net.mbedtls

fn new_ssl_conn(config SSLConnectConfig) !&SSLConn

new_ssl_conn returns a new SSLConn with the given config.

fn new_ssl_listener(saddr string, config SSLConnectConfig) !&SSLListener

create a new SSLListener binding to saddr

fn new_sslcerts() &SSLCerts

new_sslcerts initializes and returns a pair of SSL certificates and key

fn new_sslcerts_from_file(verify string, cert string, cert_key string) !&SSLCerts

new_sslcerts_from_file creates a new pair of SSL certificates, given their paths on the filesystem.

fn new_sslcerts_in_memory(verify string, cert string, cert_key string) !&SSLCerts

new_sslcerts_in_memory creates a pair of SSL certificates, given their contents (not paths).

fn Select.from[W](input W) !Select

struct C.mbedtls_ctr_drbg_context {}

struct C.mbedtls_entropy_context {}

struct C.mbedtls_net_context {
mut:
	fd int
}

struct C.mbedtls_pk_context {}

struct C.mbedtls_ssl_config {}

struct C.mbedtls_ssl_context {}

struct C.mbedtls_ssl_recv_t {}

struct C.mbedtls_ssl_recv_timeout_t {}

struct C.mbedtls_ssl_send_t {}

struct C.mbedtls_x509_crl {}

struct C.mbedtls_x509_crt {}

struct SSLCerts {
pub mut:
	cacert      C.mbedtls_x509_crt
	client_cert C.mbedtls_x509_crt
	client_key  C.mbedtls_pk_context
}

SSLCerts represents a pair of CA and client certificates + key

fn (mut c SSLCerts) cleanup()

cleanup frees the SSL certificates

struct SSLConn {
pub:
	config SSLConnectConfig
pub mut:
	server_fd    C.mbedtls_net_context
	ssl          C.mbedtls_ssl_context
	conf         C.mbedtls_ssl_config
	certs        &SSLCerts = unsafe { nil }
	ctr_drbg     C.mbedtls_ctr_drbg_context
	entropy      C.mbedtls_entropy_context
	handle       int
	duration     time.Duration
	opened       bool
	ip           string
	read_timeout time.Duration

	owns_socket bool
	// alpn_list is a NUL-terminated C array of pointers to the protocol
	// strings in config.alpn_protocols. mbedtls stores this pointer without
	// copying, so it must outlive the SSL config; it is freed in shutdown().
	alpn_list &&char = unsafe { nil }
	// last_write_sent reports the most recent write_ptr's progress for retry
	// decisions: 0 = provably nothing was sent (safe to replay), or -1 = the
	// count is indeterminate because a failed/retryable write may have already
	// flushed a record to the peer (TLS cannot prove zero). On full success it
	// equals the bytes written.
	last_write_sent int
}

SSLConn is the current connection

fn (s &SSLConn) read_timeout() time.Duration

read_timeout returns the current SSL read timeout.

fn (mut s SSLConn) set_read_timeout(timeout time.Duration)

set_read_timeout sets the SSL read timeout for subsequent operations.

fn (mut s SSLConn) close() !

close terminates the ssl connection and does cleanup

fn (mut s SSLConn) shutdown() !

shutdown terminates the ssl connection and does cleanup

fn (s &SSLConn) negotiated_alpn() string

negotiated_alpn returns the ALPN protocol selected during the TLS handshake (e.g. 'h2' or 'http/1.1'), or an empty string if no protocol was negotiated.

fn (mut s SSLConn) connect(mut tcp_conn net.TcpConn, hostname string) !

connect sets up an ssl connection on an existing TCP connection

fn (mut s SSLConn) dial(hostname string, port int) !

dial opens an ssl connection on hostname:port

fn (s &SSLConn) addr() !net.Addr

addr retrieves the local ip address and port number for this connection

fn (s &SSLConn) peer_addr() !net.Addr

peer_addr retrieves the ip address and port number used by the peer

fn (mut s SSLConn) socket_read_into_ptr(buf_ptr &u8, len int) !int

socket_read_into_ptr reads len bytes into buf

fn (mut s SSLConn) read(mut buffer []u8) !int

read reads data from the ssl connection into buffer

fn (mut s SSLConn) write_ptr(bytes &u8, len int) !int

write_ptr writes len bytes from bytes to the ssl connection

fn (mut s SSLConn) write(bytes []u8) !int

write writes data from bytes to the ssl connection

fn (mut s SSLConn) write_string(str string) !int

write_string writes a string to the ssl connection

struct SSLConnectConfig {
pub:
	verify   string // the path to a rootca.pem file, containing trusted CA certificate(s)
	cert     string // the path to a cert.pem file, containing client certificate(s) for the request
	cert_key string // the path to a key.pem file, containing private keys for the client certificate(s)
	validate bool   // set this to true, if you want to stop requests, when their certificates are found to be invalid

	in_memory_verification bool // if true, verify, cert, and cert_key are read from memory, not from a file

	get_certificate ?fn (mut SSLListener, string) !&SSLCerts

	read_timeout time.Duration = default_mbedtls_client_read_timeout // the SSL client read timeout

	alpn_protocols []string // the list of ALPN protocols to advertise, e.g. ['h2', 'http/1.1']; empty means no ALPN extension is sent
}

struct SSLListener {
	saddr  string
	config SSLConnectConfig
mut:
	server_fd C.mbedtls_net_context
	ssl       C.mbedtls_ssl_context
	conf      C.mbedtls_ssl_config
	certs     &SSLCerts = unsafe { nil }
	ctr_drbg  C.mbedtls_ctr_drbg_context
	entropy   C.mbedtls_entropy_context
	opened    bool
	// alpn_list is a NUL-terminated C array of pointers to the protocol
	// strings in config.alpn_protocols, advertised by accepted connections.
	// It must outlive the SSL config and is freed in shutdown().
	alpn_list &&char = unsafe { nil }
	// handle		int
	// duration	time.Duration
}

SSLListener listens on a TCP port and accepts connection secured with TLS

fn (mut l SSLListener) shutdown() !

finish the listener and clean up resources

fn (mut l SSLListener) accept() !&SSLConn

accepts a new connection and returns a SSLConn of the connected client

fn (mut l SSLListener) accept_with_timeout(timeout time.Duration) !&SSLConn

accept_with_timeout waits up to timeout for a new client before accepting it.

fn (mut l SSLListener) accept_with_timeouts(accept_timeout time.Duration, handshake_timeout time.Duration) !&SSLConn

accept_with_timeouts waits up to accept_timeout for a new client, then waits up to handshake_timeout for the TLS server handshake to complete.