Struct rustls::ServerSession

source ·

pub struct ServerSession { /* private fields */ }

Expand description

This represents a single TLS server session.

Send TLS-protected data to the peer using the io::Write trait implementation. Read data from the peer using the io::Read trait implementation.

Implementations§

source §

impl ServerSession

source

pub fn new(config: &Arc<ServerConfig>) -> ServerSession ⓘ

Make a new ServerSession. config controls how we behave in the TLS protocol.

source

pub fn get_sni_hostname(&self) -> Option<&str>

Retrieves the SNI hostname, if any, used to select the certificate and private key.

This returns None until some time after the client’s SNI extension value is processed during the handshake. It will never be None when the connection is ready to send or process application data, unless the client does not support SNI.

This is useful for application protocols that need to enforce that the SNI hostname matches an application layer protocol hostname. For example, HTTP/1.1 servers commonly expect the Host: header field of every request on a connection to match the hostname in the SNI extension when the client provides the SNI extension.

The SNI hostname is also used to match sessions during session resumption.

source

pub fn received_resumption_data(&self) -> Option<&[u8]>

Application-controlled portion of the resumption ticket supplied by the client, if any.

Recovered from the prior session’s set_resumption_data. Integrity is guaranteed by rustls.

Returns Some iff a valid resumption ticket has been received from the client.

source

pub fn set_resumption_data(&mut self, data: &[u8])

Set the resumption data to embed in future resumption tickets supplied to the client.

Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other data. Should be called while is_handshaking returns true to ensure all transmitted resumption tickets are affected.

Integrity will be assured by rustls, but the data will be visible to the client. If secrecy from the client is desired, encrypt the data separately.

source

pub fn reject_early_data(&mut self)

Explicitly discard early data, notifying the client

Useful if invariants encoded in received_resumption_data() cannot be respected.

Must be called while is_handshaking is true.

Trait Implementations§

source §

impl Debug for ServerSession

source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

source §

impl Read for ServerSession

source §

fn read(&mut self, buf: &mut [u8]) -> Result<usize>

Obtain plaintext data received from the peer over this TLS connection.

If the peer closes the TLS session cleanly, this fails with an error of kind ErrorKind::ConnectionAborted once all the pending data has been read. No further data can be received on that connection, so the underlying TCP connection should closed too.

Note that support close notify varies in peer TLS libraries: many do not support it and uncleanly close the TCP connection (this might be vulnerable to truncation attacks depending on the application protocol). This means applications using rustls must both handle ErrorKind::ConnectionAborted from this function, and unexpected closure of the underlying TCP connection.

1.36.0 · source§

fn read_vectored(&mut self, bufs: &mut [IoSliceMut<'_>]) -> Result<usize, Error>

Like read, except that it reads into a slice of buffers. Read more

source §

fn is_read_vectored(&self) -> bool

🔬This is a nightly-only experimental API. (can_vector)

Determines if this Reader has an efficient read_vectored implementation. Read more

1.0.0 · source§

fn read_to_end(&mut self, buf: &mut Vec<u8, Global>) -> Result<usize, Error>

Read all bytes until EOF in this source, placing them into buf. Read more

1.0.0 · source§

fn read_to_string(&mut self, buf: &mut String) -> Result<usize, Error>

Read all bytes until EOF in this source, appending them to buf. Read more

1.6.0 · source§

fn read_exact(&mut self, buf: &mut [u8]) -> Result<(), Error>

Read the exact number of bytes required to fill buf. Read more

source §

fn read_buf(&mut self, buf: BorrowedCursor<'_>) -> Result<(), Error>

🔬This is a nightly-only experimental API. (read_buf)

Pull some bytes from this source into the specified buffer. Read more

source §

fn read_buf_exact(&mut self, cursor: BorrowedCursor<'_>) -> Result<(), Error>

🔬This is a nightly-only experimental API. (read_buf)

Read the exact number of bytes required to fill cursor. Read more

1.0.0 · source§

fn by_ref(&mut self) -> &mut Selfwhere Self: Sized,

Creates a “by reference” adaptor for this instance of Read. Read more

1.0.0 · source§

fn bytes(self) -> Bytes<Self>where Self: Sized,

Transforms this Read instance to an Iterator over its bytes. Read more

1.0.0 · source§

fn chain<R>(self, next: R) -> Chain<Self, R>where R: Read, Self: Sized,

Creates an adapter which will chain this stream with another. Read more

1.0.0 · source§

fn take(self, limit: u64) -> Take<Self>where Self: Sized,

Creates an adapter which will read at most limit bytes from it. Read more

source §

impl Session for ServerSession

source §

fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize>

Writes TLS messages to wr.

source §

fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize>

Read TLS content from rd. This method does internal buffering, so rd can supply TLS messages in arbitrary- sized chunks (like a socket or pipe might). Read more

source §

fn process_new_packets(&mut self) -> Result<(), TLSError>

Processes any new packets read by a previous call to read_tls. Errors from this function relate to TLS protocol errors, and are fatal to the session. Future calls after an error will do no new work and will return the same error. Read more

source §

fn wants_read(&self) -> bool

Returns true if the caller should call read_tls as soon as possible.

source §

fn wants_write(&self) -> bool

Returns true if the caller should call write_tls as soon as possible.

source §

fn is_handshaking(&self) -> bool

Returns true if the session is currently perform the TLS handshake. During this time plaintext written to the session is buffered in memory.

source §

fn set_buffer_limit(&mut self, len: usize)

Sets a limit on the internal buffers used to buffer unsent plaintext (prior to completing the TLS handshake) and unsent TLS records. Read more

source §

fn send_close_notify(&mut self)

Queues a close_notify fatal alert to be sent in the next write_tls call. This informs the peer that the connection is being closed.

source §

fn get_peer_certificates(&self) -> Option<Vec<Certificate>>

Retrieves the certificate chain used by the peer to authenticate. Read more

source §

fn get_alpn_protocol(&self) -> Option<&[u8]>

Retrieves the protocol agreed with the peer via ALPN. Read more

source §

fn get_protocol_version(&self) -> Option<ProtocolVersion>

Retrieves the protocol version agreed with the peer. Read more

source §

fn export_keying_material( &self, output: &mut [u8], label: &[u8], context: Option<&[u8]> ) -> Result<(), TLSError>

Derives key material from the agreed session secrets. Read more

source §

fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>

Retrieves the ciphersuite agreed with the peer. Read more

source §

fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error>where Self: Sized, T: Read + Write,

This function uses io to complete any outstanding IO for this session. Read more

source §

impl Write for ServerSession

source §

fn write(&mut self, buf: &[u8]) -> Result<usize>

Send the plaintext buf to the peer, encrypting and authenticating it. Once this function succeeds you should call write_tls which will output the corresponding TLS records.

This function buffers plaintext sent before the TLS handshake completes, and sends it as soon as it can. This buffer is of unlimited size so writing much data before it can be sent will cause excess memory usage.

source §