Google Git
Sign in
apache / incubator-teaclave-website / refs/heads/asf-site / . / api-docs / crates-enclave / src / rustls / server / mod.rs.html
blob: a92a0508e71b323fdc97ff689f1cb817fad6249e [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/git/checkouts/incubator-teaclave-crates-c8106113f74feefc/ede1f68/rustls-0.19.1/rustls/src/server/mod.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>mod.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../rustls/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../rustls/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
<span id="273">273</span>
<span id="274">274</span>
<span id="275">275</span>
<span id="276">276</span>
<span id="277">277</span>
<span id="278">278</span>
<span id="279">279</span>
<span id="280">280</span>
<span id="281">281</span>
<span id="282">282</span>
<span id="283">283</span>
<span id="284">284</span>
<span id="285">285</span>
<span id="286">286</span>
<span id="287">287</span>
<span id="288">288</span>
<span id="289">289</span>
<span id="290">290</span>
<span id="291">291</span>
<span id="292">292</span>
<span id="293">293</span>
<span id="294">294</span>
<span id="295">295</span>
<span id="296">296</span>
<span id="297">297</span>
<span id="298">298</span>
<span id="299">299</span>
<span id="300">300</span>
<span id="301">301</span>
<span id="302">302</span>
<span id="303">303</span>
<span id="304">304</span>
<span id="305">305</span>
<span id="306">306</span>
<span id="307">307</span>
<span id="308">308</span>
<span id="309">309</span>
<span id="310">310</span>
<span id="311">311</span>
<span id="312">312</span>
<span id="313">313</span>
<span id="314">314</span>
<span id="315">315</span>
<span id="316">316</span>
<span id="317">317</span>
<span id="318">318</span>
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
<span id="333">333</span>
<span id="334">334</span>
<span id="335">335</span>
<span id="336">336</span>
<span id="337">337</span>
<span id="338">338</span>
<span id="339">339</span>
<span id="340">340</span>
<span id="341">341</span>
<span id="342">342</span>
<span id="343">343</span>
<span id="344">344</span>
<span id="345">345</span>
<span id="346">346</span>
<span id="347">347</span>
<span id="348">348</span>
<span id="349">349</span>
<span id="350">350</span>
<span id="351">351</span>
<span id="352">352</span>
<span id="353">353</span>
<span id="354">354</span>
<span id="355">355</span>
<span id="356">356</span>
<span id="357">357</span>
<span id="358">358</span>
<span id="359">359</span>
<span id="360">360</span>
<span id="361">361</span>
<span id="362">362</span>
<span id="363">363</span>
<span id="364">364</span>
<span id="365">365</span>
<span id="366">366</span>
<span id="367">367</span>
<span id="368">368</span>
<span id="369">369</span>
<span id="370">370</span>
<span id="371">371</span>
<span id="372">372</span>
<span id="373">373</span>
<span id="374">374</span>
<span id="375">375</span>
<span id="376">376</span>
<span id="377">377</span>
<span id="378">378</span>
<span id="379">379</span>
<span id="380">380</span>
<span id="381">381</span>
<span id="382">382</span>
<span id="383">383</span>
<span id="384">384</span>
<span id="385">385</span>
<span id="386">386</span>
<span id="387">387</span>
<span id="388">388</span>
<span id="389">389</span>
<span id="390">390</span>
<span id="391">391</span>
<span id="392">392</span>
<span id="393">393</span>
<span id="394">394</span>
<span id="395">395</span>
<span id="396">396</span>
<span id="397">397</span>
<span id="398">398</span>
<span id="399">399</span>
<span id="400">400</span>
<span id="401">401</span>
<span id="402">402</span>
<span id="403">403</span>
<span id="404">404</span>
<span id="405">405</span>
<span id="406">406</span>
<span id="407">407</span>
<span id="408">408</span>
<span id="409">409</span>
<span id="410">410</span>
<span id="411">411</span>
<span id="412">412</span>
<span id="413">413</span>
<span id="414">414</span>
<span id="415">415</span>
<span id="416">416</span>
<span id="417">417</span>
<span id="418">418</span>
<span id="419">419</span>
<span id="420">420</span>
<span id="421">421</span>
<span id="422">422</span>
<span id="423">423</span>
<span id="424">424</span>
<span id="425">425</span>
<span id="426">426</span>
<span id="427">427</span>
<span id="428">428</span>
<span id="429">429</span>
<span id="430">430</span>
<span id="431">431</span>
<span id="432">432</span>
<span id="433">433</span>
<span id="434">434</span>
<span id="435">435</span>
<span id="436">436</span>
<span id="437">437</span>
<span id="438">438</span>
<span id="439">439</span>
<span id="440">440</span>
<span id="441">441</span>
<span id="442">442</span>
<span id="443">443</span>
<span id="444">444</span>
<span id="445">445</span>
<span id="446">446</span>
<span id="447">447</span>
<span id="448">448</span>
<span id="449">449</span>
<span id="450">450</span>
<span id="451">451</span>
<span id="452">452</span>
<span id="453">453</span>
<span id="454">454</span>
<span id="455">455</span>
<span id="456">456</span>
<span id="457">457</span>
<span id="458">458</span>
<span id="459">459</span>
<span id="460">460</span>
<span id="461">461</span>
<span id="462">462</span>
<span id="463">463</span>
<span id="464">464</span>
<span id="465">465</span>
<span id="466">466</span>
<span id="467">467</span>
<span id="468">468</span>
<span id="469">469</span>
<span id="470">470</span>
<span id="471">471</span>
<span id="472">472</span>
<span id="473">473</span>
<span id="474">474</span>
<span id="475">475</span>
<span id="476">476</span>
<span id="477">477</span>
<span id="478">478</span>
<span id="479">479</span>
<span id="480">480</span>
<span id="481">481</span>
<span id="482">482</span>
<span id="483">483</span>
<span id="484">484</span>
<span id="485">485</span>
<span id="486">486</span>
<span id="487">487</span>
<span id="488">488</span>
<span id="489">489</span>
<span id="490">490</span>
<span id="491">491</span>
<span id="492">492</span>
<span id="493">493</span>
<span id="494">494</span>
<span id="495">495</span>
<span id="496">496</span>
<span id="497">497</span>
