mirror of https://github.com/ctz/rustls
parent
f535d6483c
commit
b66d27faae
|
@ -109,7 +109,7 @@ impl RootCertStore {
|
|||
///
|
||||
/// Returns the number of certificates added, and the number
|
||||
/// which were extracted from the PEM but ultimately unsuitable.
|
||||
pub fn add_pem_file(&mut self, rd: &mut io::BufRead) -> Result<(usize, usize), ()> {
|
||||
pub fn add_pem_file(&mut self, rd: &mut dyn io::BufRead) -> Result<(usize, usize), ()> {
|
||||
let ders = pemfile::certs(rd)?;
|
||||
let mut valid_count = 0;
|
||||
let mut invalid_count = 0;
|
||||
|
|
|
@ -27,19 +27,19 @@ pub trait MessageEncrypter : Send + Sync {
|
|||
fn encrypt(&self, m: BorrowMessage, seq: u64) -> Result<Message, TLSError>;
|
||||
}
|
||||
|
||||
impl MessageEncrypter {
|
||||
pub fn invalid() -> Box<MessageEncrypter> {
|
||||
impl dyn MessageEncrypter {
|
||||
pub fn invalid() -> Box<dyn MessageEncrypter> {
|
||||
Box::new(InvalidMessageEncrypter {})
|
||||
}
|
||||
}
|
||||
|
||||
impl MessageDecrypter {
|
||||
pub fn invalid() -> Box<MessageDecrypter> {
|
||||
impl dyn MessageDecrypter {
|
||||
pub fn invalid() -> Box<dyn MessageDecrypter> {
|
||||
Box::new(InvalidMessageDecrypter {})
|
||||
}
|
||||
}
|
||||
|
||||
pub type MessageCipherPair = (Box<MessageDecrypter>, Box<MessageEncrypter>);
|
||||
pub type MessageCipherPair = (Box<dyn MessageDecrypter>, Box<dyn MessageEncrypter>);
|
||||
|
||||
const TLS12_AAD_SIZE: usize = 8 + 1 + 2 + 2;
|
||||
fn make_tls12_aad(seq: u64,
|
||||
|
@ -111,7 +111,7 @@ pub fn new_tls12(scs: &'static SupportedCipherSuite,
|
|||
}
|
||||
|
||||
pub fn new_tls13_read(scs: &'static SupportedCipherSuite,
|
||||
secret: &[u8]) -> Box<MessageDecrypter> {
|
||||
secret: &[u8]) -> Box<dyn MessageDecrypter> {
|
||||
let hash = scs.get_hash();
|
||||
let key = derive_traffic_key(hash, secret, scs.enc_key_len);
|
||||
let iv = derive_traffic_iv(hash, secret, scs.fixed_iv_len);
|
||||
|
@ -121,7 +121,7 @@ pub fn new_tls13_read(scs: &'static SupportedCipherSuite,
|
|||
}
|
||||
|
||||
pub fn new_tls13_write(scs: &'static SupportedCipherSuite,
|
||||
secret: &[u8]) -> Box<MessageEncrypter> {
|
||||
secret: &[u8]) -> Box<dyn MessageEncrypter> {
|
||||
let hash = scs.get_hash();
|
||||
let key = derive_traffic_key(hash, secret, scs.enc_key_len);
|
||||
let iv = derive_traffic_iv(hash, secret, scs.fixed_iv_len);
|
||||
|
|
|
@ -152,7 +152,7 @@ impl ReceivedTicketDetails {
|
|||
|
||||
pub struct ClientAuthDetails {
|
||||
pub cert: Option<CertificatePayload>,
|
||||
pub signer: Option<Box<sign::Signer>>,
|
||||
pub signer: Option<Box<dyn sign::Signer>>,
|
||||
pub auth_context: Option<Vec<u8>>,
|
||||
}
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ macro_rules! extract_handshake_mut(
|
|||
);
|
||||
|
||||
pub type CheckResult = Result<(), TLSError>;
|
||||
pub type NextState = Box<State + Send + Sync>;
|
||||
pub type NextState = Box<dyn State + Send + Sync>;
|
||||
pub type NextStateOrError = Result<NextState, TLSError>;
|
||||
|
||||
pub trait State {
|
||||
|
|
|
@ -94,13 +94,13 @@ pub struct ClientConfig {
|
|||
pub alpn_protocols: Vec<Vec<u8>>,
|
||||
|
||||
/// How we store session data or tickets.
