Struct rustls::verify::WebPkiVerifier
source · pub struct WebPkiVerifier {
roots: Arc<RootCertStore>,
ct_policy: Option<CertificateTransparencyPolicy>,
}
Expand description
Default ServerCertVerifier
, see the trait impl for more information.
Fields§
§roots: Arc<RootCertStore>
§ct_policy: Option<CertificateTransparencyPolicy>
Implementations§
source§impl WebPkiVerifier
impl WebPkiVerifier
sourcepub fn new(
roots: impl Into<Arc<RootCertStore>>,
ct_policy: Option<CertificateTransparencyPolicy>,
) -> Self
pub fn new( roots: impl Into<Arc<RootCertStore>>, ct_policy: Option<CertificateTransparencyPolicy>, ) -> Self
Constructs a new WebPkiVerifier
.
roots
is the set of trust anchors to trust for issuing server certs.
ct_logs
is the list of logs that are trusted for Certificate
Transparency. Currently CT log enforcement is opportunistic; see
https://github.com/rustls/rustls/issues/479.
sourcepub fn verification_schemes() -> Vec<SignatureScheme>
pub fn verification_schemes() -> Vec<SignatureScheme>
Returns the signature verification methods supported by webpki.
Trait Implementations§
source§impl ServerCertVerifier for WebPkiVerifier
impl ServerCertVerifier for WebPkiVerifier
source§fn verify_server_cert(
&self,
end_entity: &Certificate,
intermediates: &[Certificate],
server_name: &ServerName,
scts: &mut dyn Iterator<Item = &[u8]>,
ocsp_response: &[u8],
now: SystemTime,
) -> Result<ServerCertVerified, Error>
fn verify_server_cert( &self, end_entity: &Certificate, intermediates: &[Certificate], server_name: &ServerName, scts: &mut dyn Iterator<Item = &[u8]>, ocsp_response: &[u8], now: SystemTime, ) -> Result<ServerCertVerified, Error>
Will verify the certificate is valid in the following ways:
- Signed by a trusted
RootCertStore
CA - Not Expired
- Valid for DNS entry
source§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls12_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given server certificate. Read more
source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls13_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given server certificate. Read more
source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
Return the list of SignatureSchemes that this verifier will handle,
in
verify_tls12_signature
and verify_tls13_signature
calls. Read moresource§fn request_scts(&self) -> bool
fn request_scts(&self) -> bool
Returns
true
if Rustls should ask the server to send SCTs. Read moreAuto Trait Implementations§
impl Freeze for WebPkiVerifier
impl RefUnwindSafe for WebPkiVerifier
impl Send for WebPkiVerifier
impl Sync for WebPkiVerifier
impl Unpin for WebPkiVerifier
impl UnwindSafe for WebPkiVerifier
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more