eve.tls.api
TLS API Contract Module
This module defines the common API/contract that platform-specific TLS implementations (OpenSSL on Linux, SChannel on Windows) must implement. It provides types for TLS configuration, connection state, certificate handling, and stream operations.
Copyright
Types 12
TLS protocol versions supported by the library.
These values represent the various versions of the TLS protocol that can be negotiated during the handshake.
Error codes for TLS operations.
These codes identify specific TLS-related failures that may occur during handshake, data transfer, or certificate validation.
Retryability and Fatality Guide:
OK— Success, no retry neededHANDSHAKE_FAILED— Generally fatal, handshake cannot proceedCERTIFICATE_*— Fatal, certificate validation failedPROTOCOL_ERROR— Fatal, protocol violation detectedWOULD_BLOCK— Retryable, wait for I/O readinessCLOSED— Fatal, connection cannot be reusedINTERNAL_ERROR— Fatal, TLS library state corruptedWANT_READ— Retryable, continue when readableWANT_WRITE— Retryable, continue when writableIO_ERROR— Depends on underlying error; may be retryableINIT_FAILED— Fatal, context setup failedCERT_ERROR— Fatal, certificate loading failedKEY_ERROR— Fatal, key loading failedINVALID_STATE— Fatal, stream in wrong state
TLS-specific exception with error code.
This exception is thrown when a TLS operation fails. It includes an error code that identifies the specific type of failure.
TlsErrorCode codeThe specific TLS error code.this(TlsErrorCode code, string msg, string file = __FILE__, size_t line = __LINE__)Construct a TlsError with the given code and message.this(string msg, string file = __FILE__, size_t line = __LINE__)Construct a TlsError with just a message (defaults to INTERNAL_ERROR).Certificate verification modes.
These modes control how the TLS implementation verifies the peer's certificate during the handshake.
TLS connection role.
Identifies whether the connection acts as a client or server during the TLS handshake.
TLS handshake progress state.
Tracks the current state of the TLS handshake process.
TLS stream state.
Represents the overall state of a TLS stream connection.
I/O interest flags for a TLS stream.
After each TLS operation (handshake, read, write, shutdown), the caller should query TlsStream.ioInterest() to determine what events to wait for on the underlying transport. This is necessary because TLS operations can require both reads and writes (e.g.\ renegotiation).
ushort bits noneNo I/O interest (disconnected, closed, or error). readableWait for the transport to become readable. writableWait for the transport to become writable. readWriteWait for both read and write readiness.X.509 certificate information.
Contains the essential fields extracted from an X.509 certificate, typically used for displaying certificate details or logging.
bool hasValueWhether a certificate was received from the peer.string subjectCertificate subject distinguished name.string issuerCertificate issuer distinguished name.string notBeforeStart of certificate validity period (ISO 8601 format).string notAfterEnd of certificate validity period (ISO 8601 format).string serialNumberCertificate serial number as hex string.TLS configuration context.
Holds configuration parameters for TLS connections, including protocol version constraints and certificate verification settings. This context is used to initialize TLS streams.
TlsVersion minVersionMinimum allowed TLS protocol version.TlsVersion maxVersionMaximum allowed TLS protocol version.TlsVerifyMode verifyModeCertificate verification mode.TlsRole roleConnection role (client or server).string serverNameServer hostname for SNI (Server Name Indication).string caCertFilePath to CA certificates file (PEM format).string certFilePath to client/server certificate file (PEM format).string keyFilePath to private key file (PEM format).string[] alpnProtocolsALPN protocol list for negotiation (e.g. ["h2", "http/1.1"]).TlsContext clientContext() static pure @safe nothrow @nogcCreate a client-side TLS context with secure defaults.TlsContext serverContext() static pure @safe nothrow @nogcCreate a server-side TLS context with secure defaults.TlsContext setMinVersion(TlsVersion ver) ref pure @safe nothrow @nogc returnSet the minimum TLS protocol version.TlsContext setMaxVersion(TlsVersion ver) ref pure @safe nothrow @nogc returnSet the maximum TLS protocol version.TlsContext setVerifyMode(TlsVerifyMode mode) ref pure @safe nothrow @nogc returnSet the certificate verification mode.TlsContext setServerName(string name) ref pure @safe nothrow @nogc returnSet the server name for SNI.TlsContext setCaCertFile(string path) ref pure @safe nothrow @nogc returnSet the CA certificates file path.TlsContext setCertFile(string path) ref pure @safe nothrow @nogc returnSet the certificate file path.TlsContext setKeyFile(string path) ref pure @safe nothrow @nogc returnSet the private key file path.TlsContext setAlpnProtocols(string[] protocols) ref pure @safe nothrow @nogc returnSet the ALPN protocol list.I/O result for TLS stream operations.
Encapsulates the result of a read or write operation, including the number of bytes transferred and any error that occurred.
size_t bytesTransferredNumber of bytes successfully transferred.TlsErrorCode errorError code if the operation failed.Handshake result from a TLS handshake operation.
Contains the current state of the handshake and any error information.
HandshakeState stateCurrent state of the handshake.TlsErrorCode errorError code if handshake failed.HandshakeResult failed(TlsErrorCode code) static pure @safe nothrow @nogcCreate a failed handshake result.