rustls::client

Struct WebPkiServerVerifier

source
pub struct WebPkiServerVerifier { /* private fields */ }
Expand description

Default ServerCertVerifier, see the trait impl for more information.

Implementations§

source§

impl WebPkiServerVerifier

source

pub fn builder(roots: Arc<RootCertStore>) -> ServerCertVerifierBuilder

Create a builder for the webpki server certificate verifier configuration using the default CryptoProvider.

Server certificates will be verified using the trust anchors found in the provided roots.

The cryptography used comes from the default CryptoProvider: crypto::ring::default_provider. Use Self::builder_with_provider if you wish to customize this.

For more information, see the ServerCertVerifierBuilder documentation.

source

pub fn builder_with_provider( roots: Arc<RootCertStore>, provider: Arc<CryptoProvider>, ) -> ServerCertVerifierBuilder

Create a builder for the webpki server certificate verifier configuration using a specified CryptoProvider.

Server certificates will be verified using the trust anchors found in the provided roots.

The cryptography used comes from the specified CryptoProvider.

For more information, see the ServerCertVerifierBuilder documentation.

Trait Implementations§

source§

impl Debug for WebPkiServerVerifier

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl ServerCertVerifier for WebPkiServerVerifier

source§

fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result<ServerCertVerified, Error>

Will verify the certificate is valid in the following ways:

  • Signed by a trusted RootCertStore CA
  • Not Expired
  • Valid for DNS entry
  • Valid revocation status (if applicable).

Depending on the verifier’s configuration revocation status checking may be performed for each certificate in the chain to a root CA (excluding the root itself), or only the end entity certificate. Similarly, unknown revocation status may be treated as an error or allowed based on configuration.

source§

fn verify_tls12_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate. Read more
source§

fn verify_tls13_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate. Read more
source§

fn supported_verify_schemes(&self) -> Vec<SignatureScheme>

Return the list of SignatureSchemes that this verifier will handle, in verify_tls12_signature and verify_tls13_signature calls. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.