|
||||
pub session_persistence: Arc<StoresClientSessions>,
|
||||
pub session_persistence: Arc<dyn StoresClientSessions>,
|
||||
|
||||
/// Our MTU. If None, we don't limit TLS message sizes.
|
||||
pub mtu: Option<usize>,
|
||||
|
||||
/// How to decide what client auth certificate/keys to use.
|
||||
pub client_auth_cert_resolver: Arc<ResolvesClientCert>,
|
||||
pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
|
||||
|
||||
/// Whether to support RFC5077 tickets. You must provide a working
|
||||
/// `session_persistence` member for this to have any meaningful
|
||||
|
@ -125,11 +125,11 @@ pub struct ClientConfig {
|
|||
pub enable_sni: bool,
|
||||
|
||||
/// How to verify the server certificate chain.
|
||||
verifier: Arc<verify::ServerCertVerifier>,
|
||||
verifier: Arc<dyn verify::ServerCertVerifier>,
|
||||
|
||||
/// How to output key material for debugging. The default
|
||||
/// does nothing.
|
||||
pub key_log: Arc<KeyLog>,
|
||||
pub key_log: Arc<dyn KeyLog>,
|
||||
|
||||
/// Whether to send data on the first flight ("early data") in
|
||||
/// TLS 1.3 handshakes.
|
||||
|
@ -175,7 +175,7 @@ impl ClientConfig {
|
|||
}
|
||||
|
||||
#[doc(hidden)]
|
||||
pub fn get_verifier(&self) -> &verify::ServerCertVerifier {
|
||||
pub fn get_verifier(&self) -> &dyn verify::ServerCertVerifier {
|
||||
self.verifier.as_ref()
|
||||
}
|
||||
|
||||
|
@ -189,7 +189,7 @@ impl ClientConfig {
|
|||
}
|
||||
|
||||
/// Sets persistence layer to `persist`.
|
||||
pub fn set_persistence(&mut self, persist: Arc<StoresClientSessions>) {
|
||||
pub fn set_persistence(&mut self, persist: Arc<dyn StoresClientSessions>) {
|
||||
self.session_persistence = persist;
|
||||
}
|
||||
|
||||
|
@ -371,7 +371,7 @@ pub struct ClientSessionImpl {
|
|||
pub alpn_protocol: Option<Vec<u8>>,
|
||||
pub common: SessionCommon,
|
||||
pub error: Option<TLSError>,
|
||||
pub state: Option<Box<hs::State + Send + Sync>>,
|
||||
pub state: Option<Box<dyn hs::State + Send + Sync>>,
|
||||
pub server_cert_chain: CertificatePayload,
|
||||
pub early_data: EarlyData,
|
||||
}
|
||||
|
@ -635,16 +635,16 @@ impl ClientSession {
|
|||
}
|
||||
|
||||
impl Session for ClientSession {
|
||||
fn read_tls(&mut self, rd: &mut io::Read) -> io::Result<usize> {
|
||||
fn read_tls(&mut self, rd: &mut dyn io::Read) -> io::Result<usize> {
|
||||
self.imp.common.read_tls(rd)
|
||||
}
|
||||
|
||||
/// Writes TLS messages to `wr`.
