pub struct WebPkiServerVerifier { /* private fields */ }
Expand description
Default ServerCertVerifier
, see the trait impl for more information.
Implementations§
Source§impl WebPkiServerVerifier
impl WebPkiServerVerifier
Sourcepub fn builder(roots: Arc<RootCertStore>) -> ServerCertVerifierBuilder
pub fn builder(roots: Arc<RootCertStore>) -> ServerCertVerifierBuilder
Create a builder for the webpki
server certificate verifier configuration using
the process-default CryptoProvider
.
Server certificates will be verified using the trust anchors found in the provided roots
.
Use Self::builder_with_provider
if you wish to specify an explicit provider.
For more information, see the ServerCertVerifierBuilder
documentation.
Sourcepub fn builder_with_provider(
roots: Arc<RootCertStore>,
provider: Arc<CryptoProvider>,
) -> ServerCertVerifierBuilder
pub fn builder_with_provider( roots: Arc<RootCertStore>, provider: Arc<CryptoProvider>, ) -> ServerCertVerifierBuilder
Create a builder for the webpki
server certificate verifier configuration using
a specified CryptoProvider
.
Server certificates will be verified using the trust anchors found in the provided roots
.
The cryptography used comes from the specified CryptoProvider
.
For more information, see the ServerCertVerifierBuilder
documentation.
Trait Implementations§
Source§impl Debug for WebPkiServerVerifier
impl Debug for WebPkiServerVerifier
Source§impl ServerCertVerifier for WebPkiServerVerifier
impl ServerCertVerifier for WebPkiServerVerifier
Source§fn verify_server_cert(
&self,
end_entity: &CertificateDer<'_>,
intermediates: &[CertificateDer<'_>],
server_name: &ServerName<'_>,
ocsp_response: &[u8],
now: UnixTime,
) -> Result<ServerCertVerified, Error>
fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result<ServerCertVerified, Error>
Will verify the certificate is valid in the following ways:
- Signed by a trusted
RootCertStore
CA - Not Expired
- Valid for DNS entry
- Valid revocation status (if applicable).
Depending on the verifier’s configuration revocation status checking may be performed for each certificate in the chain to a root CA (excluding the root itself), or only the end entity certificate. Similarly, unknown revocation status may be treated as an error or allowed based on configuration.
Source§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls12_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls13_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
verify_tls12_signature
and verify_tls13_signature
calls. Read moreSource§fn requires_raw_public_keys(&self) -> bool
fn requires_raw_public_keys(&self) -> bool
Auto Trait Implementations§
impl Freeze for WebPkiServerVerifier
impl !RefUnwindSafe for WebPkiServerVerifier
impl Send for WebPkiServerVerifier
impl Sync for WebPkiServerVerifier
impl Unpin for WebPkiServerVerifier
impl !UnwindSafe for WebPkiServerVerifier
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Layout§
Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...)
attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.
Size: 72 bytes