Expand description
SSL/TLS support.
SslConnector
and SslAcceptor
should be used in most cases - they handle
configuration of the OpenSSL primitives for you.
§Examples
To connect as a client to a remote server:
use openssl::ssl::{SslMethod, SslConnector};
use std::io::{Read, Write};
use std::net::TcpStream;
let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();
let stream = TcpStream::connect("google.com:443").unwrap();
let mut stream = connector.connect("google.com", stream).unwrap();
stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut res = vec![];
stream.read_to_end(&mut res).unwrap();
println!("{}", String::from_utf8_lossy(&res));
To accept connections as a server from remote clients:
use openssl::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype};
use std::net::{TcpListener, TcpStream};
use std::sync::Arc;
use std::thread;
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
acceptor.set_private_key_file("key.pem", SslFiletype::PEM).unwrap();
acceptor.set_certificate_chain_file("certs.pem").unwrap();
acceptor.check_private_key().unwrap();
let acceptor = Arc::new(acceptor.build());
let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
fn handle_client(stream: SslStream<TcpStream>) {
// ...
}
for stream in listener.incoming() {
match stream {
Ok(stream) => {
let acceptor = acceptor.clone();
thread::spawn(move || {
let stream = acceptor.accept(stream).unwrap();
handle_client(stream);
});
}
Err(e) => { /* connection failed */ }
}
}
Structs§
- An error returned from an ALPN selection callback.
- Information about the state of a cipher.
- A stack of selected ciphers, and a stack of selected signalling cipher suites
- The result of a client hello callback.
- A type which allows for configuration of a client-side TLS session before connection.
- An SSL error.
- An error code returned from SSL functions.
- Which messages and under which conditions an extension should be added or expected.
- An SSL stream midway through the handshake process.
- An identifier of a session name type.
- The shutdown state of a session.
- An error returned from the SNI callback.
- The state of an SSL/TLS session.
- A type which wraps server-side streams in a TLS session.
- A builder for
SslAcceptor
s. - An SSL/TLS alert.
- Information about a cipher.
- Reference to an
SslCipher
. - A type which wraps client-side streams in a TLS session.
- A builder for
SslConnector
s. - A context object for TLS streams.
- A builder for
SslContext
s. - Reference to
SslContext
- An identifier of the format of a certificate or key file.
- A type specifying the kind of protocol an
SslContext
will speak. - Options controlling the behavior of an
SslContext
. - Options controlling the behavior of an
SslContext
. - Reference to an
Ssl
. - An encoded SSL session.
- Options controlling the behavior of session caching.
- Reference to
SslSession
. - A TLS session over a stream.
- SslStream
Builder Deprecated A partially constructedSslStream
, useful for unusual handshakes. - Options controlling the behavior of certificate verification.
- An SSL/TLS protocol version.
- An identifier of a certificate status type.
Enums§
- An error or intermediate state after a TLS handshake attempt.
- The result of a shutdown request.
Functions§
- Returns the OpenSSL name of a cipher corresponding to an RFC-standard cipher name.
- A standard implementation of protocol selection for Application Layer Protocol Negotiation (ALPN).