Structsยง
- A
ClientCertVerifierthat will allow both anonymous and authenticated clients, without any name checking. - A
ClientCertVerifierthat will ensure that every client provides a trusted certificate, without any name checking. Optionally, client certificates will have their revocation status checked using the DER encoded CRLs provided. - Policy for enforcing Certificate Transparency.
- Zero-sized marker type representing verification of a client cert chain.
- This type combines a
SignatureSchemeand a signature payload produced with that scheme. - Zero-sized marker type representing verification of a signature.
- Turns off client authentication.
- Zero-sized marker type representing verification of a server cert chain.
- An unparsed DER encoded Certificate Revocation List (CRL).
- Default
ServerCertVerifier, see the trait impl for more information.
Staticsยง
- ECDS
A_ ๐SHA256 - ECDS
A_ ๐SHA384 - ED25519 ๐
- RSA_
PSS_ ๐SHA256 - RSA_
PSS_ ๐SHA384 - RSA_
PSS_ ๐SHA512 - RSA_
SHA256 ๐ - RSA_
SHA384 ๐ - RSA_
SHA512 ๐ - SUPPORTE
D_ ๐SIG_ ALGS Which signature verification mechanisms we support. No particular order.
Traitsยง
- Something that can verify a client certificate chain
- Something that can verify a server certificate chain, and verify signatures made by certificates.
Functionsยง
- Constructs the signature message specified in section 4.4.3 of RFC8446.
- Constructs the signature message specified in section 4.4.3 of RFC8446.
- convert_
alg_ ๐tls13 - convert_
scheme ๐ - intermediate_
chain ๐ - pki_
error ๐ - trust_
roots ๐ - unix_
time_ ๐millis - Verify that the end-entity certificate
end_entityis a valid server cert and chains to at least one of the OwnedTrustAnchor in therootsRootCertStore. - Verify that the
end_entityhas a name or alternative name matching theserver_namenote: this only verifies the name and should be used in conjuction with more verification like verify_server_cert_signed_by_trust_anchor - verify_
signed_ ๐struct - verify_
tls13 ๐
Type Aliasesยง
- Signature
Algorithms ๐