pub enum Connection {
Client(ClientConnection),
Server(ServerConnection),
}
std
only.Expand description
A QUIC client or server connection.
Variants§
Implementations§
Source§impl Connection
impl Connection
Sourcepub fn quic_transport_parameters(&self) -> Option<&[u8]>
pub fn quic_transport_parameters(&self) -> Option<&[u8]>
Return the TLS-encoded transport parameters for the session’s peer.
See ConnectionCommon::quic_transport_parameters()
for more details.
Sourcepub fn zero_rtt_keys(&self) -> Option<DirectionalKeys>
pub fn zero_rtt_keys(&self) -> Option<DirectionalKeys>
Compute the keys for encrypting/decrypting 0-RTT packets, if available
Sourcepub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error>
pub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error>
Consume unencrypted TLS handshake data.
Handshake data obtained from separate encryption levels should be supplied in separate calls.
Sourcepub fn write_hs(&mut self, buf: &mut Vec<u8>) -> Option<KeyChange>
pub fn write_hs(&mut self, buf: &mut Vec<u8>) -> Option<KeyChange>
Emit unencrypted TLS handshake data.
When this returns Some(_)
, the new keys must be used for future handshake data.
Sourcepub fn alert(&self) -> Option<AlertDescription>
pub fn alert(&self) -> Option<AlertDescription>
Emit the TLS description code of a fatal alert, if one has arisen.
Check after read_hs
returns Err(_)
.
Sourcepub fn export_keying_material<T: AsMut<[u8]>>(
&self,
output: T,
label: &[u8],
context: Option<&[u8]>,
) -> Result<T, Error>
pub fn export_keying_material<T: AsMut<[u8]>>( &self, output: T, label: &[u8], context: Option<&[u8]>, ) -> Result<T, Error>
Derives key material from the agreed connection secrets.
This function fills in output
with output.len()
bytes of key
material derived from the master session secret using label
and context
for diversification. Ownership of the buffer is taken
by the function and returned via the Ok result to ensure no key
material leaks if the function fails.
See RFC5705 for more details on what this does and is for.
For TLS1.3 connections, this function does not use the “early” exporter at any point.
This function fails if called prior to the handshake completing;
check with CommonState::is_handshaking
first.
Methods from Deref<Target = CommonState>§
Sourcepub fn wants_write(&self) -> bool
pub fn wants_write(&self) -> bool
Returns true if the caller should call Connection::write_tls
as soon as possible.
Sourcepub fn is_handshaking(&self) -> bool
pub fn is_handshaking(&self) -> bool
Returns true if the connection is currently performing the TLS handshake.
During this time plaintext written to the connection is buffered in memory. After
Connection::process_new_packets()
has been called, this might start to return false
while the final handshake packets still need to be extracted from the connection’s buffers.
Sourcepub fn peer_certificates(&self) -> Option<&[CertificateDer<'static>]>
pub fn peer_certificates(&self) -> Option<&[CertificateDer<'static>]>
Retrieves the certificate chain or the raw public key used by the peer to authenticate.
The order of the certificate chain is as it appears in the TLS protocol: the first certificate relates to the peer, the second certifies the first, the third certifies the second, and so on.
When using raw public keys, the first and only element is the raw public key.
This is made available for both full and resumed handshakes.
For clients, this is the certificate chain or the raw public key of the server.
For servers, this is the certificate chain or the raw public key of the client, if client authentication was completed.
The return value is None until this value is available.
Note: the return type of the ‘certificate’, when using raw public keys is CertificateDer<'static>
even though this should technically be a SubjectPublicKeyInfoDer<'static>
.
This choice simplifies the API and ensures backwards compatibility.
Sourcepub fn alpn_protocol(&self) -> Option<&[u8]>
pub fn alpn_protocol(&self) -> Option<&[u8]>
Retrieves the protocol agreed with the peer via ALPN.
A return value of None
after handshake completion
means no protocol was agreed (because no protocols
were offered or accepted by the peer).
Sourcepub fn negotiated_cipher_suite(&self) -> Option<SupportedCipherSuite>
pub fn negotiated_cipher_suite(&self) -> Option<SupportedCipherSuite>
Retrieves the ciphersuite agreed with the peer.
This returns None until the ciphersuite is agreed.
Sourcepub fn negotiated_key_exchange_group(
&self,
) -> Option<&'static dyn SupportedKxGroup>
pub fn negotiated_key_exchange_group( &self, ) -> Option<&'static dyn SupportedKxGroup>
Retrieves the key exchange group agreed with the peer.
This function may return None
depending on the state of the connection,
the type of handshake, and the protocol version.
If CommonState::is_handshaking()
is true this function will return None
.
Similarly, if the CommonState::handshake_kind()
is HandshakeKind::Resumed
and the CommonState::protocol_version()
is TLS 1.2, then no key exchange will have
occurred and this function will return None
.
Sourcepub fn protocol_version(&self) -> Option<ProtocolVersion>
pub fn protocol_version(&self) -> Option<ProtocolVersion>
Retrieves the protocol version agreed with the peer.
This returns None
until the version is agreed.
Sourcepub fn handshake_kind(&self) -> Option<HandshakeKind>
pub fn handshake_kind(&self) -> Option<HandshakeKind>
Which kind of handshake was performed.
This tells you whether the handshake was a resumption or not.
This will return None
before it is known which sort of
handshake occurred.
Sourcepub fn send_close_notify(&mut self)
pub fn send_close_notify(&mut self)
Queues a close_notify
warning alert to be sent in the next
Connection::write_tls
call. This informs the peer that the
connection is being closed.
Does nothing if any close_notify
or fatal alert was already sent.
Sourcepub fn wants_read(&self) -> bool
pub fn wants_read(&self) -> bool
Returns true if the caller should call Connection::read_tls
as soon
as possible.
If there is pending plaintext data to read with Connection::reader
,
this returns false. If your application respects this mechanism,
only one full TLS message will be buffered by rustls.
Trait Implementations§
Source§impl Debug for Connection
impl Debug for Connection
Source§impl Deref for Connection
impl Deref for Connection
Source§impl DerefMut for Connection
impl DerefMut for Connection
Source§impl From<ClientConnection> for Connection
impl From<ClientConnection> for Connection
Source§fn from(c: ClientConnection) -> Self
fn from(c: ClientConnection) -> Self
Source§impl From<ServerConnection> for Connection
impl From<ServerConnection> for Connection
Source§fn from(c: ServerConnection) -> Self
fn from(c: ServerConnection) -> Self
Auto Trait Implementations§
impl Freeze for Connection
impl !RefUnwindSafe for Connection
impl Send for Connection
impl Sync for Connection
impl Unpin for Connection
impl !UnwindSafe for Connection
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Layout§
Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...)
attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.
Size: 1128 bytes
Size for each variant:
Client
: 1032 bytesServer
: 1128 bytes