struct Options [src]

Fields

host: union(enum) { /// No host verification is performed, which prevents a trusted connection from /// being established. no_verification, /// Verify that the server certificate was issued for a given host. explicit: []const u8, }How to perform host verification of server certificates.

ca: union(enum) { /// No ca verification is performed, which prevents a trusted connection from /// being established. no_verification, /// Verify that the server certificate is a valid self-signed certificate. /// This provides no authorization guarantees, as anyone can create a /// self-signed certificate. self_signed, /// Verify that the server certificate is authorized by a given ca bundle. bundle: Certificate.Bundle, }How to verify the authenticity of server certificates.

ssl_key_log: ?*SslKeyLog = nullIf non-null, ssl secrets are logged to this stream. Creating such a log file allows other programs with access to that file to decrypt all traffic over this connection. Only the writer field is observed during the handshake (init). After that, the other fields are populated.

allow_truncation_attacks: bool = falseBy default, reaching the end-of-stream when reading from the server will cause error.TlsConnectionTruncated to be returned, unless a close_notify message has been received. By setting this flag to true, instead, the end-of-stream will be forwarded to the application layer above TLS. This makes the application vulnerable to truncation attacks unless the application layer itself verifies that the amount of data received equals the amount of data expected, such as HTTP with the Content-Length header.

write_buffer: []u8

read_buffer: []u8

alert: ?*tls.Alert = nullPopulated when error.TlsAlert is returned from init.

Source

  pub const Options = struct {
    /// How to perform host verification of server certificates.
    host: union(enum) {
        /// No host verification is performed, which prevents a trusted connection from
        /// being established.
        no_verification,
        /// Verify that the server certificate was issued for a given host.
        explicit: []const u8,
    },
    /// How to verify the authenticity of server certificates.
    ca: union(enum) {
        /// No ca verification is performed, which prevents a trusted connection from
        /// being established.
        no_verification,
        /// Verify that the server certificate is a valid self-signed certificate.
        /// This provides no authorization guarantees, as anyone can create a
        /// self-signed certificate.
        self_signed,
        /// Verify that the server certificate is authorized by a given ca bundle.
        bundle: Certificate.Bundle,
    },
    /// If non-null, ssl secrets are logged to this stream. Creating such a log file allows
    /// other programs with access to that file to decrypt all traffic over this connection.
    ///
    /// Only the `writer` field is observed during the handshake (`init`).
    /// After that, the other fields are populated.
    ssl_key_log: ?*SslKeyLog = null,
    /// By default, reaching the end-of-stream when reading from the server will
    /// cause `error.TlsConnectionTruncated` to be returned, unless a close_notify
    /// message has been received. By setting this flag to `true`, instead, the
    /// end-of-stream will be forwarded to the application layer above TLS.
    ///
    /// This makes the application vulnerable to truncation attacks unless the
    /// application layer itself verifies that the amount of data received equals
    /// the amount of data expected, such as HTTP with the Content-Length header.
    allow_truncation_attacks: bool = false,
    write_buffer: []u8,
    read_buffer: []u8,
    /// Populated when `error.TlsAlert` is returned from `init`.
    alert: ?*tls.Alert = null,
}  