OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f4bb79d2d629ee5166f17b80ca2aa0e621d1c837
google-apis-rs/rustls/manual/_03_howto/index.html
Sebastian Thiel f4bb79d2d6 Update documentation
2024-03-05 21:06:01 +01:00

22 lines
6.4 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="This section collects together goal-oriented documentation."><title>rustls::manual::_03_howto - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/SourceSerif4-Regular-46f98efaafac5295.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../../../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../../../static.files/rustdoc-ac92e1bbe349e143.css"><meta name="rustdoc-vars" data-root-path="../../../" data-static-root-path="../../../static.files/" data-current-crate="rustls" data-themes="" data-resource-suffix="" data-rustdoc-version="1.76.0 (07dca489a 2024-02-04)" data-channel="1.76.0" data-search-js="search-2b6ce74ff89ae146.js" data-settings-js="settings-4313503d2e1961c2.js" ><script src="../../../static.files/storage-f2adc0d6ca4d09fb.js"></script><script defer src="../sidebar-items.js"></script><script defer src="../../../static.files/main-305769736d49e732.js"></script><noscript><link rel="stylesheet" href="../../../static.files/noscript-feafe1bb7466e4bd.css"></noscript><link rel="alternate icon" type="image/png" href="../../../static.files/favicon-16x16-8b506e7a72182f1c.png"><link rel="alternate icon" type="image/png" href="../../../static.files/favicon-32x32-422f7d1d52889060.png"><link rel="icon" type="image/svg+xml" href="../../../static.files/favicon-2c020d218678b618.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button></nav><nav class="sidebar"><div class="sidebar-crate"><h2><a href="../../../rustls/index.html">rustls</a><span class="version">0.21.7</span></h2></div><h2 class="location"><a href="#">Module _03_howto</a></h2><div class="sidebar-elems"><h2><a href="../index.html">In rustls::manual</a></h2></div></nav><div class="sidebar-resizer"></div>
<main><div class="width-limiter"><nav class="sub"><form class="search-form"><span></span><div id="sidebar-button" tabindex="-1"><a href="../../../rustls/all.html" title="show sidebar"></a></div><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"><div id="help-button" tabindex="-1"><a href="../../../help.html" title="help">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../static.files/wheel-7b819b6101059cd0.svg"></a></div></form></nav><section id="main-content" class="content"><div class="main-heading"><h1>Module <a href="../../index.html">rustls</a>::<wbr><a href="../index.html">manual</a>::<wbr><a class="mod" href="#">_03_howto</a><button id="copy-path" title="Copy item path to clipboard"><img src="../../../static.files/clipboard-7571035ce49a181d.svg" width="19" height="18" alt="Copy item path"></button></h1><span class="out-of-band"><a class="src" href="../../../src/rustls/manual/howto.rs.html#1-36">source</a> · <button id="toggle-all-docs" title="collapse all docs">[<span>&#x2212;</span>]</button></span></div><details class="toggle top-doc" open><summary class="hideme"><span>Expand description</span></summary><div class="docblock"><p>This section collects together goal-oriented documentation.</p>
<h2 id="customising-private-key-usage"><a href="#customising-private-key-usage">Customising private key usage</a></h2>
<p>By default rustls supports PKCS#8-format<sup id="fnref1"><a href="#fn1">1</a></sup> RSA or ECDSA keys, plus PKCS#1-format RSA keys.</p>
<p>However, if your private key resides in a HSM, or in another process, or perhaps
another machine, rustls has some extension points to support this:</p>
<p>The main trait you must implement is <a href="../../sign/trait.SigningKey.html"><code>sign::SigningKey</code></a>. The primary method here
is <a href="../../sign/trait.SigningKey.html#tymethod.choose_scheme"><code>choose_scheme</code></a> where you are given a set of <a href="../../enum.SignatureScheme.html"><code>SignatureScheme</code>s</a> the client says
it supports: you must choose one (or return <code>None</code> this aborts the handshake). Having
done that, you return an implementation of the <a href="../../sign/trait.Signer.html"><code>sign::Signer</code></a> trait.
The <a href="../../sign/trait.Signer.html#tymethod.sign"><code>sign()</code></a> performs the signature and returns it.</p>
<p>(Unfortunately this is currently designed for keys with low latency access, like in a
PKCS#11 provider, Microsoft CryptoAPI, etc. so is blocking rather than asynchronous.
Its a TODO to make these and other extension points async.)</p>
<p>Once you have these two pieces, configuring a server to use them involves, briefly:</p>
<ul>
<li>packaging your <code>sign::SigningKey</code> with the matching certificate chain into a <a href="../../sign/struct.CertifiedKey.html"><code>sign::CertifiedKey</code></a></li>
<li>making a <a href="../../struct.ResolvesServerCertUsingSni.html"><code>ResolvesServerCertUsingSni</code></a> and feeding in your <code>sign::CertifiedKey</code> for all SNI hostnames you want to use it for,</li>
<li>setting that as your <code>ServerConfig</code>s <a href="../../struct.ServerConfig.html#structfield.cert_resolver"><code>cert_resolver</code></a></li>
</ul>
<div class="footnotes"><hr><ol><li id="fn1"><p>For PKCS#8 it does not support password encryption theres not a meaningful threat
model addressed by this, and the encryption supported is typically extremely poor.&nbsp;<a href="#fnref1"></a></p></li></ol></div></div></details></section></div></main></body></html>
Reference in New Issue View Git Blame Copy Permalink