Comments (8)
sfackler
commented on July 17, 2024
There are extension traits for each backend that let you get at the internals. Here are the ones for OpenSSL for example: https://docs.rs/native-tls/0.1.2/native_tls/backend/openssl/index.html.
But if you specifically want to use OpenSSL, why are you using native-tls rather than openssl directly?
from rust-native-tls.
nickbabcock
commented on July 17, 2024
While I'm using only OpenSSL at the moment, it may change to rustls and using the TlsAcceptor struct would simplify integration. Part of the value for this crate is the common interface that TlsAcceptor allows.
Take tokio-tls for example, I could write my own implementation of TlsAcceptorExt using SslAcceptor directly, but that seems unnecessary because tokio-tls already defines an implementation using TlsAcceptor and the openssl implementation of TlsAcceptor only wraps an SslAcceptor. I figured I could leverage code already written if I could have TlsAcceptor directly instantiated from an SslAcceptor.
The reason why I'm not using TlsAcceptor::builder(<pkcs12>) is because I use pem, and forcing a conversion to pkcs12 is not ideal.
from rust-native-tls.
sfackler
commented on July 17, 2024
This crate doesn't support rustls.
from rust-native-tls.
nickbabcock
commented on July 17, 2024
I know bad example -- I was talking hypothetically -- still I find it a possibility that an app, depending on where it is deployed, will want to provide TLS capabilities that don't fall into using pkcs file format and needs cipher suite customization. Maybe this app will use pkcs on osx, pem on linux, and der on windows -- each with a different set of supported cipher suites. This is an odd use case, certainly, but I don't think should be disallowed especially because as far as I can tell, this is possible if all implementations of TlsAcceptor are exposed.
from rust-native-tls.
sfackler
commented on July 17, 2024
Sure - that's why those extension traits exist.
from rust-native-tls.
nickbabcock
commented on July 17, 2024
Yes, but I can't instantiate either TlsAcceptorBuilder or TlsAcceptor:
Given:
use openssl::ssl::{SslMethod, SslAcceptorBuilder, SslAcceptor};
use native_tls::{TlsAcceptor, TlsAcceptorBuilder};
use native_tls::backend::openssl::TlsAcceptorBuilderExt;
// etc
let builder = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(), &pkey, &pcert, it)?;
// TlsAcceptorBuilder(builder).build();
// TlsAcceptor(builder.build());Will both fail if either is uncommented with the error.
did you mean `TlsAcceptorBuilder { /* fields */ }`?
constructor is not visible here due to private fields
And I can't use TlsAcceptor::builder because I don't use pkcs12 🤔
Am I missing something obvious?
from rust-native-tls.
sfackler
commented on July 17, 2024
Ah - we should just add a constructor method to TcpAcceptorExt.
from rust-native-tls.
sfackler
commented on July 17, 2024
(The extension traits basically contain whatever people have needed up to now)
from rust-native-tls.
Related Issues (20)
- Please update openssl dependency. HOT 1
- Several RUSTSEC vulnerabilities in openssl HOT 1
- RUSTSEC vulnerability in `tempfile` - need to take updated version HOT 1
- tls
- rust-native-tls is not able to receive peer certificate HOT 10
- Upgrade security-framework v2.9.1 HOT 1
- TlsConnectorBuilder constructor HOT 2
- PKCS12 Legacy Support HOT 1
- Identity::from_pkcs8 does not work correctly on macos HOT 2
- PKCS12 Identity [mac verify failure] on legacy format HOT 3
- Windows: When loading an Identity with from_pkcs8(), running multiple servers generates handshake errors HOT 7
- Is `&TlsStream: Read + Write` possible? HOT 2
- Option to disable certificate CA verification HOT 7
- Newer pkcs12 file format reverses cert chain order HOT 4
- Ability to customise SslContext for openssl HOT 1
- feature request: please provide a way to "opt-outing" openssl HOT 2
- reading the response is taking too long - 10 minutes HOT 4
- Allow access to ssl::SslStream for advanced usage HOT 1
- Use schannel CertContext to create an Identity HOT 2
- TlsConnector throws an error: Failure(Error { code: -9836, message: "bad protocol version" }) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rust-native-tls.