<span id="498">498</span>
<span id="499">499</span>
<span id="500">500</span>
<span id="501">501</span>
<span id="502">502</span>
<span id="503">503</span>
<span id="504">504</span>
<span id="505">505</span>
<span id="506">506</span>
<span id="507">507</span>
<span id="508">508</span>
<span id="509">509</span>
<span id="510">510</span>
<span id="511">511</span>
<span id="512">512</span>
<span id="513">513</span>
<span id="514">514</span>
<span id="515">515</span>
<span id="516">516</span>
<span id="517">517</span>
<span id="518">518</span>
<span id="519">519</span>
<span id="520">520</span>
<span id="521">521</span>
<span id="522">522</span>
<span id="523">523</span>
<span id="524">524</span>
<span id="525">525</span>
<span id="526">526</span>
<span id="527">527</span>
<span id="528">528</span>
<span id="529">529</span>
<span id="530">530</span>
<span id="531">531</span>
<span id="532">532</span>
<span id="533">533</span>
<span id="534">534</span>
<span id="535">535</span>
<span id="536">536</span>
<span id="537">537</span>
<span id="538">538</span>
<span id="539">539</span>
<span id="540">540</span>
<span id="541">541</span>
<span id="542">542</span>
<span id="543">543</span>
<span id="544">544</span>
<span id="545">545</span>
<span id="546">546</span>
<span id="547">547</span>
<span id="548">548</span>
<span id="549">549</span>
<span id="550">550</span>
<span id="551">551</span>
<span id="552">552</span>
<span id="553">553</span>
<span id="554">554</span>
<span id="555">555</span>
<span id="556">556</span>
<span id="557">557</span>
<span id="558">558</span>
<span id="559">559</span>
<span id="560">560</span>
<span id="561">561</span>
<span id="562">562</span>
<span id="563">563</span>
<span id="564">564</span>
<span id="565">565</span>
<span id="566">566</span>
<span id="567">567</span>
<span id="568">568</span>
<span id="569">569</span>
<span id="570">570</span>
<span id="571">571</span>
<span id="572">572</span>
<span id="573">573</span>
<span id="574">574</span>
<span id="575">575</span>
<span id="576">576</span>
<span id="577">577</span>
<span id="578">578</span>
<span id="579">579</span>
<span id="580">580</span>
<span id="581">581</span>
<span id="582">582</span>
<span id="583">583</span>
<span id="584">584</span>
<span id="585">585</span>
<span id="586">586</span>
<span id="587">587</span>
<span id="588">588</span>
<span id="589">589</span>
<span id="590">590</span>
<span id="591">591</span>
<span id="592">592</span>
<span id="593">593</span>
<span id="594">594</span>
<span id="595">595</span>
<span id="596">596</span>
<span id="597">597</span>
<span id="598">598</span>
<span id="599">599</span>
<span id="600">600</span>
<span id="601">601</span>
<span id="602">602</span>
<span id="603">603</span>
<span id="604">604</span>
<span id="605">605</span>
<span id="606">606</span>
<span id="607">607</span>
<span id="608">608</span>
<span id="609">609</span>
<span id="610">610</span>
<span id="611">611</span>
<span id="612">612</span>
<span id="613">613</span>
<span id="614">614</span>
<span id="615">615</span>
<span id="616">616</span>
<span id="617">617</span>
<span id="618">618</span>
<span id="619">619</span>
<span id="620">620</span>
<span id="621">621</span>
<span id="622">622</span>
<span id="623">623</span>
<span id="624">624</span>
<span id="625">625</span>
<span id="626">626</span>
<span id="627">627</span>
<span id="628">628</span>
<span id="629">629</span>
<span id="630">630</span>
<span id="631">631</span>
<span id="632">632</span>
<span id="633">633</span>
<span id="634">634</span>
<span id="635">635</span>
<span id="636">636</span>
<span id="637">637</span>
<span id="638">638</span>
<span id="639">639</span>
<span id="640">640</span>
<span id="641">641</span>
<span id="642">642</span>
<span id="643">643</span>
<span id="644">644</span>
<span id="645">645</span>
<span id="646">646</span>
<span id="647">647</span>
<span id="648">648</span>
<span id="649">649</span>
<span id="650">650</span>
<span id="651">651</span>
<span id="652">652</span>
<span id="653">653</span>
<span id="654">654</span>
<span id="655">655</span>
<span id="656">656</span>
<span id="657">657</span>
<span id="658">658</span>
<span id="659">659</span>
<span id="660">660</span>
<span id="661">661</span>
<span id="662">662</span>
<span id="663">663</span>
<span id="664">664</span>
<span id="665">665</span>
<span id="666">666</span>
<span id="667">667</span>
<span id="668">668</span>
<span id="669">669</span>
<span id="670">670</span>
<span id="671">671</span>
<span id="672">672</span>
<span id="673">673</span>
<span id="674">674</span>
<span id="675">675</span>
<span id="676">676</span>
<span id="677">677</span>
<span id="678">678</span>
<span id="679">679</span>
<span id="680">680</span>
<span id="681">681</span>
<span id="682">682</span>
<span id="683">683</span>
<span id="684">684</span>
<span id="685">685</span>
<span id="686">686</span>
<span id="687">687</span>
<span id="688">688</span>
<span id="689">689</span>
<span id="690">690</span>
<span id="691">691</span>
<span id="692">692</span>
<span id="693">693</span>
<span id="694">694</span>
<span id="695">695</span>
<span id="696">696</span>
<span id="697">697</span>
<span id="698">698</span>
<span id="699">699</span>
<span id="700">700</span>
<span id="701">701</span>
<span id="702">702</span>
<span id="703">703</span>
<span id="704">704</span>
<span id="705">705</span>
<span id="706">706</span>
<span id="707">707</span>
<span id="708">708</span>
<span id="709">709</span>
<span id="710">710</span>
<span id="711">711</span>
<span id="712">712</span>
<span id="713">713</span>
<span id="714">714</span>
<span id="715">715</span>
<span id="716">716</span>
<span id="717">717</span>
<span id="718">718</span>
<span id="719">719</span>
<span id="720">720</span>
<span id="721">721</span>
<span id="722">722</span>
<span id="723">723</span>
<span id="724">724</span>
<span id="725">725</span>
<span id="726">726</span>
<span id="727">727</span>
<span id="728">728</span>
<span id="729">729</span>
<span id="730">730</span>
<span id="731">731</span>
<span id="732">732</span>
<span id="733">733</span>