|
||||
fn write_tls(&mut self, wr: &mut io::Write) -> io::Result<usize> {
|
||||
fn write_tls(&mut self, wr: &mut dyn io::Write) -> io::Result<usize> {
|
||||
self.imp.common.write_tls(wr)
|
||||
}
|
||||
|
||||
fn writev_tls(&mut self, wr: &mut WriteV) -> io::Result<usize> {
|
||||
fn writev_tls(&mut self, wr: &mut dyn WriteV) -> io::Result<usize> {
|
||||
self.imp.common.writev_tls(wr)
|
||||
}
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ impl MessageDeframer {
|
|||
/// Read some bytes from `rd`, and add them to our internal
|
||||
/// buffer. If this means our internal buffer contains
|
||||
/// full messages, decode them all.
|
||||
pub fn read(&mut self, rd: &mut io::Read) -> io::Result<usize> {
|
||||
pub fn read(&mut self, rd: &mut dyn io::Read) -> io::Result<usize> {
|
||||
// Try to do the largest reads possible. Note that if
|
||||
// we get a message with a length field out of range here,
|
||||
// we do a zero length read. That looks like an EOF to
|
||||
|
|
|
@ -5,10 +5,10 @@ use crate::key;
|
|||
/// Extract and decode all PEM sections from `rd`, which begin with `start_mark`
|
||||
/// and end with `end_mark`. Apply the functor `f` to each decoded buffer,
|
||||
/// and return a Vec of `f`'s return values.
|
||||
fn extract<A>(rd: &mut io::BufRead,
|
||||
fn extract<A>(rd: &mut dyn io::BufRead,
|
||||
start_mark: &str,
|
||||
end_mark: &str,
|
||||
f: &Fn(Vec<u8>) -> A)
|
||||
f: &dyn Fn(Vec<u8>) -> A)
|
||||
-> Result<Vec<A>, ()> {
|
||||
let mut ders = Vec::new();
|
||||
let mut b64buf = String::new();
|
||||
|
@ -48,7 +48,7 @@ fn extract<A>(rd: &mut io::BufRead,
|
|||
|
||||
/// Extract all the certificates from rd, and return a vec of `key::Certificate`s
|
||||
/// containing the der-format contents.
|
||||
pub fn certs(rd: &mut io::BufRead) -> Result<Vec<key::Certificate>, ()> {
|
||||
pub fn certs(rd: &mut dyn io::BufRead) -> Result<Vec<key::Certificate>, ()> {
|
||||
extract(rd,
|
||||
"-----BEGIN CERTIFICATE-----",
|
||||
"-----END CERTIFICATE-----",
|
||||
|
@ -57,7 +57,7 @@ pub fn certs(rd: &mut io::BufRead) -> Result<Vec<key::Certificate>, ()> {
|
|||
|
||||
/// Extract all RSA private keys from rd, and return a vec of `key::PrivateKey`s
|
||||
/// containing the der-format contents.
|
||||
pub fn rsa_private_keys(rd: &mut io::BufRead) -> Result<Vec<key::PrivateKey>, ()> {
|
||||
pub fn rsa_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<key::PrivateKey>, ()> {
|
||||
extract(rd,
|
||||
"-----BEGIN RSA PRIVATE KEY-----",
|
||||
"-----END RSA PRIVATE KEY-----",
|
||||
|
@ -66,7 +66,7 @@ pub fn rsa_private_keys(rd: &mut io::BufRead) -> Result<Vec<key::PrivateKey>, ()
|
|||
|
||||
/// Extract all PKCS8-encoded private keys from rd, and return a vec of
|
||||
/// `key::PrivateKey`s containing the der-format contents.
