Struct TicketRotator 

pub struct TicketRotator { /* private fields */ }

Available on crate feature tls and (crate features std or hashbrown) and crate feature std only.

A ticketer that has a ‘current’ sub-ticketer and a single ‘previous’ ticketer. It creates a new ticketer every so often, demoting the current ticketer.

Implementations

impl TicketRotator

pub fn new( lifetime: u32, generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>, ) -> Result<TicketRotator, Error>

Creates a new TicketRotator, which rotates through sub-ticketers based on the passage of time.

lifetime is in seconds, and is how long the current ticketer is used to generate new tickets. Tickets are accepted for no longer than twice this duration. generator produces a new ProducesTickets implementation.

Trait Implementations

impl Debug for TicketRotator

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl ProducesTickets for TicketRotator

fn lifetime(&self) -> u32

Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.

fn enabled(&self) -> bool

Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.

fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>

Encrypt and authenticate plain, returning the resulting ticket. Return None if plain cannot be encrypted for some reason: an empty ticket will be sent and the connection will continue.

fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>

Decrypt cipher, validating its authenticity protection and recovering the plaintext. cipher is fully attacker controlled, so this decryption must be side-channel free, panic-proof, and otherwise bullet-proof. If the decryption fails, return None.