Trait actix_connect::ssl::rustls::Session [−][src]
pub trait Session: QuicExt + Read + Write + Send + Sync {
Show 14 methods
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>;
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>;
fn process_new_packets(&mut self) -> Result<(), TLSError>;
fn wants_read(&self) -> bool;
fn wants_write(&self) -> bool;
fn is_handshaking(&self) -> bool;
fn set_buffer_limit(&mut self, limit: usize);
fn send_close_notify(&mut self);
fn get_peer_certificates(&self) -> Option<Vec<Certificate, Global>>;
fn get_alpn_protocol(&self) -> Option<&[u8]>;
fn get_protocol_version(&self) -> Option<ProtocolVersion>;
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>;
fn get_negotiated_ciphersuite(
&self
) -> Option<&'static SupportedCipherSuite>;
fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error>
where
T: Read + Write,
{ ... }
}Expand description
Generalises ClientSession and ServerSession
Required methods
Read TLS content from rd. This method does internal
buffering, so rd can supply TLS messages in arbitrary-
sized chunks (like a socket or pipe might).
You should call process_new_packets each time a call to
this function succeeds.
The returned error only relates to IO on rd. TLS-level
errors are emitted from process_new_packets.
This function returns Ok(0) when the underlying rd does
so. This typically happens when a socket is cleanly closed,
or a file is at EOF.
Writes TLS messages to wr.
On success the function returns Ok(n) where n is a number
of bytes written to wr, number of bytes after encoding and
encryption.
Note that after function return the session buffer maybe not
yet fully flushed. wants_write function can be used
to check if output buffer is not empty.
fn process_new_packets(&mut self) -> Result<(), TLSError>
fn process_new_packets(&mut self) -> Result<(), TLSError>
Processes any new packets read by a previous call to read_tls.
Errors from this function relate to TLS protocol errors, and
are fatal to the session. Future calls after an error will do
no new work and will return the same error.
Success from this function can mean new plaintext is available:
obtain it using read.
fn wants_read(&self) -> bool
fn wants_read(&self) -> bool
Returns true if the caller should call read_tls as soon
as possible.
fn wants_write(&self) -> bool
fn wants_write(&self) -> bool
Returns true if the caller should call write_tls as soon
as possible.
fn is_handshaking(&self) -> bool
fn is_handshaking(&self) -> bool
Returns true if the session is currently perform the TLS handshake. During this time plaintext written to the session is buffered in memory.
fn set_buffer_limit(&mut self, limit: usize)
fn set_buffer_limit(&mut self, limit: usize)
Sets a limit on the internal buffers used to buffer unsent plaintext (prior to completing the TLS handshake) and unsent TLS records.
By default, there is no limit. The limit can be set at any time, even if the current buffer use is higher.
fn send_close_notify(&mut self)
fn send_close_notify(&mut self)
Queues a close_notify fatal alert to be sent in the next
write_tls call. This informs the peer that the
connection is being closed.
fn get_peer_certificates(&self) -> Option<Vec<Certificate, Global>>
fn get_peer_certificates(&self) -> Option<Vec<Certificate, Global>>
Retrieves the certificate chain used by the peer to authenticate.
For clients, this is the certificate chain of the server.
For servers, this is the certificate chain of the client, if client authentication was completed.
The return value is None until this value is available.
Retrieves the protocol agreed with the peer via ALPN.
A return value of None after handshake completion means no protocol was agreed (because no protocols were offered or accepted by the peer).
fn get_protocol_version(&self) -> Option<ProtocolVersion>
fn get_protocol_version(&self) -> Option<ProtocolVersion>
Retrieves the protocol version agreed with the peer.
This returns None until the version is agreed.
Derives key material from the agreed session secrets.
This function fills in output with output.len() bytes of key
material derived from the master session secret using label
and context for diversification.
See RFC5705 for more details on what this does and is for.
For TLS1.3 connections, this function does not use the “early” exporter at any point.
This function fails if called prior to the handshake completing;
check with is_handshaking() first.
fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>
fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>
Retrieves the ciphersuite agreed with the peer.
This returns None until the ciphersuite is agreed.
Provided methods
This function uses io to complete any outstanding IO for
this session.
This is a convenience function which solely uses other parts of the public API.
What this means depends on the session state:
- If the session
is_handshaking(), then IO is performed until the handshake is complete. - Otherwise, if
wants_writeis true,write_tlsis invoked until it is all written. - Otherwise, if
wants_readis true,read_tlsis invoked once.
The return value is the number of bytes read from and written
to io, respectively.
This function will block if io blocks.
Errors from TLS record handling (ie, from process_new_packets())
are wrapped in an io::ErrorKind::InvalidData-kind error.