pub trait Session: QuicExt + Read + Write + Send + Sync {
Show 14 methods
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>;
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>;
fn process_new_packets(&mut self) -> Result<(), TLSError>;
fn wants_read(&self) -> bool;
fn wants_write(&self) -> bool;
fn is_handshaking(&self) -> bool;
fn set_buffer_limit(&mut self, limit: usize);
fn send_close_notify(&mut self);
fn get_peer_certificates(&self) -> Option<Vec<Certificate>>;
fn get_alpn_protocol(&self) -> Option<&[u8]>;
fn get_protocol_version(&self) -> Option<ProtocolVersion>;
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>;
fn get_negotiated_ciphersuite(
&self
) -> Option<&'static SupportedCipherSuite>;
fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error>
where
Self: Sized,
T: Read + Write,
{ ... }
}
Expand description
Generalises ClientSession
and ServerSession
Required Methods
sourcefn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, Error>
Read TLS content from rd
. This method does internal
buffering, so rd
can supply TLS messages in arbitrary-
sized chunks (like a socket or pipe might).
You should call process_new_packets
each time a call to
this function succeeds.
The returned error only relates to IO on rd
. TLS-level
errors are emitted from process_new_packets
.
This function returns Ok(0)
when the underlying rd
does
so. This typically happens when a socket is cleanly closed,
or a file is at EOF.
sourcefn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, Error>
Writes TLS messages to wr
.
On success the function returns Ok(n)
where n
is a number
of bytes written to wr
, number of bytes after encoding and
encryption.
Note that after function return the session buffer maybe not
yet fully flushed. wants_write
function can be used
to check if output buffer is not empty.
sourcefn process_new_packets(&mut self) -> Result<(), TLSError>
fn process_new_packets(&mut self) -> Result<(), TLSError>
Processes any new packets read by a previous call to read_tls
.
Errors from this function relate to TLS protocol errors, and
are fatal to the session. Future calls after an error will do
no new work and will return the same error.
Success from this function can mean new plaintext is available:
obtain it using read
.
sourcefn wants_read(&self) -> bool
fn wants_read(&self) -> bool
Returns true if the caller should call read_tls
as soon
as possible.
sourcefn wants_write(&self) -> bool
fn wants_write(&self) -> bool
Returns true if the caller should call write_tls
as soon
as possible.
sourcefn is_handshaking(&self) -> bool
fn is_handshaking(&self) -> bool
Returns true if the session is currently perform the TLS handshake. During this time plaintext written to the session is buffered in memory.
sourcefn set_buffer_limit(&mut self, limit: usize)
fn set_buffer_limit(&mut self, limit: usize)
Sets a limit on the internal buffers used to buffer unsent plaintext (prior to completing the TLS handshake) and unsent TLS records.
By default, there is no limit. The limit can be set at any time, even if the current buffer use is higher.
sourcefn send_close_notify(&mut self)
fn send_close_notify(&mut self)
Queues a close_notify fatal alert to be sent in the next
write_tls
call. This informs the peer that the
connection is being closed.
sourcefn get_peer_certificates(&self) -> Option<Vec<Certificate>>
fn get_peer_certificates(&self) -> Option<Vec<Certificate>>
Retrieves the certificate chain used by the peer to authenticate.
The order of the certificate chain is as it appears in the TLS protocol: the first certificate relates to the peer, the second certifies the first, the third certifies the second, and so on.
For clients, this is the certificate chain of the server.
For servers, this is the certificate chain of the client, if client authentication was completed.
The return value is None until this value is available.
sourcefn get_alpn_protocol(&self) -> Option<&[u8]>
fn get_alpn_protocol(&self) -> Option<&[u8]>
Retrieves the protocol agreed with the peer via ALPN.
A return value of None after handshake completion means no protocol was agreed (because no protocols were offered or accepted by the peer).
sourcefn get_protocol_version(&self) -> Option<ProtocolVersion>
fn get_protocol_version(&self) -> Option<ProtocolVersion>
Retrieves the protocol version agreed with the peer.
This returns None until the version is agreed.
sourcefn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
fn export_keying_material(
&self,
output: &mut [u8],
label: &[u8],
context: Option<&[u8]>
) -> Result<(), TLSError>
Derives key material from the agreed session secrets.
This function fills in output
with output.len()
bytes of key
material derived from the master session secret using label
and context
for diversification.
See RFC5705 for more details on what this does and is for.
For TLS1.3 connections, this function does not use the “early” exporter at any point.
This function fails if called prior to the handshake completing;
check with is_handshaking()
first.
sourcefn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>
fn get_negotiated_ciphersuite(&self) -> Option<&'static SupportedCipherSuite>
Retrieves the ciphersuite agreed with the peer.
This returns None until the ciphersuite is agreed.
Provided Methods
sourcefn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error>where
Self: Sized,
T: Read + Write,
fn complete_io<T>(&mut self, io: &mut T) -> Result<(usize, usize), Error>where
Self: Sized,
T: Read + Write,
This function uses io
to complete any outstanding IO for
this session.
This is a convenience function which solely uses other parts of the public API.
What this means depends on the session state:
- If the session
is_handshaking()
, then IO is performed until the handshake is complete. - Otherwise, if
wants_write
is true,write_tls
is invoked until it is all written. - Otherwise, if
wants_read
is true,read_tls
is invoked once.
The return value is the number of bytes read from and written
to io
, respectively.
This function will block if io
blocks.
Errors from TLS record handling (ie, from process_new_packets()
)
are wrapped in an io::ErrorKind::InvalidData
-kind error.