MCPcopy Index your code
hub / github.com/RustPython/RustPython / initialize_server_connection

Method initialize_server_connection

crates/stdlib/src/ssl.rs:3126–3320  ·  view source on GitHub ↗

Initialize server-side TLS connection with configuration This method handles all server-side setup including: - Certificate and key validation - Client authentication configuration - SNI (Server Name Indication) setup - ALPN protocol negotiation - Session resumption configuration Returns the configured ServerConnection.

(
            &self,
            conn_guard: &mut Option<TlsConnection>,
            vm: &VirtualMachine,
        )

Source from the content-addressed store, hash-verified

3124 ///
3125 /// Returns the configured ServerConnection.
3126 fn initialize_server_connection(
3127 &self,
3128 conn_guard: &mut Option<TlsConnection>,
3129 vm: &VirtualMachine,
3130 ) -> PyResult<()> {
3131 let ctx = self.context.read();
3132 let cert_keys = ctx.cert_keys.read();
3133
3134 if cert_keys.is_empty() {
3135 return Err(vm.new_value_error(
3136 "Server-side connection requires certificate and key (use load_cert_chain)",
3137 ));
3138 }
3139
3140 // Clone cert_keys for use in config
3141 // PrivateKeyDer doesn't implement Clone, use clone_key()
3142 let cert_keys_clone: Vec<CertKeyPair> = cert_keys
3143 .iter()
3144 .map(|(ck, pk)| (ck.clone(), pk.clone_key()))
3145 .collect();
3146 drop(cert_keys);
3147
3148 // Prepare common protocol settings (TLS versions, ECDH curve, cipher suites, ALPN)
3149 let protocol_settings = self.prepare_protocol_settings(vm)?;
3150 let min_ver = *ctx.minimum_version.read();
3151
3152 // Check if client certificate verification is required
3153 let verify_mode = *ctx.verify_mode.read();
3154 let root_store = ctx.root_certs.read();
3155 let pha_enabled = *ctx.post_handshake_auth.read();
3156
3157 // Check if TLS 1.3 is being used
3158 let is_tls13 = min_ver >= PROTO_TLSv1_3;
3159
3160 // For TLS 1.3: always use deferred validation for client certificates
3161 // For TLS 1.2: use immediate validation during handshake
3162 let use_deferred_validation = is_tls13
3163 && !pha_enabled
3164 && (verify_mode == CERT_REQUIRED || verify_mode == CERT_OPTIONAL);
3165
3166 // For TLS 1.3 + PHA: if PHA is enabled, don't request cert in initial handshake
3167 // The certificate will be requested later via verify_client_post_handshake()
3168 let request_initial_cert = if pha_enabled {
3169 // PHA enabled: don't request cert initially (will use PHA later)
3170 false
3171 } else if verify_mode == CERT_REQUIRED || verify_mode == CERT_OPTIONAL {
3172 // PHA not enabled or TLS 1.2: request cert in initial handshake
3173 true
3174 } else {
3175 // CERT_NONE
3176 false
3177 };
3178
3179 // Check if SNI callback is set
3180 let sni_callback = ctx.sni_callback.read().clone();
3181 let use_sni_resolver = sni_callback.is_some();
3182
3183 // Create SNI state if needed (to be stored in PySSLSocket later)

Callers 1

do_handshakeMethod · 0.80

Calls 15

newFunction · 0.85
create_server_configFunction · 0.85
collectMethod · 0.80
read_tlsMethod · 0.80
process_new_packetsMethod · 0.80
ErrClass · 0.50
SomeClass · 0.50
ServerClass · 0.50
readMethod · 0.45
is_emptyMethod · 0.45
mapMethod · 0.45

Tested by

no test coverage detected