Struct ServerConnection 

pub struct ServerConnection { /* private fields */ }

This represents a single TLS server connection.

Send TLS-protected data to the peer using the io::Write trait implementation. Read data from the peer using the io::Read trait implementation.

Implementations

impl ServerConnection

pub fn new(config: Arc<ServerConfig>) -> Result<Self, Error>

Make a new ServerConnection. config controls how we behave in the TLS protocol.

pub fn server_name(&self) -> Option<&DnsName<'_>>

Retrieves the server name, if any, used to select the certificate and private key.

This returns None until some time after the client’s server name indication (SNI) extension value is processed during the handshake. It will never be None when the connection is ready to send or process application data, unless the client does not support SNI.

This is useful for application protocols that need to enforce that the server name matches an application layer protocol hostname. For example, HTTP/1.1 servers commonly expect the Host: header field of every request on a connection to match the hostname in the SNI extension when the client provides the SNI extension.

The server name is also used to match sessions during session resumption.

pub fn received_resumption_data(&self) -> Option<&[u8]>

Application-controlled portion of the resumption ticket supplied by the client, if any.

Recovered from the prior session’s set_resumption_data. Integrity is guaranteed by rustls.

Returns Some if and only if a valid resumption ticket has been received from the client.

pub fn set_resumption_data(&mut self, data: &[u8]) -> Result<(), Error>

Set the resumption data to embed in future resumption tickets supplied to the client.

Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other data. Should be called while is_handshaking returns true to ensure all transmitted resumption tickets are affected.

Integrity will be assured by rustls, but the data will be visible to the client. If secrecy from the client is desired, encrypt the data separately.

pub fn early_data(&mut self) -> Option<ReadEarlyData<'_>>

Returns an io::Read implementer you can read bytes from that are received from a client as TLS1.3 0RTT/“early” data, during the handshake.

This returns None in many circumstances, such as :

• Early data is disabled if ServerConfig::max_early_data_size is zero (the default).
• The session negotiated with the client is not TLS1.3.
• The client just doesn’t support early data.
• The connection doesn’t resume an existing session.
• The client hasn’t sent a full ClientHello yet.

pub fn dangerous_extract_secrets(self) -> Result<ExtractedSecrets, Error>

Extract secrets, so they can be used when configuring kTLS, for example. Should be used with care as it exposes secret key material.

Methods from Deref<Target = ConnectionOutputs>

pub fn peer_identity(&self) -> Option<&Identity<'static>>

Retrieves the certificate chain or the raw public key used by the peer to authenticate.

This is made available for both full and resumed handshakes.

For clients, this is the identity of the server. For servers, this is the identity of the client, if client authentication was completed.

The return value is None until this value is available.

pub fn alpn_protocol(&self) -> Option<&ApplicationProtocol<'static>>

Retrieves the protocol agreed with the peer via ALPN.

A return value of None after handshake completion means no protocol was agreed (because no protocols were offered or accepted by the peer).

pub fn negotiated_cipher_suite(&self) -> Option<SupportedCipherSuite>

Retrieves the cipher suite agreed with the peer.

This returns None until the cipher suite is agreed.

pub fn negotiated_key_exchange_group( &self, ) -> Option<&'static dyn SupportedKxGroup>

Retrieves the key exchange group agreed with the peer.

This function may return None depending on the state of the connection, the type of handshake, and the protocol version.

If CommonState::is_handshaking() is true this function will return None. Similarly, if the ConnectionOutputs::handshake_kind() is HandshakeKind::Resumed and the ConnectionOutputs::protocol_version() is TLS 1.2, then no key exchange will have occurred and this function will return None.

pub fn protocol_version(&self) -> Option<ProtocolVersion>

Retrieves the protocol version agreed with the peer.

This returns None until the version is agreed.

pub fn handshake_kind(&self) -> Option<HandshakeKind>

Which kind of handshake was performed.

This tells you whether the handshake was a resumption or not.

This will return None before it is known which sort of handshake occurred.

Trait Implementations

impl Connection for ServerConnection

fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>

Read TLS content from rd into the internal buffer.

fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>

Writes TLS messages to wr.

fn wants_read(&self) -> bool

Returns true if the caller should call Connection::read_tls as soon as possible.

fn wants_write(&self) -> bool

Returns true if the caller should call Connection::write_tls as soon as possible.

fn reader(&mut self) -> Reader<'_>

Returns an object that allows reading plaintext.

fn writer(&mut self) -> Writer<'_>

Returns an object that allows writing plaintext.

fn process_new_packets(&mut self) -> Result<IoState, Error>

Processes any new packets read by a previous call to Connection::read_tls.

fn exporter(&mut self) -> Result<KeyingMaterialExporter, Error>

Returns an object that can derive key material from the agreed connection secrets.

fn dangerous_extract_secrets(self) -> Result<ExtractedSecrets, Error>

Extract secrets, so they can be used when configuring kTLS, for example.

fn set_buffer_limit(&mut self, limit: Option<usize>)

Sets a limit on the internal buffers used to buffer unsent plaintext (prior to completing the TLS handshake) and unsent TLS records. This limit acts only on application data written through Connection::writer.

fn set_plaintext_buffer_limit(&mut self, limit: Option<usize>)

Sets a limit on the internal buffers used to buffer decoded plaintext.

fn refresh_traffic_keys(&mut self) -> Result<(), Error>

Sends a TLS1.3 key_update message to refresh a connection’s keys.

fn send_close_notify(&mut self)

Queues a close_notify warning alert to be sent in the next Connection::write_tls call. This informs the peer that the connection is being closed.

fn is_handshaking(&self) -> bool

Returns true if the connection is currently performing the TLS handshake.

fn fips(&self) -> FipsStatus

Return the FIPS validation status of the connection.

impl Debug for ServerConnection

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Deref for ServerConnection

type Target = ConnectionOutputs

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl DerefMut for ServerConnection

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.