Crate telos [−] [src]
Rust bindings for libressl's libtls For the authoritative source on the inner workings of libtls check the manpage. The raw module holds the bindings around libtls. A more idiomatic API is provided here.
Client
use std::io::Write; use std::net::TcpStream; let tcp = TcpStream::connect("google.com:443").unwrap(); let mut client = telos::new_client() .connect(tcp, "google.com") .unwrap(); client.write("GET / HTTP/1.1\n\n".as_bytes()).unwrap();
Server
The library does not handle TCP listening and binding, you need to handle the
TCP server accept() and then call TlsServer::accept
use std::net::TcpListener; let srv = TcpListener::bind("127.0.0.1:0").unwrap(); let addr = srv.local_addr().unwrap(); let mut tls_srv = telos::new_server() .key_file("tests/private_key.key") .cert_file("tests/certificate.crt") .bind().unwrap(); // Accept TCP connection, and then start TLS over it let tcp_conn = srv.incoming().next().unwrap().unwrap(); let mut tls_conn = tls_srv.accept(tcp_conn).unwrap();
Certificate Verification
By default libtls will verify certificates using the system certificate store (usually defined as /etc/ssl/cert.pem). In some Linux flavours and in Windows this file does not exist and you will need to use one of the appropriate methods to load the correct certificates for your system - check the Builder classes for the ca methods.
Connection Lifetime
By default connect() and accept() take ownership of the underlying
sockets, to ensure they are not closed while still in use.
If you want to keep ownership, connect_socket() and accept_socket()
allow you to do it. However dropping TlsStream WILL NOT close the underlying
sockets, you need to close them yourself.
Likewise it is up to the caller to make sure the socket is not closed too early. This example fails to keep the original TcpStream in scope
#[cfg(unix)] use std::os::unix::io::AsRawFd; #[cfg(windows)] use std::os::windows::io::AsRawSocket; use std::net::TcpStream; fn create_client() -> telos::TlsStream<()> { let tcp = TcpStream::connect("google.com:443").unwrap(); let mut client = telos::new_client() .connect_socket(&tcp, "google.com") .unwrap(); client } fn main() { let mut client = create_client(); // The TcpStream was closed when create_client exited the following // will fail with "handshake failed: Bad file descriptor" client.handshake().unwrap(); }
Reexports
pub use raw::{TlsResult, TlsError}; |
Modules
| raw |
Minimal bindings around libtls. These are not very ergonomic, and may allow you to issue calls that can never succeed (e.g. read/write a server context). |
Structs
| ClientBuilder | |
| ServerBuilder | |
| TlsServer |
TLS Server, used to start TLS session over existing sockets. |
| TlsStream |
Functions
| new_client |
Create a new TLS client |
| new_server |
Create a new TLS server |