Struct rustls::ServerSession

pub struct ServerSession { /* private fields */ }

This represents a single TLS server session.

Send TLS-protected data to the peer using the io::Write trait implementation. Read data from the peer using the io::Read trait implementation.

Implementations

impl ServerSession

pub fn new(config: &Arc<ServerConfig>) -> ServerSession

Make a new ServerSession. config controls how we behave in the TLS protocol.

pub fn get_sni_hostname(&self) -> Option<&str>

Retrieves the SNI hostname, if any, used to select the certificate and private key.

This returns None until some time after the client’s SNI extension value is processed during the handshake. It will never be None when the connection is ready to send or process application data, unless the client does not support SNI.

This is useful for application protocols that need to enforce that the SNI hostname matches an application layer protocol hostname. For example, HTTP/1.1 servers commonly expect the Host: header field of every request on a connection to match the hostname in the SNI extension when the client provides the SNI extension.

The SNI hostname is also used to match sessions during session resumption.

pub fn received_resumption_data(&self) -> Option<&[u8]>

Application-controlled portion of the resumption ticket supplied by the client, if any.

Recovered from the prior session’s set_resumption_data. Integrity is guaranteed by rustls.

Returns Some iff a valid resumption ticket has been received from the client.

pub fn set_resumption_data(&mut self, data: &[u8])

Set the resumption data to embed in future resumption tickets supplied to the client.

Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other data. Should be called while is_handshaking returns true to ensure all transmitted resumption tickets are affected.

Integrity will be assured by rustls, but the data will be visible to the client. If secrecy from the client is desired, encrypt the data separately.

pub fn reject_early_data(&mut self)

Explicitly discard early data, notifying the client

Useful if invariants encoded in received_resumption_data() cannot be respected.

Must be called while is_handshaking is true.

Trait Implementations

impl Debug for ServerSession

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Read for ServerSession

fn read(&mut self, buf: &mut [u8]) -> Result<usize>

Obtain plaintext data received from the peer over this TLS connection.

If the peer closes the TLS session cleanly, this fails with an error of kind ErrorKind::ConnectionAborted once all the pending data has been read. No further data can be received on that connection, so the underlying TCP connection should closed too.

Note that support close notify varies in peer TLS libraries: many do not support it and uncleanly close the TCP connection (this might be vulnerable to truncation attacks depending on the application protocol). This means applications using rustls must both handle ErrorKind::ConnectionAborted from this function, and unexpected closure of the underlying TCP connection.

fn read_vectored(&mut self, bufs: &mut [IoSliceMut<'_>]) -> Result<usize, Error>

Like read, except that it reads into a slice of buffers.

fn is_read_vectored(&self) -> bool

Determines if this Reader has an efficient read_vectored implementation.

fn read_to_end(&mut self, buf: &mut Vec<u8, Global>) -> Result<usize, Error>

Read all bytes until EOF in this source, placing them into buf.

fn read_to_string(&mut self, buf: &mut String) -> Result<usize, Error>

Read all bytes until EOF in this source, appending them to buf.

fn read_exact(&mut self, buf: &mut [u8]) -> Result<(), Error>

Read the exact number of bytes required to fill buf.

fn read_buf(&mut self, buf: BorrowedCursor<'_>) -> Result<(), Error>

Pull some bytes from this source into the specified buffer.

fn read_buf_exact(&mut self, cursor: BorrowedCursor<'_>) -> Result<(), Error>

Read the exact number of bytes required to fill cursor.

fn by_ref(&mut self) -> &mut Self

Creates a “by reference” adaptor for this instance of Read.

fn bytes(self) -> Bytes<Self>

Transforms this Read instance to an [Iterator] over its bytes.

fn chain<R>(self, next: R) -> Chain<Self, R>where
    R: Read,

Creates an adapter which will chain this stream with another.

fn take(self, limit: u64) -> Take<Self>

Creates an adapter which will read at most limit bytes from it.

impl Session for ServerSession

fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize>

Writes TLS messages to wr.

fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize>

Read TLS content from rd. This method does internal buffering, so rd can supply TLS messages in arbitrary- sized chunks (like a socket or pipe might).

fn process_new_packets(&mut self) -> Result<(), TLSError>

Processes any new packets read by a previous call to read_tls. Errors from this function relate to TLS protocol errors, and are fatal to the session. Future calls after an error will do no new work and will return the same error.

fn wants_read(&self) -> bool

Returns true if the caller should call read_tls as soon as possible.

fn wants_write(&self) -> bool

Returns true if the caller should call write_tls as soon as possible.

fn is_handshaking(&self) -> bool

Returns true if the session is currently perform the TLS handshake. During this time plaintext written to the session is buffered in memory.

fn set_buffer_limit(&mut self, len: usize)

Sets a limit on the internal buffers used to buffer unsent plaintext (prior to completing the TLS handshake) and unsent TLS records.

fn send_close_notify(&mut self)

Queues a close_notify fatal alert to be sent in the next write_tls call. This informs the peer that the connection is being closed.

fn get_peer_certificates(&self) -> Option<Vec<Certificate>>

Retrieves the certificate chain used by the peer to authenticate.

fn get_alpn_protocol(&self) -> Option<&[u8]>

Retrieves the protocol agreed with the peer via ALPN.

fn get_protocol_version(&self) -> Option<ProtocolVersion>

Retrieves the protocol version agreed with the peer.

fn export_keying_material(
    &self,
    output: &mut [u8],
    label: &[u8],
    context: Option<&[u8]>
) -> Result<(), TLSError>

Derives key material from the agreed session secrets.

fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>

Retrieves the ciphersuite agreed with the peer.

fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error>where
    Self: Sized,
    T: Read + Write,

This function uses io to complete any outstanding IO for this session.

impl Write for ServerSession

fn write(&mut self, buf: &[u8]) -> Result<usize>

Send the plaintext buf to the peer, encrypting and authenticating it. Once this function succeeds you should call write_tls which will output the corresponding TLS records.

This function buffers plaintext sent before the TLS handshake completes, and sends it as soon as it can. This buffer is of unlimited size so writing much data before it can be sent will cause excess memory usage.

fn write_vectored(&mut self, bufs: &[IoSlice<'_>]) -> Result<usize>

Like write, except that it writes from a slice of buffers.

fn flush(&mut self) -> Result<()>

Flush this output stream, ensuring that all intermediately buffered contents reach their destination.

fn is_write_vectored(&self) -> bool

Determines if this Writer has an efficient write_vectored implementation.

fn write_all(&mut self, buf: &[u8]) -> Result<(), Error>

Attempts to write an entire buffer into this writer.

fn write_all_vectored(&mut self, bufs: &mut [IoSlice<'_>]) -> Result<(), Error>

Attempts to write multiple buffers into this writer.

fn write_fmt(&mut self, fmt: Arguments<'_>) -> Result<(), Error>

Writes a formatted string into this writer, returning any error encountered.

fn by_ref(&mut self) -> &mut Self

Creates a “by reference” adapter for this instance of Write.