|
||||
pub fn pkcs8_private_keys(rd: &mut io::BufRead) -> Result<Vec<key::PrivateKey>, ()> {
|
||||
pub fn pkcs8_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<key::PrivateKey>, ()> {
|
||||
extract(rd,
|
||||
"-----BEGIN PRIVATE KEY-----",
|
||||
"-----END PRIVATE KEY-----",
|
||||
|
|
|
@ -46,7 +46,7 @@ macro_rules! extract_handshake(
|
|||
);
|
||||
|
||||
pub type CheckResult = Result<(), TLSError>;
|
||||
pub type NextState = Box<State + Send + Sync>;
|
||||
pub type NextState = Box<dyn State + Send + Sync>;
|
||||
pub type NextStateOrError = Result<NextState, TLSError>;
|
||||
|
||||
pub trait State {
|
||||
|
|
|
@ -124,13 +124,13 @@ pub struct ServerConfig {
|
|||
pub mtu: Option<usize>,
|
||||
|
||||
/// How to store client sessions.
|
||||
pub session_storage: Arc<StoresServerSessions + Send + Sync>,
|
||||
pub session_storage: Arc<dyn StoresServerSessions + Send + Sync>,
|
||||
|
||||
/// How to produce tickets.
|
||||
pub ticketer: Arc<ProducesTickets>,
|
||||
pub ticketer: Arc<dyn ProducesTickets>,
|
||||
|
||||
/// How to choose a server cert and key.
|
||||
pub cert_resolver: Arc<ResolvesServerCert>,
|
||||
pub cert_resolver: Arc<dyn ResolvesServerCert>,
|
||||
|
||||
/// Protocol names we support, most preferred first.
|
||||
/// If empty we don't do ALPN at all.
|
||||
|
@ -141,11 +141,11 @@ pub struct ServerConfig {
|
|||
pub versions: Vec<ProtocolVersion>,
|
||||
|
||||
/// How to verify client certificates.
|
||||
verifier: Arc<verify::ClientCertVerifier>,
|
||||
verifier: Arc<dyn verify::ClientCertVerifier>,
|
||||
|
||||
/// How to output key material for debugging. The default
|
||||
/// does nothing.
|
||||
pub key_log: Arc<KeyLog>,
|
||||
pub key_log: Arc<dyn KeyLog>,
|
||||
|
||||
/// Amount of early data to accept; 0 to disable.
|
||||
#[cfg(feature = "quic")] // TLS support unimplemented
|
||||
|
@ -167,7 +167,7 @@ impl ServerConfig {
|
|||
/// We don't provide a default for `client_cert_verifier` because the safest
|
||||
/// default, requiring client authentication, requires additional
|
||||
/// configuration that we cannot provide reasonable defaults for.
|
||||
pub fn new(client_cert_verifier: Arc<verify::ClientCertVerifier>) -> ServerConfig {
|
||||
pub fn new(client_cert_verifier: Arc<dyn verify::ClientCertVerifier>) -> ServerConfig {
|
||||
ServerConfig {
|
||||
ciphersuites: ALL_CIPHERSUITES.to_vec(),
|
||||
ignore_client_order: false,
|
||||
|
@ -193,12 +193,12 @@ impl ServerConfig {
|
|||
}
|
||||
|
||||
#[doc(hidden)]
|
||||
pub fn get_verifier(&self) -> &verify::ClientCertVerifier {
|
||||
pub fn get_verifier(&self) -> &dyn verify::ClientCertVerifier {
|
||||
self.verifier.as_ref()
|
||||
}
|
||||
|
||||
/// Sets the session persistence layer to `persist`.
|
||||
pub fn set_persistence(&mut self, persist: Arc<StoresServerSessions + Send + Sync>) {
|
||||
pub fn set_persistence(&mut self, persist: Arc<dyn StoresServerSessions + Send + Sync>) {
|
||||
self.session_storage = persist;
|
||||
}
|
||||
|
||||
|
@ -265,7 +265,7 @@ pub struct ServerSessionImpl {
|
|||
pub alpn_protocol: Option<Vec<u8>>,
|
||||
pub quic_params: Option<Vec<u8>>,
|
||||
pub error: Option<TLSError>,
|
||||
pub state: Option<Box<hs::State + Send + Sync>>,
|
||||
pub state: Option<Box<dyn hs::State + Send + Sync>>,
|
||||
pub client_cert_chain: Option<Vec<key::Certificate>>,
|
||||
}
|
||||
|
||||
|
@ -472,16 +472,16 @@ impl ServerSession {
|
|||
}
|
||||
|
||||
impl Session for ServerSession {
|
||||
fn read_tls(&mut self, rd: &mut io::Read) -> io::Result<usize> {
|
||||
fn read_tls(&mut self, rd: &mut dyn io::Read) -> io::Result<usize> {
|
||||
self.imp.common.read_tls(rd)
|
||||
}
|
||||
|
||||
/// Writes TLS messages to `wr`.
