pub fn verify_server_cert_signed_by_trust_anchor(
cert: &ParsedCertificate<'_>,
roots: &RootCertStore,
intermediates: &[CertificateDer<'_>],
now: UnixTime,
supported_algs: &[&dyn SignatureVerificationAlgorithm],
) -> Result<(), Error>
Expand description
Verify that the end-entity certificate end_entity
is a valid server cert
and chains to at least one of the trust anchors in the roots
RootCertStore.
This function is primarily useful when building a custom certificate verifier. It
performs no revocation checking. Implementers must handle this themselves,
along with checking that the server certificate is valid for the subject name
being used (see verify_server_name
).
intermediates
contains all certificates other than end_entity
that
were sent as part of the server’s Certificate
message. It is in the
same order that the server sent them and may be empty.