Struct openssl::ssl::SslRef[][src]

pub struct SslRef(_);
Expand description

Reference to an Ssl.

Implementations

Configure as an outgoing stream from a client.

This corresponds to SSL_set_connect_state.

Configure as an incoming stream to a server.

This corresponds to SSL_set_accept_state.

Like SslContextBuilder::set_verify.

This corresponds to SSL_set_verify.

Returns the verify mode that was set using set_verify.

This corresponds to SSL_get_verify_mode.

Like SslContextBuilder::set_verify_callback.

This corresponds to SSL_set_verify.

Like SslContextBuilder::set_tmp_dh.

This corresponds to SSL_set_tmp_dh.

Like SslContextBuilder::set_tmp_dh_callback.

This corresponds to SSL_set_tmp_dh_callback.

Like SslContextBuilder::set_tmp_ecdh.

This corresponds to SSL_set_tmp_ecdh.

Like SslContextBuilder::set_alpn_protos.

Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.

This corresponds to SSL_set_alpn_protos.

Returns the current cipher if the session is active.

This corresponds to SSL_get_current_cipher.

Returns a short string describing the state of the session.

This corresponds to SSL_state_string.

Returns a longer string describing the state of the session.

This corresponds to SSL_state_string_long.

Sets the host name to be sent to the server for Server Name Indication (SNI).

It has no effect for a server-side connection.

This corresponds to SSL_set_tlsext_host_name.

Returns the peer’s certificate, if present.

This corresponds to SSL_get_peer_certificate.

Returns the certificate chain of the peer, if present.

On the client side, the chain includes the leaf certificate, but on the server side it does not. Fun!

This corresponds to SSL_get_peer_cert_chain.

Returns the verified certificate chain of the peer, including the leaf certificate.

If verification was not successful (i.e. verify_result does not return X509VerifyResult::OK), this chain may be incomplete or invalid.

Requires OpenSSL 1.1.0 or newer.

This corresponds to SSL_get0_verified_chain.

Like SslContext::certificate.

This corresponds to SSL_get_certificate.

Like SslContext::private_key.

This corresponds to SSL_get_privatekey.

👎 Deprecated since 0.10.5:

renamed to version_str

Returns the protocol version of the session.

This corresponds to SSL_version.

Returns a string describing the protocol version of the session.

This corresponds to SSL_get_version.

Returns the protocol selected via Application Layer Protocol Negotiation (ALPN).

The protocol’s name is returned is an opaque sequence of bytes. It is up to the client to interpret it.

Requires OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.

This corresponds to SSL_get0_alpn_selected.

Enables the DTLS extension “use_srtp” as defined in RFC5764.

This corresponds to SSL_set_tlsext_use_srtp.

Gets all SRTP profiles that are enabled for handshake via set_tlsext_use_srtp

DTLS extension “use_srtp” as defined in RFC5764 has to be enabled.

This corresponds to SSL_get_srtp_profiles.

Gets the SRTP profile selected by handshake.

DTLS extension “use_srtp” as defined in RFC5764 has to be enabled.

This corresponds to SSL_get_selected_srtp_profile.

Returns the number of bytes remaining in the currently processed TLS record.

If this is greater than 0, the next call to read will not call down to the underlying stream.

This corresponds to SSL_pending.

Returns the servername sent by the client via Server Name Indication (SNI).

It is only useful on the server side.

This corresponds to SSL_get_servername.

Note

While the SNI specification requires that servernames be valid domain names (and therefore ASCII), OpenSSL does not enforce this restriction. If the servername provided by the client is not valid UTF-8, this function will return None. The servername_raw method returns the raw bytes and does not have this restriction.

Returns the servername sent by the client via Server Name Indication (SNI).

It is only useful on the server side.

This corresponds to SSL_get_servername.

Note

Unlike servername, this method does not require the name be valid UTF-8.

Changes the context corresponding to the current connection.

It is most commonly used in the Server Name Indication (SNI) callback.

This corresponds to SSL_set_SSL_CTX.

Returns the context corresponding to the current connection.

This corresponds to SSL_get_SSL_CTX.

Returns a mutable reference to the X509 verification configuration.

Requires OpenSSL 1.0.2 or newer.

