The [LibreSSL] project provides a free TLS and crypto stack that was forked from [OpenSSL] in 2014. The goals are to provide a modernized codebase, improved security, and to apply best practice development processes.
[LibreSSL] provides C APIs that are compatible to [OpenSSL]'s [libssl] and [libcrypto] libraries. It also provides [libtls], a new TLS library that is designed to make it easier to write foolproof applications.
This workspace of Rust crates provides language bindings for [libtls] only, as the other [LibreSSL] APIs can be used with the existing [rust-openssl] crate. [LibreSSL] versions 2.9.0 through 3.0.2 (or later) are supported.
The following crates are included: - [libtls-sys]: FFI bindings. - [libtls]: Rust bindings. - [tokio-libtls]: [Tokio] bindings.
```rust use libtls::config::{self, TlsConfig}; use libtls::error;
fn tlsserverconfig() -> error::Result
fn main() { let tlsconfig = tlsserver_config().unwrap(); } ```
The same configuration can be created using the TlsConfigBuilder
builder pattern:
rust
fn tls_server_config() -> error::Result<TlsConfig> {
let tls_config = TlsConfigBuilder::new()
.keypair_file("tests/eccert.crt", "tests/eccert.key", None)
.protocols(libtls_sys::TLS_PROTOCOL_TLSv1_2)
.build()?;
Ok(tls_config)
}
A TLS connection:
```rust use libtls::config::TlsConfigBuilder; use libtls::error; use std::io::{Read, Write};
fn synchttpsconnect(servername: &str) -> error::Result<()> { let addr = &(servername.to_owned() + ":443");
let request = format!(
"GET / HTTP/1.1\r\n\
Host: {}\r\n\
Connection: close\r\n\r\n",
servername
);
let mut tls = TlsConfigBuilder::new().client()?;
tls.connect(addr, None)?;
tls.write(request.as_bytes())?;
let mut buf = vec![0u8; 1024];
tls.read(&mut buf)?;
let ok = b"HTTP/1.1 200 OK\r\n";
assert_eq!(&buf[..ok.len()], ok);
Ok(())
}
fn main() { synchttpsconnect("www.example.com").unwrap(); } ```
An non-blocking and asynchronous TLS connection using [Tokio] and the [tokio-libtls] crate:
```rust use std::net::ToSocketAddrs; use tokio::runtime::Runtime; use tokio::io::{readexact, writeall}; use tokio_libtls::prelude::*;
fn asynchttpsconnect(servername: String) -> error::Result<()> { let addr = &(servername.toowned() + ":443") .tosocketaddrs() .unwrap() .next() .expect("tosocket_addrs");
let request = format!(
"GET / HTTP/1.1\r\n\
Host: {}\r\n\
Connection: close\r\n\r\n",
servername
);
let config = TlsConfigBuilder::new().build()?;
let fut = TcpStream::connect(&addr)
.and_then(move |tcp| AsyncTls::connect_stream(&servername, tcp, &config))
.and_then(move |tls| write_all(tls, request))
.and_then(|(tls, _)| {
let buf = vec![0u8; 1024];
read_exact(tls, buf)
});
let mut runtime = Runtime::new()?;
let (_, buf) = runtime.block_on(fut)?;
let ok = b"HTTP/1.1 200 OK\r\n";
assert_eq!(&buf[..ok.len()], ok);
Ok(())
}
fn main() { asynchttpsconnect("www.example.com".to_owned()).unwrap(); } ```
Licensed under an OpenBSD-ISC-style license, see [LICENSE] for details.