pub trait ServerCredentialResolver:
Debug
+ Send
+ Sync {
// Required method
fn resolve(
&self,
client_hello: &ClientHello<'_>,
) -> Result<SelectedCredential, Error>;
// Provided method
fn supported_certificate_types(&self) -> &'static [CertificateType] { ... }
}Expand description
How to choose a certificate chain and signing key for use in server authentication.
This is suitable when selecting a certificate does not require I/O or when the application is using blocking I/O anyhow.
For applications that use async I/O and need to do I/O to choose
a certificate (for instance, fetching a certificate from a data store),
the Acceptor interface is more suitable.
Required Methods§
Sourcefn resolve(
&self,
client_hello: &ClientHello<'_>,
) -> Result<SelectedCredential, Error>
fn resolve( &self, client_hello: &ClientHello<'_>, ) -> Result<SelectedCredential, Error>
Choose a certificate chain and matching key given simplified ClientHello information.
The SelectedCredential returned from this method contains an identity and a
one-time-use Signer wrapping the private key. This is usually obtained via a
Credentials, on which an implementation can call Credentials::signer().
An implementation can either store long-lived Credentials values, or instantiate
them as needed using one of its constructors.
Yielding an Error will abort the handshake. Some relevant error variants:
Provided Methods§
Sourcefn supported_certificate_types(&self) -> &'static [CertificateType]
fn supported_certificate_types(&self) -> &'static [CertificateType]
Returns which CertificateTypes this resolver supports.
Returning an empty slice will result in an error. The default implementation signals support for X.509 certificates. Implementations should return the same value every time.
See RFC 7250 for more information.
Implementors§
impl ServerCredentialResolver for SingleCredential
impl ServerCredentialResolver for ServerNameResolver
std or hashbrown only.