This corresponds to SSL_get0_param.

Returns the certificate verification result.

This corresponds to SSL_get_verify_result.

Returns a shared reference to the SSL session.

This corresponds to SSL_get_session.

Copies the client_random value sent by the client in the TLS handshake into a buffer.

Returns the number of bytes copied, or if the buffer is empty, the size of the client_random value.

Requires OpenSSL 1.1.0 or newer.

This corresponds to SSL_get_client_random.

Copies the server_random value sent by the server in the TLS handshake into a buffer.

Returns the number of bytes copied, or if the buffer is empty, the size of the server_random value.

Requires OpenSSL 1.1.0 or newer.

This corresponds to SSL_get_server_random.

Derives keying material for application use in accordance to RFC 5705.

This corresponds to SSL_export_keying_material.

Derives keying material for application use in accordance to RFC 5705.

This function is only usable with TLSv1.3, wherein there is no distinction between an empty context and no context. Therefore, unlike export_keying_material, context must always be supplied.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_export_keying_material_early.

Sets the session to be used.

This should be called before the handshake to attempt to reuse a previously established session. If the server is not willing to reuse the session, a new one will be transparently negotiated.

This corresponds to SSL_set_session.

Safety

The caller of this method is responsible for ensuring that the session is associated with the same SslContext as this Ssl.

Determines if the session provided to set_session was successfully reused.

This corresponds to SSL_session_reused.

Sets the status response a client wishes the server to reply with.

This corresponds to SSL_set_tlsext_status_type.

Returns the server’s OCSP response, if present.

This corresponds to SSL_get_tlsext_status_ocsp_resp.

Sets the OCSP response to be returned to the client.

This corresponds to SSL_set_tlsext_status_ocsp_resp.

Determines if this Ssl is configured for server-side or client-side use.

This corresponds to SSL_is_server.

Sets the extra data at the specified index.

This can be used to provide data to callbacks registered with the context. Use the Ssl::new_ex_index method to create an Index.

This corresponds to SSL_set_ex_data.

Returns a reference to the extra data at the specified index.

This corresponds to SSL_get_ex_data.

Returns a mutable reference to the extra data at the specified index.

This corresponds to SSL_get_ex_data.

Sets the maximum amount of early data that will be accepted on this connection.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_set_max_early_data.

Gets the maximum amount of early data that can be sent on this connection.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_get_max_early_data.

Copies the contents of the last Finished message sent to the peer into the provided buffer.

The total size of the message is returned, so this can be used to determine the size of the buffer required.

This corresponds to SSL_get_finished.

Copies the contents of the last Finished message received from the peer into the provided buffer.

The total size of the message is returned, so this can be used to determine the size of the buffer required.

This corresponds to SSL_get_peer_finished.

Determines if the initial handshake has been completed.

This corresponds to SSL_is_init_finished.

Determines if the client’s hello message is in the SSLv2 format.

This can only be used inside of the client hello callback. Otherwise, false is returned.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_client_hello_isv2.

Returns the legacy version field of the client’s hello message.

This can only be used inside of the client hello callback. Otherwise, None is returned.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_client_hello_get0_legacy_version.

Returns the random field of the client’s hello message.

This can only be used inside of the client hello callback. Otherwise, None is returned.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_client_hello_get0_random.

Returns the session ID field of the client’s hello message.

This can only be used inside of the client hello callback. Otherwise, None is returned.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_client_hello_get0_session_id.

Returns the ciphers field of the client’s hello message.

This can only be used inside of the client hello callback. Otherwise, None is returned.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_client_hello_get0_ciphers.

Returns the compression methods field of the client’s hello message.

This can only be used inside of the client hello callback. Otherwise, None is returned.

Requires OpenSSL 1.1.1 or newer.

This corresponds to SSL_client_hello_get0_compression_methods.

Sets the MTU used for DTLS connections.

This corresponds to SSL_set_mtu.

Trait Implementations

Performs the conversion.

Immutably borrows from an owned value. Read more

Formats the value using the given formatter. Read more

The raw C type.

Constructs a shared instance of this type from its raw type.

Constructs a mutable reference of this type from its raw type.

Returns a raw pointer to the wrapped value.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.