Structsยง
- A
ClientCertVerifier
that will allow both anonymous and authenticated clients, without any name checking. - A
ClientCertVerifier
that will ensure that every client provides a trusted certificate, without any name checking. Optionally, client certificates will have their revocation status checked using the DER encoded CRLs provided. - Policy for enforcing Certificate Transparency.
- Zero-sized marker type representing verification of a client cert chain.
- This type combines a
SignatureScheme
and a signature payload produced with that scheme. - Zero-sized marker type representing verification of a signature.
- Turns off client authentication.
- Zero-sized marker type representing verification of a server cert chain.
- An unparsed DER encoded Certificate Revocation List (CRL).
- Default
ServerCertVerifier
, see the trait impl for more information.
Staticsยง
- ECDSA_SHA256 ๐
- ECDSA_SHA384 ๐
- ED25519 ๐
- RSA_PSS_SHA256 ๐
- RSA_PSS_SHA384 ๐
- RSA_PSS_SHA512 ๐
- RSA_SHA256 ๐
- RSA_SHA384 ๐
- RSA_SHA512 ๐
- SUPPORTED_SIG_ALGS ๐Which signature verification mechanisms we support. No particular order.
Traitsยง
- Something that can verify a client certificate chain
- Something that can verify a server certificate chain, and verify signatures made by certificates.
Functionsยง
- Constructs the signature message specified in section 4.4.3 of RFC8446.
- Constructs the signature message specified in section 4.4.3 of RFC8446.
- convert_alg_tls13 ๐
- convert_scheme ๐
- intermediate_chain ๐
- pki_error ๐
- trust_roots ๐
- unix_time_millis ๐
- Verify that the end-entity certificate
end_entity
is a valid server cert and chains to at least one of the OwnedTrustAnchor in theroots
RootCertStore. - Verify that the
end_entity
has a name or alternative name matching theserver_name
note: this only verifies the name and should be used in conjuction with more verification like verify_server_cert_signed_by_trust_anchor - verify_signed_struct ๐
- verify_tls13 ๐
Type Aliasesยง
- SignatureAlgorithms ๐