WebPkiServerVerifier

Struct WebPkiServerVerifier

pub struct WebPkiServerVerifier { /* private fields */ }

Expand description

Default ServerVerifier, see the trait impl for more information.

Implementations§

impl WebPkiServerVerifier

pub fn builder(roots: Arc<RootCertStore>) -> ServerVerifierBuilder

Create a builder for the webpki server certificate verifier configuration using the process-default CryptoProvider.

Server certificates will be verified using the trust anchors found in the provided roots.

Use Self::builder_with_provider if you wish to specify an explicit provider.

For more information, see the ServerVerifierBuilder documentation.

pub fn builder_with_provider( roots: Arc<RootCertStore>, provider: &CryptoProvider, ) -> ServerVerifierBuilder

Create a builder for the webpki server certificate verifier configuration using a specified CryptoProvider.

Server certificates will be verified using the trust anchors found in the provided roots.

The cryptography used comes from the specified CryptoProvider.

For more information, see the ServerVerifierBuilder documentation.

Trait Implementations§

impl Debug for WebPkiServerVerifier

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl ServerVerifier for WebPkiServerVerifier

fn verify_identity( &self, identity: &ServerIdentity<'_>, ) -> Result<PeerVerified, Error>

Will verify the certificate is valid in the following ways:

Signed by a trusted RootCertStore CA
Not Expired
Valid for DNS entry
Valid revocation status (if applicable).

Depending on the verifier’s configuration revocation status checking may be performed for each certificate in the chain to a root CA (excluding the root itself), or only the end entity certificate. Similarly, unknown revocation status may be treated as an error or allowed based on configuration.

fn verify_tls12_signature( &self, input: &SignatureVerificationInput<'_>, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate. Read more

fn verify_tls13_signature( &self, input: &SignatureVerificationInput<'_>, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate. Read more

fn supported_verify_schemes(&self) -> Vec<SignatureScheme>

Return the list of SignatureSchemes that this verifier will handle, in verify_tls12_signature and verify_tls13_signature calls. Read more

fn request_ocsp_response(&self) -> bool

Return true if this verifier will process stapled OCSP responses. Read more

fn supported_certificate_types(&self) -> &'static [CertificateType]

Returns which CertificateTypes this verifier supports. Read more

fn root_hint_subjects(&self) -> Option<Arc<[DistinguishedName]>>

Return the DistinguishedNames of certificate authorities that this verifier trusts. Read more

Auto Trait Implementations§

impl Freeze for WebPkiServerVerifier

impl !RefUnwindSafe for WebPkiServerVerifier

impl Send for WebPkiServerVerifier

impl Sync for WebPkiServerVerifier

impl Unpin for WebPkiServerVerifier

impl !UnwindSafe for WebPkiServerVerifier

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.