webpki

Enum Error

Source
#[non_exhaustive]
pub enum Error {
Show 44 variants BadDer, BadDerTime, CaUsedAsEndEntity, CertExpired, CertNotValidForName, CertNotValidYet, CertRevoked, CrlExpired, EndEntityUsedAsCa, ExtensionValueInvalid, InvalidCertValidity, InvalidCrlNumber, InvalidNetworkMaskConstraint, InvalidSerialNumber, InvalidCrlSignatureForPublicKey, InvalidSignatureForPublicKey, IssuerNotCrlSigner, MalformedDnsIdentifier, MalformedExtensions, MalformedNameConstraint, MaximumNameConstraintComparisonsExceeded, MaximumPathBuildCallsExceeded, MaximumPathDepthExceeded, MaximumSignatureChecksExceeded, NameConstraintViolation, PathLenConstraintViolated, RequiredEkuNotFound, SignatureAlgorithmMismatch, TrailingData(DerTypeId), UnknownIssuer, UnknownRevocationStatus, UnsupportedCertVersion, UnsupportedCriticalExtension, UnsupportedCrlIssuingDistributionPoint, UnsupportedCrlVersion, UnsupportedDeltaCrl, UnsupportedIndirectCrl, UnsupportedNameType, UnsupportedRevocationReason, UnsupportedRevocationReasonsPartitioning, UnsupportedCrlSignatureAlgorithm, UnsupportedSignatureAlgorithm, UnsupportedCrlSignatureAlgorithmForPublicKey, UnsupportedSignatureAlgorithmForPublicKey,
}
Expand description

An error that occurs during certificate validation or name validation.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

BadDer

The encoding of some ASN.1 DER-encoded item is invalid.

§

BadDerTime

The encoding of an ASN.1 DER-encoded time is invalid.

§

CaUsedAsEndEntity

A CA certificate is being used as an end-entity certificate.

§

CertExpired

The certificate is expired; i.e. the time it is being validated for is later than the certificate’s notAfter time.

§

CertNotValidForName

The certificate is not valid for the name it is being validated for.

§

CertNotValidYet

The certificate is not valid yet; i.e. the time it is being validated for is earlier than the certificate’s notBefore time.

§

CertRevoked

The certificate, or one of its issuers, has been revoked.

§

CrlExpired

The CRL is expired; i.e. the verification time is not before the time in the CRL nextUpdate field.

§

EndEntityUsedAsCa

An end-entity certificate is being used as a CA certificate.

§

ExtensionValueInvalid

An X.509 extension is invalid.

§

InvalidCertValidity

The certificate validity period (notBefore, notAfter) is invalid; e.g. the notAfter time is earlier than the notBefore time.

§

InvalidCrlNumber

A CRL number extension was invalid:

  • it was mis-encoded
  • it was negative
  • it was too long
§

InvalidNetworkMaskConstraint

A iPAddress name constraint was invalid:

  • it had a sparse network mask (ie, cannot be written in CIDR form).
  • it was too long or short
§

InvalidSerialNumber

A serial number was invalid:

  • it was misencoded
  • it was negative
  • it was too long
§

InvalidCrlSignatureForPublicKey

The CRL signature is invalid for the issuer’s public key.

§

InvalidSignatureForPublicKey

The signature is invalid for the given public key.

§

IssuerNotCrlSigner

A CRL was signed by an issuer that has a KeyUsage bitstring that does not include the cRLSign key usage bit.

§

MalformedDnsIdentifier

A presented or reference DNS identifier was malformed, potentially containing invalid characters or invalid labels.

§

MalformedExtensions

The certificate extensions are malformed.

In particular, webpki requires the DNS name(s) be in the subjectAltName extension as required by the CA/Browser Forum Baseline Requirements and as recommended by RFC6125.

§

MalformedNameConstraint

A name constraint was malformed, potentially containing invalid characters or invalid labels.

§

MaximumNameConstraintComparisonsExceeded

The maximum number of name constraint comparisons has been reached.

§

MaximumPathBuildCallsExceeded

The maximum number of internal path building calls has been reached. Path complexity is too great.

§

MaximumPathDepthExceeded

The path search was terminated because it became too deep.

§

MaximumSignatureChecksExceeded

The maximum number of signature checks has been reached. Path complexity is too great.

§

NameConstraintViolation

The certificate violates one or more name constraints.

§

PathLenConstraintViolated

The certificate violates one or more path length constraints.

§

RequiredEkuNotFound

The certificate is not valid for the Extended Key Usage for which it is being validated.

§

SignatureAlgorithmMismatch

The algorithm in the TBSCertificate “signature” field of a certificate does not match the algorithm in the signature of the certificate.

§

TrailingData(DerTypeId)

Trailing data was found while parsing DER-encoded input for the named type.

§

UnknownIssuer

A valid issuer for the certificate could not be found.

§

UnknownRevocationStatus

The certificate’s revocation status could not be determined.

§

UnsupportedCertVersion

The certificate is not a v3 X.509 certificate.

This error may be also reported if the certificate version field is malformed.

§

UnsupportedCriticalExtension

The certificate contains an unsupported critical extension.

§

UnsupportedCrlIssuingDistributionPoint

The CRL contains an issuing distribution point with no distribution point name, or a distribution point name relative to an issuer.

