rustls::error

Enum CertificateError

Source 
#[non_exhaustive]
pub enum CertificateError {

Show 17 variants    BadEncoding,
    Expired,
    ExpiredContext {
        time: UnixTime,
        not_after: UnixTime,
    },
    NotValidYet,
    NotValidYetContext {
        time: UnixTime,
        not_before: UnixTime,
    },
    Revoked,
    UnhandledCriticalExtension,
    UnknownIssuer,
    UnknownRevocationStatus,
    ExpiredRevocationList,
    ExpiredRevocationListContext {
        time: UnixTime,
        next_update: UnixTime,
    },
    BadSignature,
    NotValidForName,
    NotValidForNameContext {
        expected: ServerName<'static>,
        presented: Vec<String>,
    },
    InvalidPurpose,
    ApplicationVerificationFailure,
    Other(OtherError),

}
Expand description

The ways in which certificate validators can express errors.

Note that the rustls TLS protocol code interprets specifically these error codes to send specific TLS alerts. Therefore, if a custom certificate validator uses incorrect errors the library as a whole will send alerts that do not match the standard (this is usually a minor issue, but could be misleading).

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

BadEncoding

The certificate is not correctly encoded.

§

Expired

The current time is after the notAfter time in the certificate.

§

ExpiredContext

The current time is after the notAfter time in the certificate.

This variant is semantically the same as Expired, but includes extra data to improve error reports.

Fields

§time: UnixTime

The validation time.

§not_after: UnixTime

The notAfter time of the certificate.

§

NotValidYet

The current time is before the notBefore time in the certificate.

§

NotValidYetContext

The current time is before the notBefore time in the certificate.

This variant is semantically the same as NotValidYet, but includes extra data to improve error reports.

Fields

§time: UnixTime

The validation time.

§not_before: UnixTime

The notBefore time of the certificate.

§

Revoked

The certificate has been revoked.

§

UnhandledCriticalExtension

The certificate contains an extension marked critical, but it was not processed by the certificate validator.

§

UnknownIssuer

The certificate chain is not issued by a known root certificate.

§

UnknownRevocationStatus

The certificate’s revocation status could not be determined.

§

ExpiredRevocationList

The certificate’s revocation status could not be determined, because the CRL is expired.

§

ExpiredRevocationListContext

The certificate’s revocation status could not be determined, because the CRL is expired.

This variant is semantically the same as ExpiredRevocationList, but includes extra data to improve error reports.

Fields

§time: UnixTime

The validation time.

§next_update: UnixTime

The nextUpdate time of the CRL.

§

BadSignature

A certificate is not correctly signed by the key of its alleged issuer.

§

NotValidForName

The subject names in an end-entity certificate do not include the expected name.

§

NotValidForNameContext

The subject names in an end-entity certificate do not include the expected name.

This variant is semantically the same as NotValidForName, but includes extra data to improve error reports.

Fields

§expected: ServerName<'static>

Expected server name.

§presented: Vec<String>

The names presented in the end entity certificate.

These are the subject names as present in the leaf certificate and may contain DNS names with or without a wildcard label as well as IP address names.

§

InvalidPurpose

The certificate is being used for a different purpose than allowed.

§

ApplicationVerificationFailure

The certificate is valid, but the handshake is rejected for other reasons.

§

Other(OtherError)

Any other error.

This can be used by custom verifiers to expose the underlying error (where they are not better described by the more specific errors above).

It is also used by the default verifier in case its error is not covered by the above common cases.

Enums holding this variant will never compare equal to each other.

Trait Implementations§

Source§

impl Clone for CertificateError

Source§

fn clone(&self) -> CertificateError

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for CertificateError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for CertificateError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<CertificateError> for AlertDescription

Source§

fn from(e: CertificateError) -> Self

Converts to this type from the input type.
Source§

impl From<CertificateError> for Error

Source§

fn from(e: CertificateError) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for CertificateError

Source§

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.