Struct WebPkiServerVerifier 

pub struct WebPkiServerVerifier { /* private fields */ }

Default ServerVerifier, see the trait impl for more information.

Implementations

impl WebPkiServerVerifier

pub fn builder( roots: Arc<RootCertStore>, provider: &CryptoProvider, ) -> ServerVerifierBuilder

Create a builder for the webpki server certificate verifier configuration using a specified CryptoProvider.

Server certificates will be verified using the trust anchors found in the provided roots.

The cryptography used comes from the specified CryptoProvider.

For more information, see the ServerVerifierBuilder documentation.

Trait Implementations

impl Debug for WebPkiServerVerifier

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Hash for WebPkiServerVerifier

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl ServerVerifier for WebPkiServerVerifier

fn verify_identity( &self, identity: &ServerIdentity<'_>, ) -> Result<PeerVerified, Error>

Will verify the certificate is valid in the following ways:

• Signed by a trusted RootCertStore CA
• Not Expired
• Valid for DNS entry
• Valid revocation status (if applicable).

Depending on the verifier’s configuration revocation status checking may be performed for each certificate in the chain to a root CA (excluding the root itself), or only the end entity certificate. Similarly, unknown revocation status may be treated as an error or allowed based on configuration.

fn verify_tls12_signature( &self, input: &SignatureVerificationInput<'_>, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate.

fn verify_tls13_signature( &self, input: &SignatureVerificationInput<'_>, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate.

fn supported_verify_schemes(&self) -> Vec<SignatureScheme>

Return the list of SignatureSchemes that this verifier will handle, in verify_tls12_signature and verify_tls13_signature calls.

fn request_ocsp_response(&self) -> bool

Return true if this verifier will process stapled OCSP responses.

fn hash_config(&self, h: &mut dyn Hasher)

Instance configuration should be input to h.

fn supported_certificate_types(&self) -> &'static [CertificateType]

Returns which CertificateTypes this verifier supports.

fn root_hint_subjects(&self) -> Option<Arc<[DistinguishedName]>>

Return the DistinguishedNames of certificate authorities that this verifier trusts.