pub trait ResolvesClientCert:
Debug
+ Send
+ Sync {
// Required methods
fn resolve(
&self,
root_hint_subjects: &[&[u8]],
sigschemes: &[SignatureScheme],
) -> Option<Arc<CertifiedKey>>;
fn has_certs(&self) -> bool;
}
Expand description
A trait for the ability to choose a certificate chain and private key for the purposes of client authentication.
Required Methods§
sourcefn resolve(
&self,
root_hint_subjects: &[&[u8]],
sigschemes: &[SignatureScheme],
) -> Option<Arc<CertifiedKey>>
fn resolve( &self, root_hint_subjects: &[&[u8]], sigschemes: &[SignatureScheme], ) -> Option<Arc<CertifiedKey>>
Resolve a client certificate chain/private key to use as the client’s identity.
root_hint_subjects
is an optional list of certificate authority
subject distinguished names that the client can use to help
decide on a client certificate the server is likely to accept. If
the list is empty, the client should send whatever certificate it
has. The hints are expected to be DER-encoded X.500 distinguished names,
per RFC 5280 A.1. See DistinguishedName
for more information
on decoding with external crates like x509-parser
.
sigschemes
is the list of the SignatureScheme
s the server
supports.
Return None
to continue the handshake without any client
authentication. The server may reject the handshake later
if it requires authentication.