<span id="734">734</span>
<span id="735">735</span>
<span id="736">736</span>
<span id="737">737</span>
<span id="738">738</span>
<span id="739">739</span>
<span id="740">740</span>
<span id="741">741</span>
<span id="742">742</span>
<span id="743">743</span>
<span id="744">744</span>
<span id="745">745</span>
<span id="746">746</span>
<span id="747">747</span>
<span id="748">748</span>
<span id="749">749</span>
<span id="750">750</span>
<span id="751">751</span>
<span id="752">752</span>
<span id="753">753</span>
<span id="754">754</span>
</pre><pre class="rust"><code><span class="kw">use </span><span class="kw">crate</span>::error::TLSError;
<span class="kw">use </span><span class="kw">crate</span>::key;
<span class="kw">use </span><span class="kw">crate</span>::keylog::{KeyLog, NoKeyLog};
<span class="attribute">#[cfg(feature = <span class="string">&quot;logging&quot;</span>)]
</span><span class="kw">use </span><span class="kw">crate</span>::log::trace;
<span class="kw">use </span><span class="kw">crate</span>::msgs::enums::ContentType;
<span class="kw">use </span><span class="kw">crate</span>::msgs::enums::SignatureScheme;
<span class="kw">use </span><span class="kw">crate</span>::msgs::enums::{AlertDescription, HandshakeType, ProtocolVersion};
<span class="kw">use </span><span class="kw">crate</span>::msgs::handshake::ServerExtension;
<span class="kw">use </span><span class="kw">crate</span>::msgs::message::Message;
<span class="kw">use </span><span class="kw">crate</span>::session::{MiddleboxCCS, Session, SessionCommon};
<span class="kw">use </span><span class="kw">crate</span>::sign;
<span class="kw">use </span><span class="kw">crate</span>::suites::{SupportedCipherSuite, ALL_CIPHERSUITES};
<span class="kw">use </span><span class="kw">crate</span>::verify;
<span class="kw">use </span>webpki;
<span class="kw">use </span>std::fmt;
<span class="kw">use </span>std::io::{<span class="self">self</span>, IoSlice};
<span class="kw">use </span>std::sync::Arc;
<span class="attribute">#[macro_use]
</span><span class="kw">mod </span>hs;
<span class="kw">mod </span>common;
<span class="kw">pub mod </span>handy;
<span class="kw">mod </span>tls12;
<span class="kw">mod </span>tls13;
<span class="doccomment">/// A trait for the ability to store server session data.
///
/// The keys and values are opaque.
///
/// Both the keys and values should be treated as
/// **highly sensitive data**, containing enough key material
/// to break all security of the corresponding sessions.
///
/// Implementations can be lossy (in other words, forgetting
/// key/value pairs) without any negative security consequences.
///
/// However, note that `take` **must** reliably delete a returned
/// value. If it does not, there may be security consequences.
///
/// `put` and `take` are mutating operations; this isn&#39;t expressed
/// in the type system to allow implementations freedom in
/// how to achieve interior mutability. `Mutex` is a common
/// choice.
</span><span class="kw">pub trait </span>StoresServerSessions: Send + Sync {
<span class="doccomment">/// Store session secrets encoded in `value` against `key`,
/// overwrites any existing value against `key`. Returns `true`
/// if the value was stored.
</span><span class="kw">fn </span>put(<span class="kw-2">&amp;</span><span class="self">self</span>, key: Vec&lt;u8&gt;, value: Vec&lt;u8&gt;) -&gt; bool;
<span class="doccomment">/// Find a value with the given `key`. Return it, or None
/// if it doesn&#39;t exist.
</span><span class="kw">fn </span>get(<span class="kw-2">&amp;</span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;;
<span class="doccomment">/// Find a value with the given `key`. Return it and delete it;
/// or None if it doesn&#39;t exist.
</span><span class="kw">fn </span>take(<span class="kw-2">&amp;</span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;;
}
<span class="doccomment">/// A trait for the ability to encrypt and decrypt tickets.
</span><span class="kw">pub trait </span>ProducesTickets: Send + Sync {
<span class="doccomment">/// Returns true if this implementation will encrypt/decrypt
/// tickets. Should return false if this is a dummy
/// implementation: the server will not send the SessionTicket
/// extension and will not call the other functions.
</span><span class="kw">fn </span>enabled(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool;
<span class="doccomment">/// Returns the lifetime in seconds of tickets produced now.
/// The lifetime is provided as a hint to clients that the
/// ticket will not be useful after the given time.
///
/// This lifetime must be implemented by key rolling and
/// erasure, *not* by storing a lifetime in the ticket.
///
/// The objective is to limit damage to forward secrecy caused
/// by tickets, not just limiting their lifetime.
</span><span class="kw">fn </span>get_lifetime(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; u32;
<span class="doccomment">/// Encrypt and authenticate `plain`, returning the resulting
/// ticket. Return None if `plain` cannot be encrypted for
/// some reason: an empty ticket will be sent and the connection
/// will continue.
</span><span class="kw">fn </span>encrypt(<span class="kw-2">&amp;</span><span class="self">self</span>, plain: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;;
<span class="doccomment">/// Decrypt `cipher`, validating its authenticity protection
/// and recovering the plaintext. `cipher` is fully attacker
/// controlled, so this decryption must be side-channel free,
/// panic-proof, and otherwise bullet-proof. If the decryption
/// fails, return None.
</span><span class="kw">fn </span>decrypt(<span class="kw-2">&amp;</span><span class="self">self</span>, cipher: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;;
}
<span class="doccomment">/// How to choose a certificate chain and signing key for use
/// in server authentication.
</span><span class="kw">pub trait </span>ResolvesServerCert: Send + Sync {
<span class="doccomment">/// Choose a certificate chain and matching key given simplified
/// ClientHello information.
///
/// Return `None` to abort the handshake.
