name(&mut self) -> Option<String>

Gets the current cipher of the session. If the cipher name is “None”, return None.

pub fn set_verify(&mut self, mode: SslVerifyMode)

Sets verification method for remote peers

pub fn get_current_curve_name(&mut self) -> Option<String>

Gets the current curve of the session if ECDH was used, otherwise None.

pub fn is_init_finished(&mut self) -> bool

Invokes wolfSSL_is_init_finished

“Init” in this case is the formation of the TLS connection.

pub fn io_cb(&self) -> &IOCB

Get a reference to the IOCB embedded in this session

pub fn io_cb_mut(&mut self) -> &mut IOCB

Get a mutable reference to the IOCB embedded in this session

pub fn try_negotiate(&mut self) -> Result<Poll<()>, Error>

Invokes wolfSSL_negotiate once.

The distinction is important because it takes more than one invocation to successfully form a secure session.

This method will trigger WolfSSL’s IO callbacks

pub fn try_shutdown(&mut self) -> Result<Poll<bool>, Error>

Invokes wolfSSL_shutdown once.

Returns Poll::Ready(true) if the connection has been fully (bidirectionally) shutdown, including having seen the “closing notify” message from the peer.

Returns Poll::Ready(false) if the connection has only been shutdown from this end. If you intend to reuse the connection then you must call try_shutdown again. You do not need to poll for new I/O first, Poll::Pending{Read,Write} will be returned if I/O is required.

If there is no intent to reuse the connection, you do not need to await for a response from the other side and Poll::Ready(false) can be ignored.

pub fn try_write( &mut self, data_in: &mut BytesMut, ) -> Result<Poll<usize>, Error>

Invokes wolfSSL_write once.

Given a buffer, consumes as much of it as possible, writing into the network.

This method will return the number of bytes that was successfully written into wolfSSL.

It is not guaranteed that the entire buffer will be consumed, since we only invoke wolfSSL_write once.

pub fn try_read( &mut self, data_out: &mut BytesMut, ) -> Result<Poll<usize>, Error>

Invokes wolfSSL_read once.

This can be thought of as the inverse to Self::try_write:

• It reads data from WolfSSL into a buffer.
• It appends data to the given buffer, up to its given capacity.
  • It does not alter existing data inside the buffer.

pub fn is_secure_renegotiation_supported(&mut self) -> bool

Checks if this session supports secure renegotiation

Only some D/TLS connections support secure renegotiation, so this method checks if it’s something we can do here.

pub fn is_secure_renegotiation_pending(&mut self) -> bool

Checks if there is an ongoing secure renegotiation triggered by Self::try_rehandshake.

pub fn try_rehandshake(&mut self) -> Result<Poll<()>, Error>

Invokes wolfSSL_Rehandshake once.

Is a no-op unless the session supports secure renegotiation.

pub fn try_trigger_update_key(&mut self) -> Result<Poll<()>, Error>

Invokes wolfSSL_update_keys once

pub fn is_update_keys_pending(&mut self) -> bool

Invokes wolfSSL_key_update_response

Returns true if the client has sent a key update and is expecting a response, false otherwise.

Note that this is a TLS/DTLS 1.3 only feature. If the session is not TLS/DTLS 1.3 we will always return false.

pub fn dtls_current_timeout(&mut self) -> Duration

Invokes wolfSSL_dtls_get_current_timeout.

This reports how long the calling application needs to wait for available received data, in seconds.

WolfSSL implements a backoff, so the returned value will likely change.

pub fn dtls_set_timeout(&mut self, time: Duration) -> Result<()>

Invokes wolfSSL_dtls_set_timeout_init

This sets both the initial timeout (the value WolfSSL uses before any kind of backoff), and the current, ongoing timeout if there is one.

There are multiple timeout values because WolfSSL has a backoff.

The duration:

• Should not be 0
• Should not exceed the current maximum timeout (refer to Self::dtls_set_max_timeout).

Truncates to the nearest second.

pub fn dtls_set_max_timeout(&mut self, time: Duration) -> Result<()>

Invokes wolfSSL_dtls_set_timeout_max

This sets the maximum amount of time WolfSSL is allowed to wait before declaring a timeout, including backoff. (defaults to DTLS_TIMEOUT_MAX)

Returns an error if the argument is set to 0, exceeds WolfSSL’s internal limits, or if the argument is lower than the current timeout as set by Self::dtls_set_timeout.

Truncates to the nearest second.

pub fn dtls_has_timed_out(&mut self) -> Poll<bool>

Invokes wolfSSL_dtls_got_timeout

pub fn dtls13_use_quick_timeout(&mut self) -> bool

Invokes wolfSSL_dtls13_use_quick_timeout

pub fn dtls13_allow_ch_frag(&mut self, enabled: bool) -> Result<()>

Invokes wolfSSL_dtls13_allow_ch_frag

Trait Implementations

impl<IOCB: IOCallbacks> Drop for Session<IOCB>

fn drop(&mut self)

Invokes wolfSSL_free