Lines Matching +full:libressl +full:-
3 //! `SslConnector` and `SslAcceptor` should be used in most cases - they handle
120 /// Returns the OpenSSL name of a cipher corresponding to an RFC-standard cipher name.
127 pub fn cipher_name(std_name: &str) -> &'static str { in cipher_name()
168 /// [RFC 4347 Section 4.2.1]: https://tools.ietf.org/html/rfc4347#section-4.2.1
224 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
230 /// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.
236 /// Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.
273 /// Temporarily reprioritize ChaCha20-Poly1305 ciphers to the top of the server cipher list
274 /// if a ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps those
275 /// clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server
300 /// non-blocking context.
333 #[cfg(not(libressl))]
345 pub fn tls() -> SslMethod { in tls()
351 pub fn dtls() -> SslMethod { in dtls()
357 pub fn tls_client() -> SslMethod { in tls_client()
363 pub fn tls_server() -> SslMethod { in tls_server()
372 pub unsafe fn from_ptr(ptr: *const ffi::SSL_METHOD) -> SslMethod { in from_ptr()
378 pub fn as_ptr(&self) -> *const ffi::SSL_METHOD { in as_ptr()
506 pub fn from_raw(raw: c_int) -> SslFiletype { in from_raw()
512 pub fn as_raw(&self) -> c_int { in as_raw()
526 pub fn from_raw(raw: c_int) -> StatusType { in from_raw()
532 pub fn as_raw(&self) -> c_int { in as_raw()
546 pub fn from_raw(raw: c_int) -> StatusType { in from_raw()
552 pub fn as_raw(&self) -> c_int { in as_raw()
561 fn try_get_session_ctx_index() -> Result<&'static Index<Ssl, SslContext>, ErrorStack> { in try_get_session_ctx_index()
597 /// Alert 112 - `unrecognized_name`.
605 /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
657 /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
698 pub fn select_next_proto<'a>(server: &[u8], client: &'a [u8]) -> Option<&'a [u8]> { in select_next_proto()
724 pub fn new(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { in new()
738 pub unsafe fn from_ptr(ctx: *mut ffi::SSL_CTX) -> SslContextBuilder { in from_ptr()
743 pub fn as_ptr(&self) -> *mut ffi::SSL_CTX { in as_ptr()
764 F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send, in set_verify_callback()
783 F: Fn(&mut SslRef, &mut SslAlert) -> Result<(), SniError> + 'static + Sync + Send, in set_servername_callback()
818 pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { in set_verify_cert_store()
852 pub fn set_mode(&mut self, mode: SslMode) -> SslMode { in set_mode()
859 /// Sets the parameters to be used during ephemeral Diffie-Hellman key exchange.
861 pub fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack> { in set_tmp_dh()
865 /// Sets the callback which will generate parameters to be used during ephemeral Diffie-Hellman
869 /// indicating if the selected cipher is export-grade, and the key length. The export and key
874 F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send, in set_tmp_dh_callback()
886 /// Sets the parameters to be used during ephemeral elliptic curve Diffie-Hellman key exchange.
888 pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack> { in set_tmp_ecdh()
893 /// Diffie-Hellman key exchange.
896 /// indicating if the selected cipher is export-grade, and the key length. The export and key
905 F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send, in set_tmp_ecdh_callback()
918 pub fn set_default_verify_paths(&mut self) -> Result<(), ErrorStack> { in set_default_verify_paths()
924 /// The file should contain a sequence of PEM-formatted CA certificates.
926 pub fn set_ca_file<P: AsRef<Path>>(&mut self, file: P) -> Result<(), ErrorStack> { in set_ca_file()
940 /// The CA certificates must still be added to the trust root - they are not automatically set
951 /// requesting client-side TLS authentication.