|
||||
fn write_tls(&mut self, wr: &mut io::Write) -> io::Result<usize> {
|
||||
fn write_tls(&mut self, wr: &mut dyn io::Write) -> io::Result<usize> {
|
||||
self.imp.common.write_tls(wr)
|
||||
}
|
||||
|
||||
fn writev_tls(&mut self, wr: &mut WriteV) -> io::Result<usize> {
|
||||
fn writev_tls(&mut self, wr: &mut dyn WriteV) -> io::Result<usize> {
|
||||
self.imp.common.writev_tls(wr)
|
||||
}
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ pub trait Session: quic::QuicExt + Read + Write + Send + Sync {
|
|||
/// This function returns `Ok(0)` when the underlying `rd` does
|
||||
/// so. This typically happens when a socket is cleanly closed,
|
||||
/// or a file is at EOF.
|
||||
fn read_tls(&mut self, rd: &mut Read) -> Result<usize, io::Error>;
|
||||
fn read_tls(&mut self, rd: &mut dyn Read) -> Result<usize, io::Error>;
|
||||
|
||||
/// Writes TLS messages to `wr`.
|
||||
///
|
||||
|
@ -51,12 +51,12 @@ pub trait Session: quic::QuicExt + Read + Write + Send + Sync {
|
|||
/// to check if output buffer is not empty.
|
||||
///
|
||||
/// [`wants_write`]: #tymethod.wants_write
|
||||
fn write_tls(&mut self, wr: &mut Write) -> Result<usize, io::Error>;
|
||||
fn write_tls(&mut self, wr: &mut dyn Write) -> Result<usize, io::Error>;
|
||||
|
||||
/// Like `write_tls`, but writes potentially many records in one
|
||||
/// go via `wr`; a `rustls::WriteV`. This function has the same semantics
|
||||
/// as `write_tls` otherwise.
|
||||
fn writev_tls(&mut self, wr: &mut WriteV) -> Result<usize, io::Error>;
|
||||
fn writev_tls(&mut self, wr: &mut dyn WriteV) -> Result<usize, io::Error>;
|
||||
|
||||
/// Processes any new packets read by a previous call to `read_tls`.
|
||||
/// Errors from this function relate to TLS protocol errors, and
|
||||
|
@ -436,8 +436,8 @@ enum Limit {
|
|||
pub struct SessionCommon {
|
||||
pub negotiated_version: Option<ProtocolVersion>,
|
||||
pub is_client: bool,
|
||||
message_encrypter: Box<MessageEncrypter>,
|
||||
message_decrypter: Box<MessageDecrypter>,
|
||||
message_encrypter: Box<dyn MessageEncrypter>,
|
||||
message_decrypter: Box<dyn MessageDecrypter>,
|
||||
pub secrets: Option<SessionSecrets>,
|
||||
pub key_schedule: Option<KeySchedule>,
|
||||
suite: Option<&'static SupportedCipherSuite>,
|
||||
|
@ -533,14 +533,14 @@ impl SessionCommon {
|
|||
}
|
||||
|
||||
pub fn set_message_encrypter(&mut self,
|
||||
cipher: Box<MessageEncrypter>) {
|
||||
cipher: Box<dyn MessageEncrypter>) {
|
||||
self.message_encrypter = cipher;
|
||||
self.write_seq = 0;
|
||||
self.we_encrypting = true;
|
||||
}
|
||||
|
||||
pub fn set_message_decrypter(&mut self,
|
||||
cipher: Box<MessageDecrypter>) {
|
||||
cipher: Box<dyn MessageDecrypter>) {
|
||||
self.message_decrypter = cipher;
|
||||
self.read_seq = 0;
|
||||
self.peer_encrypting = true;
|
||||
|
@ -706,15 +706,15 @@ impl SessionCommon {
|
|||
/// Read TLS content from `rd`. This method does internal
|
||||
/// buffering, so `rd` can supply TLS messages in arbitrary-
|
||||
/// sized chunks (like a socket or pipe might).
