34 stable releases (3 major)

new 4.12.0 Nov 20, 2024
4.10.3 Sep 23, 2024
4.8.0 Jul 5, 2024
4.5.0 Feb 8, 2024
1.0.2 Nov 12, 2020

#925 in Network programming

Download history 3880/week @ 2024-07-31 3748/week @ 2024-08-07 3245/week @ 2024-08-14 3603/week @ 2024-08-21 3102/week @ 2024-08-28 3771/week @ 2024-09-04 3723/week @ 2024-09-11 5213/week @ 2024-09-18 4592/week @ 2024-09-25 4383/week @ 2024-10-02 5135/week @ 2024-10-09 6382/week @ 2024-10-16 5932/week @ 2024-10-23 4539/week @ 2024-10-30 5510/week @ 2024-11-06 4970/week @ 2024-11-13

22,126 downloads per month
Used in 7 crates (5 directly)

MIT/Apache

27MB
742K SLoC

GNU Style Assembly 218K SLoC // 0.0% comments C++ 187K SLoC // 0.2% comments C 152K SLoC // 0.2% comments Assembly 63K SLoC // 0.0% comments Perl 56K SLoC // 0.1% comments Go 49K SLoC // 0.1% comments Rust 17K SLoC // 0.0% comments Bazel 1K SLoC // 0.0% comments

tokio-boring

An implementation of SSL streams for Tokio built on top of the BoringSSL.

Documentation

Usage

First, add this to your Cargo.toml:

[dependencies]
tokio-boring = "1.0.0"

Then, use either accept or connect as appropriate.

use boring::ssl;
use tokio::net::TcpListener;

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    let listener = TcpListener::bind("127.0.0.1:8080").await?;
    let (tcp_stream, _addr) = listener.accept().await?;

    let server = ssl::SslMethod::tls_server();
    let mut ssl_builder = boring::ssl::SslAcceptor::mozilla_modern(server)?;
    ssl_builder.set_default_verify_paths()?;
    ssl_builder.set_verify(ssl::SslVerifyMode::PEER);
    let acceptor = ssl_builder.build();
    let _ssl_stream = tokio_boring::accept(&acceptor, tcp_stream).await?;
    Ok(())
}

This library is an implementation of TLS streams using BoringSSL for negotiating the connection. Each TLS stream implements the Read and Write traits to interact and interoperate with the rest of the futures I/O ecosystem. Client connections initiated from this crate verify hostnames automatically and by default.

tokio-boring exports this ability through accept and connect. accept should be used by servers, and connect by clients. These augment the functionality provided by the boring crate, on which this crate is built. Configuration of TLS parameters is still primarily done through the boring crate.

License

This project is licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in Serde by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Accolades

The project is based on a fork of tokio-openssl.

Dependencies

~2–11MB
~112K SLoC