953 pub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack> { in add_client_ca()
966 pub fn set_session_id_context(&mut self, sid_ctx: &[u8]) -> Result<(), ErrorStack> { in set_session_id_context()
980 /// Only a single certificate will be loaded - use `add_extra_chain_cert` to add the remainder
988 ) -> Result<(), ErrorStack> { in set_certificate_file()
1002 /// The file should contain a sequence of PEM-formatted certificates, the first being the leaf
1009 ) -> Result<(), ErrorStack> { in set_certificate_chain_file()
1024 pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> { in set_certificate()
1033 pub fn add_extra_chain_cert(&mut self, cert: X509) -> Result<(), ErrorStack> { in add_extra_chain_cert()
1047 ) -> Result<(), ErrorStack> { in set_private_key_file()
1061 pub fn set_private_key<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack> in set_private_key()
1076 pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { in set_cipher_list()
1094 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
1097 pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { in set_ciphersuites()
1112 #[cfg(any(libressl, all(ossl102, not(ossl110))))]
1113 pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { in set_ecdh_auto()
1124 pub fn set_options(&mut self, option: SslOptions) -> SslOptions { in set_options()
1132 pub fn options(&self) -> SslOptions { in options()
1139 pub fn clear_options(&mut self, option: SslOptions) -> SslOptions { in clear_options()
1150 /// Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
1153 pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { in set_min_proto_version()
1168 /// Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
1171 pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { in set_max_proto_version()
1186 /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer.
1189 pub fn min_proto_version(&mut self) -> Option<SslVersion> { in min_proto_version()
1205 /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer.
1208 pub fn max_proto_version(&mut self) -> Option<SslVersion> { in max_proto_version()
1226 /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
1229 pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { in set_alpn_protos()
1248 pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> { in set_tlsext_use_srtp()
1270 /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
1278 F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError> + 'static + Sync + Send, in set_alpn_select_callback()
1299 pub fn check_private_key(&self) -> Result<(), ErrorStack> { in check_private_key()
1305 pub fn cert_store(&self) -> &X509StoreBuilderRef { in cert_store()
1311 pub fn cert_store_mut(&mut self) -> &mut X509StoreBuilderRef { in cert_store_mut()
1320 pub fn verify_param(&self) -> &X509VerifyParamRef { in verify_param()
1329 pub fn verify_param_mut(&mut self) -> &mut X509VerifyParamRef { in verify_param_mut()
1346 pub fn set_status_callback<F>(&mut self, callback: F) -> Result<(), ErrorStack> in set_status_callback()
1348 F: Fn(&mut SslRef) -> Result<bool, ErrorStack> + 'static + Sync + Send, in set_status_callback()
1360 /// Sets the callback for providing an identity and pre-shared key for a TLS-PSK client.
1363 /// by the server, a mutable slice for each of the identity and pre-shared key bytes. The
1364 /// identity must be written as a null-terminated C string.
1369 F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> in set_psk_client_callback()
1384 F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack> in set_psk_callback()
1392 /// Sets the callback for providing an identity and pre-shared key for a TLS-PSK server.
1395 /// and, a mutable slice for the pre-shared key bytes. The callback returns the number of
1396 /// bytes in the pre-shared key.
1401 F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8]) -> Result<usize, ErrorStack> in set_psk_server_callback()
1466 F: Fn(&mut SslRef, &[u8]) -> Option<SslSession> + 'static + Sync + Send, in set_get_session_callback()
1475 /// SSLKEYLOGFILE-formatted text. This can be used by tools like Wireshark to decrypt message
1495 pub fn set_session_cache_mode(&mut self, mode: SslSessionCacheMode) -> SslSessionCacheMode { in set_session_cache_mode()
1511 F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send, in set_stateless_cookie_generate_cb()
1534 F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, in set_stateless_cookie_verify_cb()
1553 F: Fn(&mut SslRef, &mut [u8]) -> Result<usize, ErrorStack> + 'static + Sync + Send, in set_cookie_generate_cb()
1569 F: Fn(&mut SslRef, &[u8]) -> bool + 'static + Sync + Send, in set_cookie_verify_cb()
1587 fn set_ex_data_inner<T>(&mut self, index: Index<SslContext, T>, data: T) -> *mut c_void { in set_ex_data_inner()
1601 fn ex_data_mut<T>(&mut self, index: Index<SslContext, T>) -> Option<&mut T> { in ex_data_mut()
1623 ) -> Result<(), ErrorStack> in add_custom_ext()
1629 ) -> Result<Option<T>, SslAlert> in add_custom_ext()
1639 ) -> Result<(), SslAlert> in add_custom_ext()
1670 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
1673 pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> { in set_max_early_data()
1688 F: Fn(&mut SslRef, &mut SslAlert) -> Result<ClientHelloResponse, ErrorStack> in set_client_hello_callback()
1708 pub fn set_session_cache_size(&mut self, size: i32) -> i64 { in set_session_cache_size()
1719 pub fn set_sigalgs_list(&mut self, sigalgs: &str) -> Result<(), ErrorStack> { in set_sigalgs_list()
1729 /// Requires BoringSSL or OpenSSL 1.1.1 or LibreSSL 2.5.1 or newer.
