sslhash

无需证书授权的 SSL。

为什么？

你是否曾经想要在非 http TCP 流上使用 TLS？
如果是的话，你会发现设置证书非常复杂。
甚至不是所有的 IP 都有域名！

sslhash 主要跳过了主机名检查，而是将其与用户提供的公钥哈希进行比较。
这吸取了 SSL 的优点（安全、经过审计等），并去除了 SSL 的缺点（证书授权）。

用法

服务器

// Create a builder.
// Default values:
// - RSA bits: 3072
// - Cache directory: The same directory as the executable
let (acceptor, hash) = AcceptorBuilder::default().build().unwrap();

// Replace "localhost:1234" with what you want to bind to.
// On UNIX, use 0.0.0.0 as IP to make it public.
let tcp = TcpListener::bind("localhost:1234").unwrap();
let (client, _) = tcp.accept().unwrap();
let mut client = acceptor.accept(client).unwrap();

// client is a SslStream<TcpStream> now ready to be used.
// Somehow transfer the hash to the client.
// A simple way would be to tell the user to give this to all clients.

客户端

let connector = SslConnector::builder(SslMethod::tls()).unwrap().build();

// Replace "localhost:1234" with what you want to connect to.
let client = TcpStream::connect("localhost:1234").unwrap();

// Assumes you have a String called "hash" that is the hash of the server's public key.
// Somehow receive this from the server.
// A simple way would be to ask the user for the hash.
let mut client = sslhash::connect(&connector, client, hash).unwrap();