Struct rustls::verify::AllowAnyAuthenticatedClient
source · pub struct AllowAnyAuthenticatedClient {
roots: RootCertStore,
subjects: Vec<DistinguishedName>,
crls: Vec<OwnedCertRevocationList>,
}
Expand description
A ClientCertVerifier
that will ensure that every client provides a trusted
certificate, without any name checking. Optionally, client certificates will
have their revocation status checked using the DER encoded CRLs provided.
Fields§
§roots: RootCertStore
§subjects: Vec<DistinguishedName>
§crls: Vec<OwnedCertRevocationList>
Implementations§
source§impl AllowAnyAuthenticatedClient
impl AllowAnyAuthenticatedClient
sourcepub fn new(roots: RootCertStore) -> Self
pub fn new(roots: RootCertStore) -> Self
Construct a new AllowAnyAuthenticatedClient
.
roots
is the list of trust anchors to use for certificate validation.
sourcepub fn with_crls(
self,
crls: impl IntoIterator<Item = UnparsedCertRevocationList>,
) -> Result<Self, CertRevocationListError>
pub fn with_crls( self, crls: impl IntoIterator<Item = UnparsedCertRevocationList>, ) -> Result<Self, CertRevocationListError>
Update the verifier to validate client certificates against the provided DER format unparsed certificate revocation lists (CRLs).
sourcepub fn boxed(self) -> Arc<dyn ClientCertVerifier>
pub fn boxed(self) -> Arc<dyn ClientCertVerifier>
Wrap this verifier in an Arc
and coerce it to dyn ClientCertVerifier
Trait Implementations§
source§impl ClientCertVerifier for AllowAnyAuthenticatedClient
impl ClientCertVerifier for AllowAnyAuthenticatedClient
source§fn offer_client_auth(&self) -> bool
fn offer_client_auth(&self) -> bool
Returns
true
to enable the server to request a client certificate and
false
to skip requesting a client certificate. Defaults to true
.source§fn client_auth_root_subjects(&self) -> &[DistinguishedName]
fn client_auth_root_subjects(&self) -> &[DistinguishedName]
source§fn verify_client_cert(
&self,
end_entity: &Certificate,
intermediates: &[Certificate],
now: SystemTime,
) -> Result<ClientCertVerified, Error>
fn verify_client_cert( &self, end_entity: &Certificate, intermediates: &[Certificate], now: SystemTime, ) -> Result<ClientCertVerified, Error>
Verify the end-entity certificate
end_entity
is valid, acceptable,
and chains to at least one of the trust anchors trusted by
this verifier. Read moresource§fn client_auth_mandatory(&self) -> bool
fn client_auth_mandatory(&self) -> bool
Return
true
to require a client certificate and false
to make
client authentication optional.
Defaults to Some(self.offer_client_auth())
.source§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls12_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given client certificate. Read more
source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls13_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given client certificate. Read more
source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
Return the list of SignatureSchemes that this verifier will handle,
in
verify_tls12_signature
and verify_tls13_signature
calls. Read moreAuto Trait Implementations§
impl Freeze for AllowAnyAuthenticatedClient
impl RefUnwindSafe for AllowAnyAuthenticatedClient
impl Send for AllowAnyAuthenticatedClient
impl Sync for AllowAnyAuthenticatedClient
impl Unpin for AllowAnyAuthenticatedClient
impl UnwindSafe for AllowAnyAuthenticatedClient
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more