1732 pub fn set_groups_list(&mut self, groups: &str) -> Result<(), ErrorStack> { in set_groups_list()
1745 pub fn set_num_tickets(&mut self, num_tickets: usize) -> Result<(), ErrorStack> { in set_num_tickets()
1760 pub fn build(self) -> SslContext { in build()
1782 fn clone(&self) -> Self { in clone()
1790 fn to_owned(&self) -> Self::Owned { in to_owned()
1800 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { in fmt()
1807 pub fn builder(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { in builder()
1816 pub fn new_ex_index<T>() -> Result<Index<SslContext, T>, ErrorStack> in new_ex_index()
1831 fn cached_ex_index<T>() -> Index<SslContext, T> in cached_ex_index()
1849 /// Requires OpenSSL 1.0.2 or LibreSSL 2.7.0 or newer.
1852 pub fn certificate(&self) -> Option<&X509Ref> { in certificate()
1861 /// Requires OpenSSL 1.0.2 or LibreSSL 3.4.0 or newer.
1864 pub fn private_key(&self) -> Option<&PKeyRef<Private>> { in private_key()
1873 pub fn cert_store(&self) -> &X509StoreRef { in cert_store()
1879 pub fn extra_chain_certs(&self) -> &StackRef<X509> { in extra_chain_certs()
1889 pub fn ex_data<T>(&self, index: Index<SslContext, T>) -> Option<&T> { in ex_data()
1902 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
1905 pub fn max_early_data(&self) -> u32 { in max_early_data()
1918 pub unsafe fn add_session(&self, session: &SslSessionRef) -> bool { in add_session()
1922 /// Removes a session from the context's cache and marks it as non-resumable.
1931 pub unsafe fn remove_session(&self, session: &SslSessionRef) -> bool { in remove_session()
1940 pub fn session_cache_size(&self) -> i64 { in session_cache_size()
1948 pub fn verify_mode(&self) -> SslVerifyMode { in verify_mode()
1959 pub fn num_tickets(&self) -> usize { in num_tickets()
1969 pub fn security_level(&self) -> u32 { in security_level()
1991 unsafe fn from_ptr(ptr: *mut ffi::SSL_CIPHER) -> SslCipher { in from_ptr()
1996 fn as_ptr(&self) -> *mut ffi::SSL_CIPHER { in as_ptr()
2008 fn deref(&self) -> &SslCipherRef { in deref()
2014 fn deref_mut(&mut self) -> &mut SslCipherRef { in deref_mut()
2031 pub fn name(&self) -> &'static str { in name()
2038 /// Returns the RFC-standard name of the cipher, if one exists.
2043 pub fn standard_name(&self) -> Option<&'static str> { in standard_name()
2056 pub fn version(&self) -> &'static str { in version()
2068 pub fn bits(&self) -> CipherBits { in bits()
2081 pub fn description(&self) -> String { in description()
2095 pub fn handshake_digest(&self) -> Option<MessageDigest> { in handshake_digest()
2108 /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer.
2111 pub fn cipher_nid(&self) -> Option<Nid> { in cipher_nid()
2122 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { in fmt()
2150 fn clone(&self) -> SslSession { in clone()
2157 /// Deserializes a DER-encoded session structure.
2168 fn to_owned(&self) -> SslSession { in to_owned()
2179 pub fn id(&self) -> &[u8] { in id()
2190 pub fn master_key_len(&self) -> usize { in master_key_len()
2198 pub fn master_key(&self, buf: &mut [u8]) -> usize { in master_key()
2204 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
2207 pub fn max_early_data(&self) -> u32 { in max_early_data()
2214 pub fn time(&self) -> SslTimeTy { in time()
2223 pub fn timeout(&self) -> i64 { in timeout()
2229 /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer.
2232 pub fn protocol_version(&self) -> SslVersion { in protocol_version()
2240 /// Serializes the session into a DER-encoded structure.
2254 /// These defaults can be overridden on a per-`Ssl` basis, however.
2266 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { in fmt()
2277 pub fn new_ex_index<T>() -> Result<Index<Ssl, T>, ErrorStack> in new_ex_index()
2292 fn cached_ex_index<T>() -> Index<Ssl, T> in cached_ex_index()
2312 pub fn new(ctx: &SslContextRef) -> Result<Ssl, ErrorStack> { in new()
2323 /// Initiates a client-side TLS handshake.
