1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
use crate::builder::{ConfigBuilder, WantsVerifier};
use crate::error::Error;
use crate::key;
use crate::kx::SupportedKxGroup;
use crate::server::handy;
use crate::server::{ResolvesServerCert, ServerConfig};
use crate::suites::SupportedCipherSuite;
use crate::verify;
use crate::versions;
use crate::NoKeyLog;
use std::marker::PhantomData;
use std::sync::Arc;
impl ConfigBuilder<ServerConfig, WantsVerifier> {
pub fn with_client_cert_verifier(
self,
client_cert_verifier: Arc<dyn verify::ClientCertVerifier>,
) -> ConfigBuilder<ServerConfig, WantsServerCert> {
ConfigBuilder {
state: WantsServerCert {
cipher_suites: self.state.cipher_suites,
kx_groups: self.state.kx_groups,
versions: self.state.versions,
verifier: client_cert_verifier,
},
side: PhantomData::default(),
}
}
pub fn with_no_client_auth(self) -> ConfigBuilder<ServerConfig, WantsServerCert> {
self.with_client_cert_verifier(verify::NoClientAuth::new())
}
}
#[derive(Clone, Debug)]
pub struct WantsServerCert {
cipher_suites: Vec<SupportedCipherSuite>,
kx_groups: Vec<&'static SupportedKxGroup>,
versions: versions::EnabledVersions,
verifier: Arc<dyn verify::ClientCertVerifier>,
}
impl ConfigBuilder<ServerConfig, WantsServerCert> {
pub fn with_single_cert(
self,
cert_chain: Vec<key::Certificate>,
key_der: key::PrivateKey,
) -> Result<ServerConfig, Error> {
let resolver = handy::AlwaysResolvesChain::new(cert_chain, &key_der)?;
Ok(self.with_cert_resolver(Arc::new(resolver)))
}
pub fn with_single_cert_with_ocsp_and_sct(
self,
cert_chain: Vec<key::Certificate>,
key_der: key::PrivateKey,
ocsp: Vec<u8>,
scts: Vec<u8>,
) -> Result<ServerConfig, Error> {
let resolver =
handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp, scts)?;
Ok(self.with_cert_resolver(Arc::new(resolver)))
}
pub fn with_cert_resolver(self, cert_resolver: Arc<dyn ResolvesServerCert>) -> ServerConfig {
ServerConfig {
cipher_suites: self.state.cipher_suites,
kx_groups: self.state.kx_groups,
verifier: self.state.verifier,
cert_resolver,
ignore_client_order: false,
max_fragment_size: None,
session_storage: handy::ServerSessionMemoryCache::new(256),
ticketer: Arc::new(handy::NeverProducesTickets {}),
alpn_protocols: Vec::new(),
versions: self.state.versions,
key_log: Arc::new(NoKeyLog {}),
#[cfg(feature = "secret_extraction")]
enable_secret_extraction: false,
max_early_data_size: 0,
send_half_rtt_data: false,
}
}
}