Structsยง
- A
ClientCertVerifierthat will allow both anonymous and authenticated clients, without any name checking. - A
ClientCertVerifierthat will ensure that every client provides a trusted certificate, without any name checking. Optionally, client certificates will have their revocation status checked using the DER encoded CRLs provided. - Policy for enforcing Certificate Transparency.
- Zero-sized marker type representing verification of a client cert chain.
- This type combines a
SignatureSchemeand a signature payload produced with that scheme. - Zero-sized marker type representing verification of a signature.
- Turns off client authentication.
- Zero-sized marker type representing verification of a server cert chain.
- An unparsed DER encoded Certificate Revocation List (CRL).
- Default
ServerCertVerifier, see the trait impl for more information.
Staticsยง
- ECDSA_SHA256 ๐
- ECDSA_SHA384 ๐
- ED25519 ๐
- RSA_PSS_SHA256 ๐
- RSA_PSS_SHA384 ๐
- RSA_PSS_SHA512 ๐
- RSA_SHA256 ๐
- RSA_SHA384 ๐
- RSA_SHA512 ๐
- SUPPORTED_SIG_ALGS ๐Which signature verification mechanisms we support. No particular order.
Traitsยง
- Something that can verify a client certificate chain
- Something that can verify a server certificate chain, and verify signatures made by certificates.
Functionsยง
- Constructs the signature message specified in section 4.4.3 of RFC8446.
- Constructs the signature message specified in section 4.4.3 of RFC8446.
- convert_alg_tls13 ๐
- convert_scheme ๐
- intermediate_chain ๐
- pki_error ๐
- trust_roots ๐
- unix_time_millis ๐
- Verify that the end-entity certificate
end_entityis a valid server cert and chains to at least one of the OwnedTrustAnchor in therootsRootCertStore. - Verify that the
end_entityhas a name or alternative name matching theserver_namenote: this only verifies the name and should be used in conjuction with more verification like verify_server_cert_signed_by_trust_anchor - verify_signed_struct ๐
- verify_tls13 ๐
Type Aliasesยง
- SignatureAlgorithms ๐