2335 pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> in connect()
2342 /// Initiates a server-side TLS handshake.
2354 pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> in accept()
2363 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { in fmt()
2372 fn get_raw_rbio(&self) -> *mut ffi::BIO { in get_raw_rbio()
2376 fn get_error(&self, ret: c_int) -> ErrorCode { in get_error()
2402 pub fn verify_mode(&self) -> SslVerifyMode { in verify_mode()
2413 F: Fn(bool, &mut X509StoreContextRef) -> bool + 'static + Sync + Send, in set_verify_callback()
2430 pub fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack> { in set_tmp_dh()
2440 F: Fn(&mut SslRef, bool, u32) -> Result<Dh<Params>, ErrorStack> + 'static + Sync + Send, in set_tmp_dh_callback()
2456 pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack> { in set_tmp_ecdh()
2468 F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send, in set_tmp_ecdh_callback()
2479 /// Requires OpenSSL 1.0.2 or LibreSSL.
2483 #[cfg(any(all(ossl102, not(ossl110)), libressl))]
2484 pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), ErrorStack> { in set_ecdh_auto()
2490 /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
2495 pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack> { in set_alpn_protos()
2511 pub fn current_cipher(&self) -> Option<&SslCipherRef> { in current_cipher()
2521 pub fn state_string(&self) -> &'static str { in state_string()
2532 pub fn state_string_long(&self) -> &'static str { in state_string_long()
2543 /// It has no effect for a server-side connection.
2545 pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack> { in set_hostname()
2555 pub fn peer_certificate(&self) -> Option<X509> { in peer_certificate()
2567 pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>> { in peer_cert_chain()
2585 pub fn verified_chain(&self) -> Option<&StackRef<X509>> { in verified_chain()
2594 pub fn certificate(&self) -> Option<&X509Ref> { in certificate()
2605 pub fn private_key(&self) -> Option<&PKeyRef<Private>> { in private_key()
2613 pub fn version(&self) -> &str { in version()
2619 pub fn version2(&self) -> Option<SslVersion> { in version2()
2632 pub fn version_str(&self) -> &'static str { in version_str()
2646 /// Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
2649 pub fn selected_alpn_protocol(&self) -> Option<&[u8]> { in selected_alpn_protocol()
2671 pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack> { in set_tlsext_use_srtp()
2693 pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>> { in srtp_profiles()
2705 pub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef> { in selected_srtp_profile()
2718 pub fn pending(&self) -> usize { in pending()
2730 /// is not valid UTF-8, this function will return `None`. The `servername_raw` method returns
2736 pub fn servername(&self, type_: NameType) -> Option<&str> { in servername()
2747 /// Unlike `servername`, this method does not require the name be valid UTF-8.
2749 pub fn servername_raw(&self, type_: NameType) -> Option<&[u8]> { in servername_raw()
2764 pub fn set_ssl_context(&mut self, ctx: &SslContextRef) -> Result<(), ErrorStack> { in set_ssl_context()
2770 pub fn ssl_context(&self) -> &SslContextRef { in ssl_context()
2782 pub fn param_mut(&mut self) -> &mut X509VerifyParamRef { in param_mut()
2788 pub fn verify_result(&self) -> X509VerifyResult { in verify_result()
2794 pub fn session(&self) -> Option<&SslSessionRef> { in session()
2806 /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer.
2809 pub fn client_random(&self, buf: &mut [u8]) -> usize { in client_random()
2820 /// Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer.
2823 pub fn server_random(&self, buf: &mut [u8]) -> usize { in server_random()
2836 ) -> Result<(), ErrorStack> { in export_keying_material()
2869 ) -> Result<(), ErrorStack> { in export_keying_material_early()
2895 pub unsafe fn set_session(&mut self, session: &SslSessionRef) -> Result<(), ErrorStack> { in set_session()
2901 pub fn session_reused(&self) -> bool { in session_reused()
2907 pub fn set_status_type(&mut self, type_: StatusType) -> Result<(), ErrorStack> { in set_status_type()
2915 /// Returns `None` if the handshake is still in-progress.
2918 pub fn extms_support(&self) -> Option<bool> { in extms_support()
2921 -1 => None, in extms_support()
2930 pub fn ocsp_status(&self) -> Option<&[u8]> { in ocsp_status()
2946 pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack> { in set_ocsp_status()
2964 /// Determines if this `Ssl` is configured for server-side or client-side use.