</span><span class="kw">fn </span>resolve(<span class="kw-2">&amp;</span><span class="self">self</span>, client_hello: ClientHello) -&gt; <span class="prelude-ty">Option</span>&lt;sign::CertifiedKey&gt;;
}
<span class="doccomment">/// A struct representing the received Client Hello
</span><span class="kw">pub struct </span>ClientHello&lt;<span class="lifetime">&#39;a</span>&gt; {
server_name: <span class="prelude-ty">Option</span>&lt;webpki::DNSNameRef&lt;<span class="lifetime">&#39;a</span>&gt;&gt;,
sigschemes: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[SignatureScheme],
alpn: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8]]&gt;,
}
<span class="kw">impl</span>&lt;<span class="lifetime">&#39;a</span>&gt; ClientHello&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="doccomment">/// Creates a new ClientHello
</span><span class="kw">fn </span>new(
server_name: <span class="prelude-ty">Option</span>&lt;webpki::DNSNameRef&lt;<span class="lifetime">&#39;a</span>&gt;&gt;,
sigschemes: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[SignatureScheme],
alpn: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8]]&gt;,
) -&gt; <span class="self">Self </span>{
ClientHello {
server_name,
sigschemes,
alpn,
}
}
<span class="doccomment">/// Get the server name indicator.
///
/// Returns `None` if the client did not supply a SNI.
</span><span class="kw">pub fn </span>server_name(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;webpki::DNSNameRef&gt; {
<span class="self">self</span>.server_name
}
<span class="doccomment">/// Get the compatible signature schemes.
///
/// Returns standard-specified default if the client omitted this extension.
</span><span class="kw">pub fn </span>sigschemes(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>[SignatureScheme] {
<span class="self">self</span>.sigschemes
}
<span class="doccomment">/// Get the alpn.
///
/// Returns `None` if the client did not include an ALPN extension
</span><span class="kw">pub fn </span>alpn(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8]]&gt; {
<span class="self">self</span>.alpn
}
}
<span class="doccomment">/// Common configuration for a set of server sessions.
///
/// Making one of these can be expensive, and should be
/// once per process rather than once per connection.
</span><span class="attribute">#[derive(Clone)]
</span><span class="kw">pub struct </span>ServerConfig {
<span class="doccomment">/// List of ciphersuites, in preference order.
</span><span class="kw">pub </span>ciphersuites: Vec&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt;,
<span class="doccomment">/// Ignore the client&#39;s ciphersuite order. Instead,
/// choose the top ciphersuite in the server list
/// which is supported by the client.
</span><span class="kw">pub </span>ignore_client_order: bool,
<span class="doccomment">/// Our MTU. If None, we don&#39;t limit TLS message sizes.
</span><span class="kw">pub </span>mtu: <span class="prelude-ty">Option</span>&lt;usize&gt;,
<span class="doccomment">/// How to store client sessions.
</span><span class="kw">pub </span>session_storage: Arc&lt;<span class="kw">dyn </span>StoresServerSessions + Send + Sync&gt;,
<span class="doccomment">/// How to produce tickets.
</span><span class="kw">pub </span>ticketer: Arc&lt;<span class="kw">dyn </span>ProducesTickets&gt;,
<span class="doccomment">/// How to choose a server cert and key.
</span><span class="kw">pub </span>cert_resolver: Arc&lt;<span class="kw">dyn </span>ResolvesServerCert&gt;,
<span class="doccomment">/// Protocol names we support, most preferred first.
/// If empty we don&#39;t do ALPN at all.
</span><span class="kw">pub </span>alpn_protocols: Vec&lt;Vec&lt;u8&gt;&gt;,
<span class="doccomment">/// Supported protocol versions, in no particular order.
/// The default is all supported versions.
</span><span class="kw">pub </span>versions: Vec&lt;ProtocolVersion&gt;,
<span class="doccomment">/// How to verify client certificates.
</span>verifier: Arc&lt;<span class="kw">dyn </span>verify::ClientCertVerifier&gt;,
<span class="doccomment">/// How to output key material for debugging. The default
/// does nothing.
</span><span class="kw">pub </span>key_log: Arc&lt;<span class="kw">dyn </span>KeyLog&gt;,
<span class="doccomment">/// Amount of early data to accept; 0 to disable.
</span><span class="attribute">#[cfg(feature = <span class="string">&quot;quic&quot;</span>)] </span><span class="comment">// TLS support unimplemented
</span><span class="attribute">#[doc(hidden)]
</span><span class="kw">pub </span>max_early_data_size: u32,
}
<span class="kw">impl </span>ServerConfig {
<span class="doccomment">/// Make a `ServerConfig` with a default set of ciphersuites,
/// no keys/certificates, and no ALPN protocols. Session resumption
/// is enabled by storing up to 256 recent sessions in memory. Tickets are
/// disabled.
///
/// Publicly-available web servers on the internet generally don&#39;t do client
/// authentication; for this use case, `client_cert_verifier` should be a
/// `NoClientAuth`. Otherwise, use `AllowAnyAuthenticatedClient` or another
/// implementation to enforce client authentication.
///
/// We don&#39;t provide a default for `client_cert_verifier` because the safest
/// default, requiring client authentication, requires additional
/// configuration that we cannot provide reasonable defaults for.
</span><span class="kw">pub fn </span>new(client_cert_verifier: Arc&lt;<span class="kw">dyn </span>verify::ClientCertVerifier&gt;) -&gt; ServerConfig {
ServerConfig::with_ciphersuites(client_cert_verifier, <span class="kw-2">&amp;</span>ALL_CIPHERSUITES)
}
<span class="doccomment">/// Make a `ServerConfig` with a custom set of ciphersuites,
/// no keys/certificates, and no ALPN protocols. Session resumption
/// is enabled by storing up to 256 recent sessions in memory. Tickets are
/// disabled.
///
/// Publicly-available web servers on the internet generally don&#39;t do client
/// authentication; for this use case, `client_cert_verifier` should be a
/// `NoClientAuth`. Otherwise, use `AllowAnyAuthenticatedClient` or another
/// implementation to enforce client authentication.
///
/// We don&#39;t provide a default for `client_cert_verifier` because the safest
/// default, requiring client authentication, requires additional
/// configuration that we cannot provide reasonable defaults for.
