rustls::client

Function verify_server_cert_signed_by_trust_anchor

source
pub fn verify_server_cert_signed_by_trust_anchor(
    cert: &ParsedCertificate<'_>,
    roots: &RootCertStore,
    intermediates: &[CertificateDer<'_>],
    now: UnixTime,
    supported_algs: &[&dyn SignatureVerificationAlgorithm],
) -> Result<(), Error>
Expand description

Verify that the end-entity certificate end_entity is a valid server cert and chains to at least one of the trust anchors in the roots RootCertStore.

This function is primarily useful when building a custom certificate verifier. It performs no revocation checking. Implementors must handle this themselves, along with checking that the server certificate is valid for the subject name being used (see verify_server_name).

intermediates contains all certificates other than end_entity that were sent as part of the server’s Certificate message. It is in the same order that the server sent them and may be empty.