2966 pub fn is_server(&self) -> bool { in is_server()
2992 pub fn ex_data<T>(&self, index: Index<Ssl, T>) -> Option<&T> { in ex_data()
3005 pub fn ex_data_mut<T>(&mut self, index: Index<Ssl, T>) -> Option<&mut T> { in ex_data_mut()
3018 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
3021 pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> { in set_max_early_data()
3031 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
3034 pub fn max_early_data(&self) -> u32 { in max_early_data()
3043 pub fn finished(&self, buf: &mut [u8]) -> usize { in finished()
3053 pub fn peer_finished(&self, buf: &mut [u8]) -> usize { in peer_finished()
3062 pub fn is_init_finished(&self) -> bool { in is_init_finished()
3073 pub fn client_hello_isv2(&self) -> bool { in client_hello_isv2()
3084 pub fn client_hello_legacy_version(&self) -> Option<SslVersion> { in client_hello_legacy_version()
3102 pub fn client_hello_random(&self) -> Option<&[u8]> { in client_hello_random()
3121 pub fn client_hello_session_id(&self) -> Option<&[u8]> { in client_hello_session_id()
3140 pub fn client_hello_ciphers(&self) -> Option<&[u8]> { in client_hello_ciphers()
3152 /// Decodes a slice of wire-format cipher suite specification bytes. Unsupported cipher suites
3162 ) -> Result<CipherLists, ErrorStack> { in bytes_to_cipher_list()
3194 pub fn client_hello_compression_methods(&self) -> Option<&[u8]> { in client_hello_compression_methods()
3208 pub fn set_mtu(&mut self, mtu: u32) -> Result<(), ErrorStack> { in set_mtu()
3217 pub fn psk_identity_hint(&self) -> Option<&[u8]> { in psk_identity_hint()
3231 pub fn psk_identity(&self) -> Option<&[u8]> { in psk_identity()
3244 pub fn add_chain_cert(&mut self, chain: X509) -> Result<(), ErrorStack> { in add_chain_cert()
3254 pub fn set_method(&mut self, method: SslMethod) -> Result<(), ErrorStack> { in set_method()
3267 ) -> Result<(), ErrorStack> { in set_private_key_file()
3282 pub fn set_private_key(&mut self, pkey: &PKeyRef<Private>) -> Result<(), ErrorStack> { in set_private_key()
3291 pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack> { in set_certificate()
3300 /// The file should contain a sequence of PEM-formatted certificates, the first being the leaf
3308 ) -> Result<(), ErrorStack> { in set_certificate_chain_file()
3322 pub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack> { in add_client_ca()
3341 /// Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
3344 pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { in set_min_proto_version()
3359 /// Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
3362 pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> { in set_max_proto_version()
3379 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
3382 pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { in set_ciphersuites()
3401 pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { in set_cipher_list()
3415 pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> { in set_verify_cert_store()
3429 pub fn set_num_tickets(&mut self, num_tickets: usize) -> Result<(), ErrorStack> { in set_num_tickets()
3439 pub fn num_tickets(&self) -> usize { in num_tickets()
3459 pub fn security_level(&self) -> u32 { in security_level()
3469 pub fn peer_tmp_key(&self) -> Result<PKey<Public>, ErrorStack> { in peer_tmp_key()
3485 pub fn tmp_key(&self) -> Result<PKey<Private>, ErrorStack> { in tmp_key()
3505 pub fn get_ref(&self) -> &S { in get_ref()
3510 pub fn get_mut(&mut self) -> &mut S { in get_mut()
3515 pub fn ssl(&self) -> &SslRef { in ssl()
3520 pub fn error(&self) -> &Error { in error()
3525 pub fn into_error(self) -> Error { in into_error()
3539 pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> { in handshake()
3576 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { in fmt()
3593 pub fn new(ssl: Ssl, stream: S) -> Result<Self, ErrorStack> { in new()
3617 pub unsafe fn from_raw_parts(ssl: *mut ffi::SSL, stream: S) -> Self { in from_raw_parts()
3629 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
3632 pub fn read_early_data(&mut self, buf: &mut [u8]) -> Result<usize, Error> { in read_early_data()
3655 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
3658 pub fn write_early_data(&mut self, buf: &[u8]) -> Result<usize, Error> { in write_early_data()
3675 /// Initiates a client-side TLS handshake.