</span><span class="kw">pub fn </span>with_ciphersuites(
client_cert_verifier: Arc&lt;<span class="kw">dyn </span>verify::ClientCertVerifier&gt;,
ciphersuites: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite],
) -&gt; ServerConfig {
ServerConfig {
ciphersuites: ciphersuites.to_vec(),
ignore_client_order: <span class="bool-val">false</span>,
mtu: <span class="prelude-val">None</span>,
session_storage: handy::ServerSessionMemoryCache::new(<span class="number">256</span>),
ticketer: Arc::new(handy::NeverProducesTickets {}),
alpn_protocols: Vec::new(),
cert_resolver: Arc::new(handy::FailResolveChain {}),
versions: <span class="macro">vec!</span>[ProtocolVersion::TLSv1_3, ProtocolVersion::TLSv1_2],
verifier: client_cert_verifier,
key_log: Arc::new(NoKeyLog {}),
<span class="attribute">#[cfg(feature = <span class="string">&quot;quic&quot;</span>)]
</span>max_early_data_size: <span class="number">0</span>,
}
}
<span class="attribute">#[doc(hidden)]
</span><span class="doccomment">/// We support a given TLS version if it&#39;s quoted in the configured
/// versions *and* at least one ciphersuite for this version is
/// also configured.
</span><span class="kw">pub fn </span>supports_version(<span class="kw-2">&amp;</span><span class="self">self</span>, v: ProtocolVersion) -&gt; bool {
<span class="self">self</span>.versions.contains(<span class="kw-2">&amp;</span>v)
&amp;&amp; <span class="self">self
</span>.ciphersuites
.iter()
.any(|cs| cs.usable_for_version(v))
}
<span class="attribute">#[doc(hidden)]
</span><span class="kw">pub fn </span>get_verifier(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span><span class="kw">dyn </span>verify::ClientCertVerifier {
<span class="self">self</span>.verifier.as_ref()
}
<span class="doccomment">/// Sets the session persistence layer to `persist`.
</span><span class="kw">pub fn </span>set_persistence(<span class="kw-2">&amp;mut </span><span class="self">self</span>, persist: Arc&lt;<span class="kw">dyn </span>StoresServerSessions + Send + Sync&gt;) {
<span class="self">self</span>.session_storage = persist;
}
<span class="doccomment">/// Sets a single certificate chain and matching private key. This
/// certificate and key is used for all subsequent connections,
/// irrespective of things like SNI hostname.
///
/// Note that the end-entity certificate must have the
/// [Subject Alternative Name](https://tools.ietf.org/html/rfc6125#section-4.1)
/// extension to describe, e.g., the valid DNS name. The `commonName` field is
/// disregarded.
///
/// `cert_chain` is a vector of DER-encoded certificates.
/// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key.
///
/// This function fails if `key_der` is invalid.
</span><span class="kw">pub fn </span>set_single_cert(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
cert_chain: Vec&lt;key::Certificate&gt;,
key_der: key::PrivateKey,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="kw">let </span>resolver = handy::AlwaysResolvesChain::new(cert_chain, <span class="kw-2">&amp;</span>key_der)<span class="question-mark">?</span>;
<span class="self">self</span>.cert_resolver = Arc::new(resolver);
<span class="prelude-val">Ok</span>(())
}
<span class="doccomment">/// Sets a single certificate chain, matching private key and OCSP
/// response. This certificate and key is used for all subsequent
/// connections, irrespective of things like SNI hostname.
///
/// `cert_chain` is a vector of DER-encoded certificates.
/// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key.
/// `ocsp` is a DER-encoded OCSP response. Ignored if zero length.
/// `scts` is an `SignedCertificateTimestampList` encoding (see RFC6962)
/// and is ignored if empty.
///
/// This function fails if `key_der` is invalid.
</span><span class="kw">pub fn </span>set_single_cert_with_ocsp_and_sct(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
cert_chain: Vec&lt;key::Certificate&gt;,
key_der: key::PrivateKey,
ocsp: Vec&lt;u8&gt;,
scts: Vec&lt;u8&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="kw">let </span>resolver =
handy::AlwaysResolvesChain::new_with_extras(cert_chain, <span class="kw-2">&amp;</span>key_der, ocsp, scts)<span class="question-mark">?</span>;
<span class="self">self</span>.cert_resolver = Arc::new(resolver);
<span class="prelude-val">Ok</span>(())
}
<span class="doccomment">/// Set the ALPN protocol list to the given protocol names.
/// Overwrites any existing configured protocols.
///
/// The first element in the `protocols` list is the most
/// preferred, the last is the least preferred.
</span><span class="kw">pub fn </span>set_protocols(<span class="kw-2">&amp;mut </span><span class="self">self</span>, protocols: <span class="kw-2">&amp;</span>[Vec&lt;u8&gt;]) {
<span class="self">self</span>.alpn_protocols.clear();
<span class="self">self</span>.alpn_protocols
.extend_from_slice(protocols);
}
<span class="doccomment">/// Overrides the default `ClientCertVerifier` with something else.
