pub struct Verifier { /* private fields */ }
Expand description
A TLS certificate verifier that uses the system’s root store and WebPKI.
Implementations§
Source§impl Verifier
impl Verifier
Sourcepub fn new() -> Self
pub fn new() -> Self
Creates a new verifier whose certificate validation is provided by WebPKI, using root certificates provided by the platform.
A CryptoProvider
must be set with
set_provider
/with_provider
or
CryptoProvider::install_default
before the verifier can be used.
Sourcepub fn new_with_extra_roots(
roots: impl IntoIterator<Item = CertificateDer<'static>>,
) -> Result<Self, TlsError>
pub fn new_with_extra_roots( roots: impl IntoIterator<Item = CertificateDer<'static>>, ) -> Result<Self, TlsError>
Creates a new verifier whose certificate validation is provided by WebPKI, using root certificates provided by the platform and augmented by the provided extra root certificates.
Source§impl Verifier
impl Verifier
Sourcepub fn with_provider(self, crypto_provider: Arc<CryptoProvider>) -> Self
pub fn with_provider(self, crypto_provider: Arc<CryptoProvider>) -> Self
Chainable setter to configure the CryptoProvider
for this Verifier
.
This will be used instead of the rustls processs-default CryptoProvider
, even if one has
been installed.
Sourcepub fn set_provider(&mut self, crypto_provider: Arc<CryptoProvider>)
pub fn set_provider(&mut self, crypto_provider: Arc<CryptoProvider>)
Configures the CryptoProvider
for this Verifier
.
This will be used instead of the rustls processs-default CryptoProvider
, even if one has
been installed.
Trait Implementations§
Source§impl ServerCertVerifier for Verifier
impl ServerCertVerifier for Verifier
Source§fn verify_server_cert(
&self,
end_entity: &CertificateDer<'_>,
intermediates: &[CertificateDer<'_>],
server_name: &ServerName<'_>,
ocsp_response: &[u8],
now: UnixTime,
) -> Result<ServerCertVerified, TlsError>
fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result<ServerCertVerified, TlsError>
end_entity
is valid for the
hostname dns_name
and chains to at least one trust anchor. Read moreSource§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, TlsError>
fn verify_tls12_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, TlsError>
Source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, TlsError>
fn verify_tls13_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, TlsError>
Source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
verify_tls12_signature
and verify_tls13_signature
calls. Read more