pub struct WebPkiServerVerifier { /* private fields */ }
Expand description
Default ServerCertVerifier
, see the trait impl for more information.
Implementations§
source§impl WebPkiServerVerifier
impl WebPkiServerVerifier
sourcepub fn builder(roots: Arc<RootCertStore>) -> ServerCertVerifierBuilder
pub fn builder(roots: Arc<RootCertStore>) -> ServerCertVerifierBuilder
Create a builder for the webpki
server certificate verifier configuration using
the default CryptoProvider
.
Server certificates will be verified using the trust anchors found in the provided roots
.
The cryptography used comes from the default CryptoProvider
: crypto::ring::default_provider
.
Use Self::builder_with_provider
if you wish to customize this.
For more information, see the ServerCertVerifierBuilder
documentation.
sourcepub fn builder_with_provider(
roots: Arc<RootCertStore>,
provider: Arc<CryptoProvider>,
) -> ServerCertVerifierBuilder
pub fn builder_with_provider( roots: Arc<RootCertStore>, provider: Arc<CryptoProvider>, ) -> ServerCertVerifierBuilder
Create a builder for the webpki
server certificate verifier configuration using
a specified CryptoProvider
.
Server certificates will be verified using the trust anchors found in the provided roots
.
The cryptography used comes from the specified CryptoProvider
.
For more information, see the ServerCertVerifierBuilder
documentation.
Trait Implementations§
source§impl Debug for WebPkiServerVerifier
impl Debug for WebPkiServerVerifier
source§impl ServerCertVerifier for WebPkiServerVerifier
impl ServerCertVerifier for WebPkiServerVerifier
source§fn verify_server_cert(
&self,
end_entity: &CertificateDer<'_>,
intermediates: &[CertificateDer<'_>],
server_name: &ServerName<'_>,
ocsp_response: &[u8],
now: UnixTime,
) -> Result<ServerCertVerified, Error>
fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result<ServerCertVerified, Error>
Will verify the certificate is valid in the following ways:
- Signed by a trusted
RootCertStore
CA - Not Expired
- Valid for DNS entry
- Valid revocation status (if applicable).
Depending on the verifier’s configuration revocation status checking may be performed for each certificate in the chain to a root CA (excluding the root itself), or only the end entity certificate. Similarly, unknown revocation status may be treated as an error or allowed based on configuration.
source§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls12_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls13_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
verify_tls12_signature
and verify_tls13_signature
calls. Read more