</span><span class="kw">pub fn </span>set_client_certificate_verifier(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
verifier: Arc&lt;<span class="kw">dyn </span>verify::ClientCertVerifier&gt;,
) {
<span class="self">self</span>.verifier = verifier;
}
}
<span class="kw">pub struct </span>ServerSessionImpl {
<span class="kw">pub </span>config: Arc&lt;ServerConfig&gt;,
<span class="kw">pub </span>common: SessionCommon,
sni: <span class="prelude-ty">Option</span>&lt;webpki::DNSName&gt;,
<span class="kw">pub </span>alpn_protocol: <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;,
<span class="kw">pub </span>quic_params: <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;,
<span class="kw">pub </span>received_resumption_data: <span class="prelude-ty">Option</span>&lt;Vec&lt;u8&gt;&gt;,
<span class="kw">pub </span>resumption_data: Vec&lt;u8&gt;,
<span class="kw">pub </span>error: <span class="prelude-ty">Option</span>&lt;TLSError&gt;,
<span class="kw">pub </span>state: <span class="prelude-ty">Option</span>&lt;Box&lt;<span class="kw">dyn </span>hs::State + Send + Sync&gt;&gt;,
<span class="kw">pub </span>client_cert_chain: <span class="prelude-ty">Option</span>&lt;Vec&lt;key::Certificate&gt;&gt;,
<span class="doccomment">/// Whether to reject early data even if it would otherwise be accepted
</span><span class="kw">pub </span>reject_early_data: bool,
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>ServerSessionImpl {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, f: <span class="kw-2">&amp;mut </span>fmt::Formatter) -&gt; fmt::Result {
f.debug_struct(<span class="string">&quot;ServerSessionImpl&quot;</span>)
.finish()
}
}
<span class="kw">impl </span>ServerSessionImpl {
<span class="kw">pub fn </span>new(
server_config: <span class="kw-2">&amp;</span>Arc&lt;ServerConfig&gt;,
extra_exts: Vec&lt;ServerExtension&gt;,
) -&gt; ServerSessionImpl {
ServerSessionImpl {
config: server_config.clone(),
common: SessionCommon::new(server_config.mtu, <span class="bool-val">false</span>),
sni: <span class="prelude-val">None</span>,
alpn_protocol: <span class="prelude-val">None</span>,
quic_params: <span class="prelude-val">None</span>,
received_resumption_data: <span class="prelude-val">None</span>,
resumption_data: Vec::new(),
error: <span class="prelude-val">None</span>,
state: <span class="prelude-val">Some</span>(Box::new(hs::ExpectClientHello::new(
server_config,
extra_exts,
))),
client_cert_chain: <span class="prelude-val">None</span>,
reject_early_data: <span class="bool-val">false</span>,
}
}
<span class="kw">pub fn </span>wants_read(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool {
<span class="comment">// We want to read more data all the time, except when we
// have unprocessed plaintext. This provides back-pressure
// to the TCP buffers.
//
// This also covers the handshake case, because we don&#39;t have
// readable plaintext before handshake has completed.
</span>!<span class="self">self</span>.common.has_readable_plaintext()
}
<span class="kw">pub fn </span>wants_write(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool {
!<span class="self">self</span>.common.sendable_tls.is_empty()
}
<span class="kw">pub fn </span>is_handshaking(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool {
!<span class="self">self</span>.common.traffic
}
<span class="kw">pub fn </span>set_buffer_limit(<span class="kw-2">&amp;mut </span><span class="self">self</span>, len: usize) {
<span class="self">self</span>.common.set_buffer_limit(len)
}
<span class="kw">pub fn </span>process_msg(<span class="kw-2">&amp;mut </span><span class="self">self</span>, <span class="kw-2">mut </span>msg: Message) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="comment">// TLS1.3: drop CCS at any time during handshaking
</span><span class="kw">if let </span>MiddleboxCCS::Drop = <span class="self">self</span>.common.filter_tls13_ccs(<span class="kw-2">&amp;</span>msg)<span class="question-mark">? </span>{
<span class="macro">trace!</span>(<span class="string">&quot;Dropping CCS&quot;</span>);
<span class="kw">return </span><span class="prelude-val">Ok</span>(());
}
<span class="comment">// Decrypt if demanded by current state.
</span><span class="kw">if </span><span class="self">self</span>.common.record_layer.is_decrypting() {
<span class="kw">let </span>dm = <span class="self">self</span>.common.decrypt_incoming(msg)<span class="question-mark">?</span>;
msg = dm;
}
<span class="comment">// For handshake messages, we need to join them before parsing
// and processing.
</span><span class="kw">if </span><span class="self">self
</span>.common
.handshake_joiner
.want_message(<span class="kw-2">&amp;</span>msg)
{
<span class="self">self</span>.common
.handshake_joiner
.take_message(msg)
.ok_or_else(|| {
<span class="self">self</span>.common
.send_fatal_alert(AlertDescription::DecodeError);
TLSError::CorruptMessagePayload(ContentType::Handshake)
})<span class="question-mark">?</span>;
<span class="kw">return </span><span class="self">self</span>.process_new_handshake_messages();
}
<span class="comment">// Now we can fully parse the message payload.
</span>msg.decode_payload();
<span class="kw">if </span>msg.is_content_type(ContentType::Alert) {
<span class="kw">return </span><span class="self">self</span>.common.process_alert(msg);
}
<span class="self">self</span>.process_main_protocol(msg)
}
<span class="kw">pub fn </span>process_new_handshake_messages(<span class="kw-2">&amp;mut </span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="kw">while let </span><span class="prelude-val">Some</span>(msg) = <span class="self">self
</span>.common
.handshake_joiner
.frames
.pop_front()
{
<span class="self">self</span>.process_main_protocol(msg)<span class="question-mark">?</span>;
}
<span class="prelude-val">Ok</span>(())
}
<span class="kw">fn </span>queue_unexpected_alert(<span class="kw-2">&amp;mut </span><span class="self">self</span>) {
<span class="self">self</span>.common
.send_fatal_alert(AlertDescription::UnexpectedMessage);
}
<span class="kw">fn </span>maybe_send_unexpected_alert(<span class="kw-2">&amp;mut </span><span class="self">self</span>, rc: hs::NextStateOrError) -&gt; hs::NextStateOrError {
<span class="kw">match </span>rc {
<span class="prelude-val">Err</span>(TLSError::InappropriateMessage { .. })
| <span class="prelude-val">Err</span>(TLSError::InappropriateHandshakeMessage { .. }) =&gt; {
<span class="self">self</span>.queue_unexpected_alert();
}
<span class="kw">_ </span>=&gt; {}
};
rc
}
<span class="kw">pub fn </span>process_main_protocol(<span class="kw-2">&amp;mut </span><span class="self">self</span>, msg: Message) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="kw">if </span><span class="self">self</span>.common.traffic
&amp;&amp; !<span class="self">self</span>.common.is_tls13()
&amp;&amp; msg.is_handshake_type(HandshakeType::ClientHello)
{
<span class="self">self</span>.common
