Type Aliases

The following type aliases are available globally.

  • A custom verification callback.

    This verification callback is usually called more than once per connection, as it is called once per certificate in the peer’s complete certificate chain (including the root CA). The calls proceed from root to leaf, ending with the peer’s leaf certificate. Each time it is invoked with 2 arguments:

    1. The result of the BoringSSL verification for this certificate
    2. The SSLCertificate for this level of the chain.

    Please be cautious with calling out from this method. This method is always invoked on the event loop, so you must not block or wait. It is not possible to return an EventLoopFuture from this method, as it must not block or wait. Additionally, this method must take care to ensure that it does not cause any ChannelHandler to recursively call back into the NIOSSLHandler that triggered it, as making re-entrant calls into BoringSSL is not supported by SwiftNIO and leads to undefined behaviour.

    In general, the only safe thing to do here is to either perform some cryptographic operations, to log, or to store the NIOSSLCertificate somewhere for later consumption. The easiest way to be sure that the NIOSSLCertificate is safe to consume is to wait for a user event that shows the handshake as completed, or for channelInactive.

    warning: This callback uses the old-style OpenSSL callback behaviour and is excessively complex to program with. Instead, prefer using the NIOSSLCustomVerificationCallback style which receives the entire trust chain at once, and also supports asynchronous certificate verification.

    Declaration

    Swift

    public typealias NIOSSLVerificationCallback = (NIOSSLVerificationResult, NIOSSLCertificate) -> NIOSSLVerificationResult
  • A custom verification callback that allows completely overriding the certificate verification logic of BoringSSL.

    This verification callback is called no more than once per connection attempt. It is invoked with two arguments:

    1. The certificate chain presented by the peer, in the order the peer presented them (with the first certificate being the leaf certificate presented by the peer).
    2. An EventLoopPromise that must be completed to signal the result of the verification.

    Please be cautious with calling out from this method. This method is always invoked on the event loop, so you must not block or wait. However, you may perform asynchronous work by leaving the event loop context: when the verification is complete you must complete the provided EventLoopPromise.

    This method must take care to ensure that it does not cause any ChannelHandler to recursively call back into the NIOSSLHandler that triggered it, as making re-entrant calls into BoringSSL is not supported by SwiftNIO and leads to undefined behaviour. It is acceptable to leave the event loop context and then call into the NIOSSLHandler, as this will not be re-entrant.

    Note that setting this callback will override all verification logic that BoringSSL provides.

    Declaration

    Swift

    public typealias NIOSSLCustomVerificationCallback = ([NIOSSLCertificate], EventLoopPromise<NIOSSLVerificationResult>) -> Void
  • A callback that can be used to implement SSLKEYLOGFILE support.

    Wireshark can decrypt packet captures that contain encrypted TLS connections if they have access to the session keys used to perform the encryption. These keys are normally stored in a file that has a specific file format. This callback is the low-level primitive that can be used to write such a file.

    When set, this callback will be invoked once per secret. The provided ByteBuffer will contain the bytes that need to be written into the file, including the newline character.

    Warning

    Please be aware that enabling support for SSLKEYLOGFILE through this callback will put the secrecy of your connections at risk. You should only do so when you are confident that it will not be possible to extract those secrets unnecessarily.

    Declaration

    Swift

    public typealias NIOSSLKeyLogCallback = (ByteBuffer) -> Void
  • A representation of BoringSSL’s internal error stack: a list of BoringSSL errors.

    Declaration

    Swift

    public typealias NIOBoringSSLErrorStack = [BoringSSLInternalError]
  • An NIOSSLPassphraseCallback is a callback that will be invoked by NIOSSL when it needs to get access to a private key that is stored in encrypted form.

    This callback will be invoked with one argument, a non-escaping closure that must be called with the passphrase. Failing to call the closure will cause decryption to fail.

    The reason this design has been used is to allow you to secure any memory storing the passphrase after use. We guarantee that after the NIOSSLPassphraseSetter closure has been invoked the Collection you have passed in will no longer be needed by BoringSSL, and so you can safely destroy any memory it may be using if you need to.

    Declaration

    Swift

    public typealias NIOSSLPassphraseCallback<Bytes> = (NIOSSLPassphraseSetter<Bytes>) throws -> Void where Bytes : Collection, Bytes.Element == UInt8
  • An NIOSSLPassphraseSetter is a closure that you must invoke to provide a passphrase to BoringSSL. It will be provided to you when your NIOSSLPassphraseCallback is invoked.

    Declaration

    Swift

    public typealias NIOSSLPassphraseSetter<Bytes> = (Bytes) -> Void where Bytes : Collection, Bytes.Element == UInt8