3682 pub fn connect(&mut self) -> Result<(), Error> { in connect()
3691 /// Initiates a server-side TLS handshake.
3698 pub fn accept(&mut self) -> Result<(), Error> { in accept()
3711 pub fn do_handshake(&mut self) -> Result<(), Error> { in do_handshake()
3720 /// Perform a stateless server-side handshake.
3732 pub fn stateless(&mut self) -> Result<bool, ErrorStack> { in stateless()
3736 -1 => Err(ErrorStack::get()), in stateless()
3741 /// Like `read`, but takes a possibly-uninitialized slice.
3745 /// No portion of `buf` will be de-initialized by this method. If the method returns `Ok(n)`,
3748 pub fn read_uninit(&mut self, buf: &mut [MaybeUninit<u8>]) -> io::Result<usize> { in read_uninit()
3768 /// It is particularly useful with a non-blocking socket, where the error value will identify if
3771 pub fn ssl_read(&mut self, buf: &mut [u8]) -> Result<usize, Error> { in ssl_read()
3772 // SAFETY: `ssl_read_uninit` does not de-initialize the buffer. in ssl_read()
3781 /// Like `read_ssl`, but takes a possibly-uninitialized slice.
3785 /// No portion of `buf` will be de-initialized by this method. If the method returns `Ok(n)`,
3788 pub fn ssl_read_uninit(&mut self, buf: &mut [MaybeUninit<u8>]) -> Result<usize, Error> { in ssl_read_uninit()
3826 /// It is particularly useful with a non-blocking socket, where the error value will identify if
3829 pub fn ssl_write(&mut self, buf: &[u8]) -> Result<usize, Error> { in ssl_write()
3867 pub fn ssl_peek(&mut self, buf: &mut [u8]) -> Result<usize, Error> { in ssl_peek()
3913 pub fn shutdown(&mut self) -> Result<ShutdownResult, Error> { in shutdown()
3923 pub fn get_shutdown(&mut self) -> ShutdownState { in get_shutdown()
3932 /// This can be used to tell OpenSSL that the session should be cached even if a full two-way
3941 fn make_error(&mut self, ret: c_int) -> Error { in make_error()
3972 fn get_bio_error(&mut self) -> Option<io::Error> { in get_bio_error()
3977 pub fn get_ref(&self) -> &S { in get_ref()
3990 pub fn get_mut(&mut self) -> &mut S { in get_mut()
3998 pub fn ssl(&self) -> &SslRef { in ssl()
4004 fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { in read()
4005 // SAFETY: `read_uninit` does not de-initialize the buffer in read()
4016 fn write(&mut self, buf: &[u8]) -> io::Result<usize> { in write()
4030 fn flush(&mut self) -> io::Result<()> { in flush()
4050 pub fn new(ssl: Ssl, stream: S) -> Self { in new()
4056 /// Perform a stateless server-side handshake
4071 pub fn stateless(&mut self) -> Result<bool, ErrorStack> { in stateless()
4075 -1 => Err(ErrorStack::get()), in stateless()
4099 pub fn connect(mut self) -> Result<SslStream<S>, HandshakeError<S>> { in connect()
4118 pub fn accept(mut self) -> Result<SslStream<S>, HandshakeError<S>> { in accept()
4143 pub fn handshake(mut self) -> Result<SslStream<S>, HandshakeError<S>> { in handshake()
4169 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
4175 pub fn read_early_data(&mut self, buf: &mut [u8]) -> Result<usize, Error> { in read_early_data()
4184 /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
4190 pub fn write_early_data(&mut self, buf: &[u8]) -> Result<usize, Error> { in write_early_data()
4198 pub fn get_ref(&self) -> &S { in get_ref()
4211 pub fn get_mut(&mut self) -> &mut S { in get_mut()
4219 pub fn ssl(&self) -> &SslRef { in ssl()
4266 pub unsafe fn SSL_CTX_up_ref(ssl: *mut ffi::SSL_CTX) -> c_int {
4282 ) -> usize {
4294 pub unsafe fn SSL_is_server(s: *mut ffi::SSL) -> c_int {
4299 pub unsafe fn SSL_SESSION_up_ref(ses: *mut ffi::SSL_SESSION) -> c_int {
4331 unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
4342 unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int {
4355 unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
4377 unsafe fn get_new_ssl_idx(f: ffi::CRYPTO_EX_free) -> c_int {