Lib.rs

Cryptography
#tls #openbsd #libressl #tls-connection #api-bindings

libtls

Rust bindings for LibreSSL's libtls

by Reyk Floeter, Michael Howell

7 releases (stable)

1.2.0 Apr 9, 2020
1.1.2 Dec 20, 2019
1.1.0-alpha1 Nov 11, 2019
0.0.1 May 7, 2016

#699 in Cryptography


Used in tokio-libtls

ISC license

4MB
7K SLoC

C 2K SLoC // 0.2% comments Automake 1.5K SLoC // 0.1% comments Rust 1.5K SLoC // 0.1% comments Shell 1.5K SLoC // 0.1% comments M4 331 SLoC // 0.2% comments Batch 245 SLoC // 0.1% comments Pan 2 SLoC

Rust bindings for LibreSSL's libtls.

Crates.IO docs.rs Actions Build Status License

Documentation, Changelog

The LibreSSL project provides a free TLS and crypto stack that was forked from OpenSSL in 2014. The goals are to provide a modernized codebase, improved security, and to apply best practice development processes.

LibreSSL provides C APIs that are compatible to OpenSSL's libssl and libcrypto libraries. It also provides libtls, a new TLS library that is designed to make it easier to write foolproof applications.

This workspace of Rust crates provides language bindings for libtls only, as the other LibreSSL APIs can be used with the existing rust-openssl crate. LibreSSL versions 2.9.0 through 3.1.0 (or later) are supported. TLSv1.3 requires LibreSSL 3.1.0 or later.

The following crates are included:

Minimum Rust version

Async I/O with tokio-libtls requires Rust 1.39 or later for async-await. This crate does not provide any backwards compatibility but you can use version 1.0.0 on older Rust versions.

Examples

See the examples directory for various examples to configure, establish, and connect synchronous and asynchronous TLS connections. The following selected example creates a non-blocking and asynchronous TLS connection using Tokio and the tokio-libtls crate:

use std::io;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio_libtls::prelude::*;

async fn async_https_connect(servername: &str) -> io::Result<()> {
    let addr = &(servername.to_owned() + ":443");

    let request = format!(
        "GET / HTTP/1.1\r\n\
         Host: {}\r\n\
         Connection: close\r\n\r\n",
        servername
    );

    let config = Builder::new().build()?;
    let mut tls = connect(addr, &config, None).await?;
    tls.write_all(request.as_bytes()).await?;

    let mut buf = vec![0u8; 1024];
    tls.read_exact(&mut buf).await?;

    let ok = b"HTTP/1.1 200 OK\r\n";
    assert_eq!(&buf[..ok.len()], ok);

    Ok(())
}

#[tokio::main]
async fn main() {
    async_https_connect("www.example.com").await.unwrap();
}

Licensed under an OpenBSD-ISC-style license, see LICENSE for details.

Dependencies