.send_warning_alert(AlertDescription::NoRenegotiation);
<span class="kw">return </span><span class="prelude-val">Ok</span>(());
}
<span class="kw">let </span>state = <span class="self">self</span>.state.take().unwrap();
<span class="kw">let </span>maybe_next_state = state.handle(<span class="self">self</span>, msg);
<span class="kw">let </span>next_state = <span class="self">self</span>.maybe_send_unexpected_alert(maybe_next_state)<span class="question-mark">?</span>;
<span class="self">self</span>.state = <span class="prelude-val">Some</span>(next_state);
<span class="prelude-val">Ok</span>(())
}
<span class="kw">pub fn </span>process_new_packets(<span class="kw-2">&amp;mut </span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="kw">if let </span><span class="prelude-val">Some</span>(<span class="kw-2">ref </span>err) = <span class="self">self</span>.error {
<span class="kw">return </span><span class="prelude-val">Err</span>(err.clone());
}
<span class="kw">if </span><span class="self">self</span>.common.message_deframer.desynced {
<span class="kw">return </span><span class="prelude-val">Err</span>(TLSError::CorruptMessage);
}
<span class="kw">while let </span><span class="prelude-val">Some</span>(msg) = <span class="self">self
</span>.common
.message_deframer
.frames
.pop_front()
{
<span class="kw">match </span><span class="self">self</span>.process_msg(msg) {
<span class="prelude-val">Ok</span>(<span class="kw">_</span>) =&gt; {}
<span class="prelude-val">Err</span>(err) =&gt; {
<span class="self">self</span>.error = <span class="prelude-val">Some</span>(err.clone());
<span class="kw">return </span><span class="prelude-val">Err</span>(err);
}
}
}
<span class="prelude-val">Ok</span>(())
}
<span class="kw">pub fn </span>get_peer_certificates(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;Vec&lt;key::Certificate&gt;&gt; {
<span class="self">self</span>.client_cert_chain
.as_ref()
.map(|chain| chain.iter().cloned().collect())
}
<span class="kw">pub fn </span>get_alpn_protocol(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>[u8]&gt; {
<span class="self">self</span>.alpn_protocol
.as_ref()
.map(AsRef::as_ref)
}
<span class="kw">pub fn </span>get_protocol_version(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;ProtocolVersion&gt; {
<span class="self">self</span>.common.negotiated_version
}
<span class="kw">pub fn </span>get_negotiated_ciphersuite(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt; {
<span class="self">self</span>.common.get_suite()
}
<span class="kw">pub fn </span>get_sni(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>webpki::DNSName&gt; {
<span class="self">self</span>.sni.as_ref()
}
<span class="kw">pub fn </span>set_sni(<span class="kw-2">&amp;mut </span><span class="self">self</span>, value: webpki::DNSName) {
<span class="comment">// The SNI hostname is immutable once set.
</span><span class="macro">assert!</span>(<span class="self">self</span>.sni.is_none());
<span class="self">self</span>.sni = <span class="prelude-val">Some</span>(value)
}
<span class="kw">fn </span>export_keying_material(
<span class="kw-2">&amp;</span><span class="self">self</span>,
output: <span class="kw-2">&amp;mut </span>[u8],
label: <span class="kw-2">&amp;</span>[u8],
context: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>[u8]&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="self">self</span>.state
.as_ref()
.ok_or_else(|| TLSError::HandshakeNotComplete)
.and_then(|st| st.export_keying_material(output, label, context))
}
<span class="kw">fn </span>send_some_plaintext(<span class="kw-2">&amp;mut </span><span class="self">self</span>, buf: <span class="kw-2">&amp;</span>[u8]) -&gt; usize {
<span class="kw">let </span><span class="kw-2">mut </span>st = <span class="self">self</span>.state.take();
st.as_mut()
.map(|st| st.perhaps_write_key_update(<span class="self">self</span>));
<span class="self">self</span>.state = st;
<span class="self">self</span>.common.send_some_plaintext(buf)
}
}
<span class="doccomment">/// This represents a single TLS server session.
///
/// Send TLS-protected data to the peer using the `io::Write` trait implementation.
/// Read data from the peer using the `io::Read` trait implementation.
</span><span class="attribute">#[derive(Debug)]
</span><span class="kw">pub struct </span>ServerSession {
<span class="comment">// We use the pimpl idiom to hide unimportant details.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) imp: ServerSessionImpl,
}
<span class="kw">impl </span>ServerSession {
<span class="doccomment">/// Make a new ServerSession. `config` controls how
/// we behave in the TLS protocol.
</span><span class="kw">pub fn </span>new(config: <span class="kw-2">&amp;</span>Arc&lt;ServerConfig&gt;) -&gt; ServerSession {
ServerSession {
imp: ServerSessionImpl::new(config, <span class="macro">vec!</span>[]),
}
}
<span class="doccomment">/// Retrieves the SNI hostname, if any, used to select the certificate and
/// private key.
///
/// This returns `None` until some time after the client&#39;s SNI extension
/// value is processed during the handshake. It will never be `None` when
/// the connection is ready to send or process application data, unless the
/// client does not support SNI.
///
/// This is useful for application protocols that need to enforce that the
/// SNI hostname matches an application layer protocol hostname. For
/// example, HTTP/1.1 servers commonly expect the `Host:` header field of
/// every request on a connection to match the hostname in the SNI extension
/// when the client provides the SNI extension.
///
/// The SNI hostname is also used to match sessions during session
/// resumption.
</span><span class="kw">pub fn </span>get_sni_hostname(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>str&gt; {
<span class="self">self</span>.imp
.get_sni()
.map(|s| s.as_ref().into())
}
<span class="doccomment">/// Application-controlled portion of the resumption ticket supplied by the client, if any.
///
/// Recovered from the prior session&#39;s `set_resumption_data`. Integrity is guaranteed by rustls.
///
/// Returns `Some` iff a valid resumption ticket has been received from the client.
</span><span class="kw">pub fn </span>received_resumption_data(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>[u8]&gt; {
<span class="self">self</span>.imp
.received_resumption_data
.as_ref()
.map(|x| <span class="kw-2">&amp;</span>x[..])
}
<span class="doccomment">/// Set the resumption data to embed in future resumption tickets supplied to the client.
///
/// Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other
/// data. Should be called while `is_handshaking` returns true to ensure all transmitted
/// resumption tickets are affected.
///
/// Integrity will be assured by rustls, but the data will be visible to the client. If secrecy
/// from the client is desired, encrypt the data separately.
