Enum CertRevocationList

pub enum CertRevocationList<'a> {
    Owned(OwnedCertRevocationList),
    Borrowed(BorrowedCertRevocationList<'a>),
}

A RFC 5280¹ profile Certificate Revocation List (CRL).

May be either an owned, or a borrowed representation.

---

1. https://www.rfc-editor.org/rfc/rfc5280#section-5 ↩

Variants

Owned(OwnedCertRevocationList)

An owned representation of a CRL.

Borrowed(BorrowedCertRevocationList<'a>)

A borrowed representation of a CRL.

Implementations

impl CertRevocationList<'_>

pub fn issuer(&self) -> &[u8]

Return the DER encoded issuer of the CRL.

pub fn issuing_distribution_point(&self) -> Option<&[u8]>

Return the DER encoded issuing distribution point of the CRL, if any.

pub fn find_serial( &self, serial: &[u8], ) -> Result<Option<BorrowedRevokedCert<'_>>, Error>

Try to find a revoked certificate in the CRL by DER encoded serial number. This may yield an error if the CRL has malformed revoked certificates.

pub(crate) fn authoritative(&self, path: &PathNode<'_>) -> bool

Returns true if the CRL can be considered authoritative for the given certificate.

A CRL is considered authoritative for a certificate when:

• The certificate issuer matches the CRL issuer and,
  • The certificate has no CRL distribution points, and the CRL has no issuing distribution point extension.
  • Or, the certificate has no CRL distribution points, but the the CRL has an issuing distribution point extension with a scope that includes the certificate.
  • Or, the certificate has CRL distribution points, and the CRL has an issuing distribution point extension with a scope that includes the certificate, and at least one distribution point full name is a URI type general name that can also be found in the CRL issuing distribution point full name general name sequence.
  • Or, the certificate has CRL distribution points, and the CRL has no issuing distribution point extension.

In all other circumstances the CRL is not considered authoritative.

pub(crate) fn verify_signature( &self, supported_sig_algs: &[&dyn SignatureVerificationAlgorithm], issuer_spki: Input<'_>, budget: &mut Budget, ) -> Result<(), Error>

Verify the CRL signature using the issuer certificate and a list of supported signature verification algorithms, consuming signature operations from the Budget.

pub(crate) fn check_expiration(&self, time: UnixTime) -> Result<(), Error>

Checks the verification time is before the time in the CRL nextUpdate field.

Trait Implementations

impl<'a> Debug for CertRevocationList<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> From<BorrowedCertRevocationList<'a>> for CertRevocationList<'a>

fn from(crl: BorrowedCertRevocationList<'a>) -> Self

Converts to this type from the input type.

impl From<OwnedCertRevocationList> for CertRevocationList<'_>

fn from(crl: OwnedCertRevocationList) -> Self

Converts to this type from the input type.