|
||||
pub fn read_tls(&mut self, rd: &mut Read) -> io::Result<usize> {
|
||||
pub fn read_tls(&mut self, rd: &mut dyn Read) -> io::Result<usize> {
|
||||
self.message_deframer.read(rd)
|
||||
}
|
||||
|
||||
pub fn write_tls(&mut self, wr: &mut Write) -> io::Result<usize> {
|
||||
pub fn write_tls(&mut self, wr: &mut dyn Write) -> io::Result<usize> {
|
||||
self.sendable_tls.write_to(wr)
|
||||
}
|
||||
|
||||
pub fn writev_tls(&mut self, wr: &mut WriteV) -> io::Result<usize> {
|
||||
pub fn writev_tls(&mut self, wr: &mut dyn WriteV) -> io::Result<usize> {
|
||||
self.sendable_tls.writev_to(wr)
|
||||
}
|
||||
|
||||
|
|
20
src/sign.rs
20
src/sign.rs
|
@ -17,7 +17,7 @@ pub trait SigningKey : Send + Sync {
|
|||
///
|
||||
/// Expresses the choice something that implements `Signer`,
|
||||
/// using the chosen scheme.
|
||||
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<Signer>>;
|
||||
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>>;
|
||||
|
||||
/// What kind of key we have.
|
||||
fn algorithm(&self) -> SignatureAlgorithm;
|
||||
|
@ -40,7 +40,7 @@ pub struct CertifiedKey {
|
|||
pub cert: Vec<key::Certificate>,
|
||||
|
||||
/// The certified key.
|
||||
pub key: Arc<Box<SigningKey>>,
|
||||
pub key: Arc<Box<dyn SigningKey>>,
|
||||
|
||||
/// An optional OCSP response from the certificate issuer,
|
||||
/// attesting to its continued validity.
|
||||
|
@ -57,7 +57,7 @@ impl CertifiedKey {
|
|||
///
|
||||
/// The cert chain must not be empty. The first certificate in the chain
|
||||
/// must be the end-entity certificate.
|
||||
pub fn new(cert: Vec<key::Certificate>, key: Arc<Box<SigningKey>>) -> CertifiedKey {
|
||||
pub fn new(cert: Vec<key::Certificate>, key: Arc<Box<dyn SigningKey>>) -> CertifiedKey {
|
||||
CertifiedKey {
|
||||
cert,
|
||||
key,
|
||||
|
@ -135,7 +135,7 @@ impl CertifiedKey {
|
|||
|
||||
/// Parse `der` as any supported key encoding/type, returning
|
||||
/// the first which works.
|
||||
pub fn any_supported_type(der: &key::PrivateKey) -> Result<Box<SigningKey>, ()> {
|
||||
pub fn any_supported_type(der: &key::PrivateKey) -> Result<Box<dyn SigningKey>, ()> {
|
||||
if let Ok(rsa) = RSASigningKey::new(der) {
|
||||
return Ok(Box::new(rsa));
|
||||
}
|
||||
|
@ -144,7 +144,7 @@ pub fn any_supported_type(der: &key::PrivateKey) -> Result<Box<SigningKey>, ()>
|
|||
}
|
||||
|
||||
/// Parse `der` as any ECDSA key type, returning the first which works.