§

UnsupportedCrlVersion

The CRL is not a v2 X.509 CRL.

The RFC 5280 web PKI profile mandates only version 2 be used. See section 5.1.2.1 for more information.

This error may also be reported if the CRL version field is malformed.

§

UnsupportedDeltaCrl

The CRL is an unsupported “delta” CRL.

§

UnsupportedIndirectCrl

The CRL contains unsupported “indirect” entries.

§

UnsupportedNameType

The ServerName contained an unsupported type of value.

§

UnsupportedRevocationReason

The revocation reason is not in the set of supported revocation reasons.

§

UnsupportedRevocationReasonsPartitioning

The CRL is partitioned by revocation reasons.

§

UnsupportedCrlSignatureAlgorithm

The signature algorithm for a signature over a CRL is not in the set of supported signature algorithms given.

§

UnsupportedSignatureAlgorithm

The signature algorithm for a signature is not in the set of supported signature algorithms given.

§

UnsupportedCrlSignatureAlgorithmForPublicKey

The CRL signature’s algorithm does not match the algorithm of the issuer public key it is being validated for. This may be because the public key algorithm’s OID isn’t recognized (e.g. DSA), or the public key algorithm’s parameters don’t match the supported parameters for that algorithm (e.g. ECC keys for unsupported curves), or the public key algorithm and the signature algorithm simply don’t match (e.g. verifying an RSA signature with an ECC public key).

§

UnsupportedSignatureAlgorithmForPublicKey

The signature’s algorithm does not match the algorithm of the public key it is being validated for. This may be because the public key algorithm’s OID isn’t recognized (e.g. DSA), or the public key algorithm’s parameters don’t match the supported parameters for that algorithm (e.g. ECC keys for unsupported curves), or the public key algorithm and the signature algorithm simply don’t match (e.g. verifying an RSA signature with an ECC public key).

Trait Implementations§

Source§

impl Clone for Error

Source§

fn clone(&self) -> Error

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Error

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for Error

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Error for Error

Available on crate feature std only.
1.30.0 · Source§

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more
1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0: use the Display impl or to_string()
1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0: replaced by Error::source, which can support downcasting
Source§

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)
Provides type-based access to context intended for error reports. Read more
Source§

impl From<Error> for ControlFlow<Error, Error>

Source§

fn from(value: Error) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for Error

Source§

fn eq(&self, other: &Error) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for Error

Source§

impl Eq for Error

Source§

impl StructuralPartialEq for Error

Auto Trait Implementations§

§

impl Freeze for Error

§

impl RefUnwindSafe for Error

§

impl Send for Error

§

impl Sync for Error

§

impl Unpin for Error

§

impl UnwindSafe for Error

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

Layout§

Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...) attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.

Size: 1 byte

Size for each variant:

  • BadDer: 0 bytes
  • BadDerTime: 0 bytes
  • CaUsedAsEndEntity: 0 bytes
  • CertExpired: 0 bytes
  • CertNotValidForName: 0 bytes
  • CertNotValidYet: 0 bytes
  • CertRevoked: 0 bytes
  • CrlExpired: 0 bytes
  • EndEntityUsedAsCa: 0 bytes
  • ExtensionValueInvalid: 0 bytes
  • InvalidCertValidity: 0 bytes
  • InvalidCrlNumber: 0 bytes
  • InvalidNetworkMaskConstraint: 0 bytes
  • InvalidSerialNumber: 0 bytes
  • InvalidCrlSignatureForPublicKey: 0 bytes
  • InvalidSignatureForPublicKey: 0 bytes
  • IssuerNotCrlSigner: 0 bytes
  • MalformedDnsIdentifier: 0 bytes
  • MalformedExtensions: 0 bytes
  • MalformedNameConstraint: 0 bytes
  • MaximumNameConstraintComparisonsExceeded: 0 bytes
  • MaximumPathBuildCallsExceeded: 0 bytes
  • MaximumPathDepthExceeded: 0 bytes
  • MaximumSignatureChecksExceeded: 0 bytes
  • NameConstraintViolation: 0 bytes
  • PathLenConstraintViolated: 0 bytes
  • RequiredEkuNotFound: 0 bytes
  • SignatureAlgorithmMismatch: 0 bytes
  • TrailingData: 1 byte
  • UnknownIssuer: 0 bytes
  • UnknownRevocationStatus: 0 bytes
  • UnsupportedCertVersion: 0 bytes
  • UnsupportedCriticalExtension: 0 bytes
  • UnsupportedCrlIssuingDistributionPoint: 0 bytes
  • UnsupportedCrlVersion: 0 bytes
  • UnsupportedDeltaCrl: 0 bytes
  • UnsupportedIndirectCrl: 0 bytes
  • UnsupportedNameType: 0 bytes
  • UnsupportedRevocationReason: 0 bytes
  • UnsupportedRevocationReasonsPartitioning: 0 bytes
  • UnsupportedCrlSignatureAlgorithm: 0 bytes
  • UnsupportedSignatureAlgorithm: 0 bytes
  • UnsupportedCrlSignatureAlgorithmForPublicKey: 0 bytes
  • UnsupportedSignatureAlgorithmForPublicKey: 0 bytes