</span><span class="kw">pub fn </span>set_resumption_data(<span class="kw-2">&amp;mut </span><span class="self">self</span>, data: <span class="kw-2">&amp;</span>[u8]) {
<span class="macro">assert!</span>(data.len() &lt; <span class="number">2usize</span>.pow(<span class="number">15</span>));
<span class="self">self</span>.imp.resumption_data = data.into();
}
<span class="doccomment">/// Explicitly discard early data, notifying the client
///
/// Useful if invariants encoded in `received_resumption_data()` cannot be respected.
///
/// Must be called while `is_handshaking` is true.
</span><span class="kw">pub fn </span>reject_early_data(<span class="kw-2">&amp;mut </span><span class="self">self</span>) {
<span class="macro">assert!</span>(
<span class="self">self</span>.is_handshaking(),
<span class="string">&quot;cannot retroactively reject early data&quot;
</span>);
<span class="self">self</span>.imp.reject_early_data = <span class="bool-val">true</span>;
}
}
<span class="kw">impl </span>Session <span class="kw">for </span>ServerSession {
<span class="kw">fn </span>read_tls(<span class="kw-2">&amp;mut </span><span class="self">self</span>, rd: <span class="kw-2">&amp;mut </span><span class="kw">dyn </span>io::Read) -&gt; io::Result&lt;usize&gt; {
<span class="self">self</span>.imp.common.read_tls(rd)
}
<span class="doccomment">/// Writes TLS messages to `wr`.
</span><span class="kw">fn </span>write_tls(<span class="kw-2">&amp;mut </span><span class="self">self</span>, wr: <span class="kw-2">&amp;mut </span><span class="kw">dyn </span>io::Write) -&gt; io::Result&lt;usize&gt; {
<span class="self">self</span>.imp.common.write_tls(wr)
}
<span class="kw">fn </span>process_new_packets(<span class="kw-2">&amp;mut </span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="self">self</span>.imp.process_new_packets()
}
<span class="kw">fn </span>wants_read(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool {
<span class="self">self</span>.imp.wants_read()
}
<span class="kw">fn </span>wants_write(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool {
<span class="self">self</span>.imp.wants_write()
}
<span class="kw">fn </span>is_handshaking(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; bool {
<span class="self">self</span>.imp.is_handshaking()
}
<span class="kw">fn </span>set_buffer_limit(<span class="kw-2">&amp;mut </span><span class="self">self</span>, len: usize) {
<span class="self">self</span>.imp.set_buffer_limit(len)
}
<span class="kw">fn </span>send_close_notify(<span class="kw-2">&amp;mut </span><span class="self">self</span>) {
<span class="self">self</span>.imp.common.send_close_notify()
}
<span class="kw">fn </span>get_peer_certificates(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;Vec&lt;key::Certificate&gt;&gt; {
<span class="self">self</span>.imp.get_peer_certificates()
}
<span class="kw">fn </span>get_alpn_protocol(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>[u8]&gt; {
<span class="self">self</span>.imp.get_alpn_protocol()
}
<span class="kw">fn </span>get_protocol_version(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;ProtocolVersion&gt; {
<span class="self">self</span>.imp.get_protocol_version()
}
<span class="kw">fn </span>export_keying_material(
<span class="kw-2">&amp;</span><span class="self">self</span>,
output: <span class="kw-2">&amp;mut </span>[u8],
label: <span class="kw-2">&amp;</span>[u8],
context: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>[u8]&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), TLSError&gt; {
<span class="self">self</span>.imp
.export_keying_material(output, label, context)
}
<span class="kw">fn </span>get_negotiated_ciphersuite(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt; {
<span class="self">self</span>.imp.get_negotiated_ciphersuite()
}
}
<span class="kw">impl </span>io::Read <span class="kw">for </span>ServerSession {
<span class="doccomment">/// Obtain plaintext data received from the peer over this TLS connection.
///
/// If the peer closes the TLS session cleanly, this fails with an error of
/// kind ErrorKind::ConnectionAborted once all the pending data has been read.
/// No further data can be received on that connection, so the underlying TCP
/// connection should closed too.
///
/// Note that support close notify varies in peer TLS libraries: many do not
/// support it and uncleanly close the TCP connection (this might be
/// vulnerable to truncation attacks depending on the application protocol).
/// This means applications using rustls must both handle ErrorKind::ConnectionAborted
/// from this function, *and* unexpected closure of the underlying TCP connection.
</span><span class="kw">fn </span>read(<span class="kw-2">&amp;mut </span><span class="self">self</span>, buf: <span class="kw-2">&amp;mut </span>[u8]) -&gt; io::Result&lt;usize&gt; {
<span class="self">self</span>.imp.common.read(buf)
}
}
<span class="kw">impl </span>io::Write <span class="kw">for </span>ServerSession {
<span class="doccomment">/// Send the plaintext `buf` to the peer, encrypting
/// and authenticating it. Once this function succeeds
/// you should call `write_tls` which will output the
/// corresponding TLS records.
///
/// This function buffers plaintext sent before the
/// TLS handshake completes, and sends it as soon
/// as it can. This buffer is of *unlimited size* so
/// writing much data before it can be sent will
/// cause excess memory usage.
</span><span class="kw">fn </span>write(<span class="kw-2">&amp;mut </span><span class="self">self</span>, buf: <span class="kw-2">&amp;</span>[u8]) -&gt; io::Result&lt;usize&gt; {
<span class="prelude-val">Ok</span>(<span class="self">self</span>.imp.send_some_plaintext(buf))
}
<span class="kw">fn </span>write_vectored(<span class="kw-2">&amp;mut </span><span class="self">self</span>, bufs: <span class="kw-2">&amp;</span>[IoSlice&lt;<span class="lifetime">&#39;_</span>&gt;]) -&gt; io::Result&lt;usize&gt; {
<span class="kw">let </span><span class="kw-2">mut </span>sz = <span class="number">0</span>;
<span class="kw">for </span>buf <span class="kw">in </span>bufs {
sz += <span class="self">self</span>.imp.send_some_plaintext(buf);
}
<span class="prelude-val">Ok</span>(sz)
}
<span class="kw">fn </span>flush(<span class="kw-2">&amp;mut </span><span class="self">self</span>) -&gt; io::Result&lt;()&gt; {
<span class="self">self</span>.imp.common.flush_plaintext();
<span class="prelude-val">Ok</span>(())
}
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="rustls" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>