|
||||
pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Box<SigningKey>, ()> {
|
||||
pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Box<dyn SigningKey>, ()> {
|
||||
if let Ok(ecdsa_p256) = SingleSchemeSigningKey::new(der,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
&signature::ECDSA_P256_SHA256_ASN1_SIGNING) {
|
||||
|
@ -190,7 +190,7 @@ impl RSASigningKey {
|
|||
}
|
||||
|
||||
impl SigningKey for RSASigningKey {
|
||||
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<Signer>> {
|
||||
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>> {
|
||||
util::first_in_both(ALL_RSA_SCHEMES, offered)
|
||||
.map(|scheme| RSASigner::new(self.key.clone(), scheme))
|
||||
}
|
||||
|
@ -203,12 +203,12 @@ impl SigningKey for RSASigningKey {
|
|||
struct RSASigner {
|
||||
key: Arc<RsaKeyPair>,
|
||||
scheme: SignatureScheme,
|
||||
encoding: &'static signature::RsaEncoding
|
||||
encoding: &'static dyn signature::RsaEncoding
|
||||
}
|
||||
|
||||
impl RSASigner {
|
||||
fn new(key: Arc<RsaKeyPair>, scheme: SignatureScheme) -> Box<Signer> {
|
||||
let encoding: &signature::RsaEncoding = match scheme {
|
||||
fn new(key: Arc<RsaKeyPair>, scheme: SignatureScheme) -> Box<dyn Signer> {
|
||||
let encoding: &dyn signature::RsaEncoding = match scheme {
|
||||
SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512,
|
||||
|
@ -266,7 +266,7 @@ impl SingleSchemeSigningKey {
|
|||
}
|
||||
|
||||
impl SigningKey for SingleSchemeSigningKey {
|
||||
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<Signer>> {
|
||||
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>> {
|
||||
if offered.contains(&self.scheme) {
|
||||
Some(Box::new(SingleSchemeSigner { key: self.key.clone(), scheme: self.scheme } ))
|
||||
} else {
|
||||
|
|
|
@ -145,7 +145,7 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn stream_can_be_created_for_session_and_tcpstream() {
|
||||
fn _foo<'a>(sess: &'a mut Session, sock: &'a mut TcpStream) -> Stream<'a, Session, TcpStream> {
|
||||
fn _foo<'a>(sess: &'a mut dyn Session, sock: &'a mut TcpStream) -> Stream<'a, dyn Session, TcpStream> {
|
||||
Stream {
|
||||
sess,
|
||||
sock,
|
||||
|
|
|
@ -111,8 +111,8 @@ impl ProducesTickets for AEADTicketer {
|
|||
}
|
||||
|
||||
struct TicketSwitcherState {
|
||||
current: Box<ProducesTickets>,
|
||||
previous: Option<Box<ProducesTickets>>,
|
||||
current: Box<dyn ProducesTickets>,
|
||||
previous: Option<Box<dyn ProducesTickets>>,
|
||||
next_switch_time: u64,
|
||||
}
|
||||
|
||||
|
@ -120,7 +120,7 @@ struct TicketSwitcherState {
|
|||
/// 'previous' ticketer. It creates a new ticketer every so
|
||||
/// often, demoting the current ticketer.
|
||||
pub struct TicketSwitcher {
|
||||
generator: fn() -> Box<ProducesTickets>,
|
||||
generator: fn() -> Box<dyn ProducesTickets>,
|
||||
lifetime: u32,
|
||||
state: Mutex<TicketSwitcherState>,
|
||||
}
|
||||
|
@ -131,7 +131,7 @@ impl TicketSwitcher {
|
|||
/// longer than twice this duration. `generator` produces a new
|
||||
/// `ProducesTickets` implementation.
