pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl(
cert: &ParsedCertificate<'_>,
roots: &RootCertStore,
intermediates: &[CertificateDer<'_>],
revocation: Option<RevocationOptions<'_>>,
now: UnixTime,
supported_algs: &[&dyn SignatureVerificationAlgorithm],
) -> Result<(), Error>Expand description
Verify that the end-entity certificate end_entity is a valid server cert
and chains to at least one of the trust anchors in the roots RootCertStore.
intermediates contains all certificates other than end_entity that
were sent as part of the server’s Certificate message. It is in the
same order that the server sent them and may be empty.
revocation controls how revocation checking is performed, if at all.
This function exists to be used by verify_server_cert_signed_by_trust_anchor,
and differs only in providing a Option<webpki::RevocationOptions> argument. We
can’t include this argument in verify_server_cert_signed_by_trust_anchor because
it will leak the webpki types into Rustls’ public API.