Trait rustls::Session [−][src]
Generalises ClientSession
and ServerSession
Required methods
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>
[src]
Read TLS content from rd
. This method does internal
buffering, so rd
can supply TLS messages in arbitrary-
sized chunks (like a socket or pipe might).
You should call process_new_packets
each time a call to
this function succeeds.
The returned error only relates to IO on rd
. TLS-level
errors are emitted from process_new_packets
.
This function returns Ok(0)
when the underlying rd
does
so. This typically happens when a socket is cleanly closed,
or a file is at EOF.
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>
[src]
Writes TLS messages to wr
.
On success the function returns Ok(n)
where n
is a number
of bytes written to wr
, number of bytes after encoding and
encryption.
Note that after function return the session buffer maybe not
yet fully flushed. wants_write
function can be used
to check if output buffer is not empty.
fn process_new_packets(&mut self) -> Result<(), TLSError>
[src]
Processes any new packets read by a previous call to read_tls
.
Errors from this function relate to TLS protocol errors, and
are fatal to the session. Future calls after an error will do
no new work and will return the same error.
Success from this function can mean new plaintext is available:
obtain it using read
.
fn wants_read(&self) -> bool
[src]
Returns true if the caller should call read_tls
as soon
as possible.
fn wants_write(&self) -> bool
[src]
Returns true if the caller should call write_tls
as soon
as possible.
fn is_handshaking(&self) -> bool
[src]
Returns true if the session is currently perform the TLS handshake. During this time plaintext written to the session is buffered in memory.
fn set_buffer_limit(&mut self, limit: usize)
[src]
Sets a limit on the internal buffers used to buffer unsent plaintext (prior to completing the TLS handshake) and unsent TLS records.
By default, there is no limit. The limit can be set at any time, even if the current buffer use is higher.
fn send_close_notify(&mut self)
[src]
Queues a close_notify fatal alert to be sent in the next
write_tls
call. This informs the peer that the
connection is being closed.
fn get_peer_certificates(&self) -> Option<Vec<Certificate>>
[src]
Retrieves the certificate chain used by the peer to authenticate.
For clients, this is the certificate chain of the server.
For servers, this is the certificate chain of the client, if client authentication was completed.
The return value is None until this value is available.
fn get_alpn_protocol(&self) -> Option<&[u8]>
[src]
Retrieves the protocol agreed with the peer via ALPN.
A return value of None after handshake completion means no protocol was agreed (because no protocols were offered or accepted by the peer).
fn get_protocol_version(&self) -> Option<ProtocolVersion>
[src]
Retrieves the protocol version agreed with the peer.
This returns None until the version is agreed.
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
[src]
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
Derives key material from the agreed session secrets.
This function fills in output
with output.len()
bytes of key
material derived from the master session secret using label
and context
for diversification.
See RFC5705 for more details on what this does and is for.
For TLS1.3 connections, this function does not use the “early” exporter at any point.
This function fails if called prior to the handshake completing;
check with is_handshaking()
first.
fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>
[src]
Retrieves the ciphersuite agreed with the peer.
This returns None until the ciphersuite is agreed.
Provided methods
fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error> where
Self: Sized,
T: Read + Write,
[src]
Self: Sized,
T: Read + Write,
This function uses io
to complete any outstanding IO for
this session.
This is a convenience function which solely uses other parts of the public API.
What this means depends on the session state:
- If the session
is_handshaking()
, then IO is performed until the handshake is complete. - Otherwise, if
wants_write
is true,write_tls
is invoked until it is all written. - Otherwise, if
wants_read
is true,read_tls
is invoked once.
The return value is the number of bytes read from and written
to io
, respectively.
This function will block if io
blocks.
Errors from TLS record handling (ie, from process_new_packets()
)
are wrapped in an io::ErrorKind::InvalidData
-kind error.
Implementors
impl Session for ClientSession
[src]
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize>
[src]
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize>
[src]
Writes TLS messages to wr
.
fn process_new_packets(&mut self) -> Result<(), TLSError>
[src]
fn wants_read(&self) -> bool
[src]
fn wants_write(&self) -> bool
[src]
fn is_handshaking(&self) -> bool
[src]
fn set_buffer_limit(&mut self, len: usize)
[src]
fn send_close_notify(&mut self)
[src]
fn get_peer_certificates(&self) -> Option<Vec<Certificate>>
[src]
fn get_alpn_protocol(&self) -> Option<&[u8]>
[src]
fn get_protocol_version(&self) -> Option<ProtocolVersion>
[src]
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
[src]
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>
[src]
impl Session for ServerSession
[src]
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize>
[src]
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize>
[src]
Writes TLS messages to wr
.
fn process_new_packets(&mut self) -> Result<(), TLSError>
[src]
fn wants_read(&self) -> bool
[src]
fn wants_write(&self) -> bool
[src]
fn is_handshaking(&self) -> bool
[src]
fn set_buffer_limit(&mut self, len: usize)
[src]
fn send_close_notify(&mut self)
[src]
fn get_peer_certificates(&self) -> Option<Vec<Certificate>>
[src]
fn get_alpn_protocol(&self) -> Option<&[u8]>
[src]
fn get_protocol_version(&self) -> Option<ProtocolVersion>
[src]
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
[src]
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>