|
||||
pub fn new(lifetime: u32,
|
||||
generator: fn() -> Box<ProducesTickets>)
|
||||
generator: fn() -> Box<dyn ProducesTickets>)
|
||||
-> TicketSwitcher {
|
||||
TicketSwitcher {
|
||||
generator,
|
||||
|
@ -197,7 +197,7 @@ impl ProducesTickets for TicketSwitcher {
|
|||
/// A concrete, safe ticket creation mechanism.
|
||||
pub struct Ticketer {}
|
||||
|
||||
fn generate_inner() -> Box<ProducesTickets> {
|
||||
fn generate_inner() -> Box<dyn ProducesTickets> {
|
||||
Box::new(AEADTicketer::new())
|
||||
}
|
||||
|
||||
|
@ -206,7 +206,7 @@ impl Ticketer {
|
|||
/// with a 12 hour life and randomly generated keys.
|
||||
///
|
||||
/// The encryption mechanism used in Chacha20Poly1305.
|
||||
pub fn new() -> Arc<ProducesTickets> {
|
||||
pub fn new() -> Arc<dyn ProducesTickets> {
|
||||
Arc::new(TicketSwitcher::new(6 * 60 * 60, generate_inner))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -127,7 +127,7 @@ impl ChunkVecBuffer {
|
|||
}
|
||||
|
||||
/// Read data out of this object, passing it `wr`
|
||||
pub fn write_to(&mut self, wr: &mut io::Write) -> io::Result<usize> {
|
||||
pub fn write_to(&mut self, wr: &mut dyn io::Write) -> io::Result<usize> {
|
||||
if self.is_empty() {
|
||||
return Ok(0);
|
||||
}
|
||||
|
@ -137,7 +137,7 @@ impl ChunkVecBuffer {
|
|||
Ok(used)
|
||||
}
|
||||
|
||||
pub fn writev_to(&mut self, wr: &mut WriteV) -> io::Result<usize> {
|
||||
pub fn writev_to(&mut self, wr: &mut dyn WriteV) -> io::Result<usize> {
|
||||
if self.is_empty() {
|
||||
return Ok(0);
|
||||
}
|
||||
|
|
|
@ -167,7 +167,7 @@ impl AllowAnyAuthenticatedClient {
|
|||
/// Construct a new `AllowAnyAuthenticatedClient`.
|
||||
///
|
||||
/// `roots` is the list of trust anchors to use for certificate validation.
|
||||
pub fn new(roots: RootCertStore) -> Arc<ClientCertVerifier> {
|
||||
pub fn new(roots: RootCertStore) -> Arc<dyn ClientCertVerifier> {
|
||||
Arc::new(AllowAnyAuthenticatedClient { roots })
|
||||
}
|
||||
}
|
||||
|
@ -207,7 +207,7 @@ impl AllowAnyAnonymousOrAuthenticatedClient {
|
|||
/// Construct a new `AllowAnyAnonymousOrAuthenticatedClient`.
|
||||
///
|
||||
/// `roots` is the list of trust anchors to use for certificate validation.
|
||||
pub fn new(roots: RootCertStore) -> Arc<ClientCertVerifier> {
|
||||
pub fn new(roots: RootCertStore) -> Arc<dyn ClientCertVerifier> {
|
||||
Arc::new(AllowAnyAnonymousOrAuthenticatedClient {
|
||||
inner: AllowAnyAuthenticatedClient { roots }
|
||||
})
|
||||
|
@ -234,7 +234,7 @@ pub struct NoClientAuth;
|
|||
|
||||
impl NoClientAuth {
|
||||
/// Constructs a `NoClientAuth` and wraps it in an `Arc`.
|
||||
pub fn new() -> Arc<ClientCertVerifier> { Arc::new(NoClientAuth) }
|
||||
pub fn new() -> Arc<dyn ClientCertVerifier> { Arc::new(NoClientAuth) }
|
||||
}
|
||||
|
||||
impl ClientCertVerifier for NoClientAuth {
|
||||
|
|
Loading…
Reference in New Issue