Struct rustls::client::ServerCertVerifierBuilder
source · pub struct ServerCertVerifierBuilder { /* private fields */ }
Expand description
A builder for configuring a webpki
server certificate verifier.
For more information, see the WebPkiServerVerifier
documentation.
Implementations§
source§impl ServerCertVerifierBuilder
impl ServerCertVerifierBuilder
sourcepub fn with_crls(
self,
crls: impl IntoIterator<Item = CertificateRevocationListDer<'static>>,
) -> Self
pub fn with_crls( self, crls: impl IntoIterator<Item = CertificateRevocationListDer<'static>>, ) -> Self
Verify the revocation state of presented client certificates against the provided
certificate revocation lists (CRLs). Calling with_crls
multiple times appends the
given CRLs to the existing collection.
sourcepub fn only_check_end_entity_revocation(self) -> Self
pub fn only_check_end_entity_revocation(self) -> Self
Only check the end entity certificate revocation status when using CRLs.
If CRLs are provided using with_crls
only check the end entity
certificate’s revocation status. Overrides the default behavior of checking revocation
status for each certificate in the verified chain built to a trust anchor
(excluding the trust anchor itself).
If no CRLs are provided then this setting has no effect. Neither the end entity certificate or any intermediates will have revocation status checked.
sourcepub fn allow_unknown_revocation_status(self) -> Self
pub fn allow_unknown_revocation_status(self) -> Self
Allow unknown certificate revocation status when using CRLs.
If CRLs are provided with with_crls
and it isn’t possible to
determine the revocation status of a certificate, do not treat it as an error condition.
Overrides the default behavior where unknown revocation status is considered an error.
If no CRLs are provided then this setting has no effect as revocation status checks are not performed.
sourcepub fn enforce_revocation_expiration(self) -> Self
pub fn enforce_revocation_expiration(self) -> Self
Enforce the CRL nextUpdate field (i.e. expiration)
If CRLs are provided with with_crls
and the verification time is
beyond the time in the CRL nextUpdate field, it is expired and treated as an error condition.
Overrides the default behavior where expired CRLs are not treated as an error condition.
If no CRLs are provided then this setting has no effect as revocation status checks are not performed.
sourcepub fn build(self) -> Result<Arc<WebPkiServerVerifier>, VerifierBuilderError>
pub fn build(self) -> Result<Arc<WebPkiServerVerifier>, VerifierBuilderError>
Build a server certificate verifier, allowing control over the root certificates to use as trust anchors, and to control how server certificate revocation checking is performed.
If with_signature_verification_algorithms
was not called on the builder, a default set of
signature verification algorithms is used, controlled by the selected crypto::CryptoProvider
.
Once built, the provided Arc<dyn ServerCertVerifier>
can be used with a Rustls
ServerConfig
to configure client certificate validation using
with_client_cert_verifier
.
§Errors
This function will return a VerifierBuilderError
if:
- No trust anchors have been provided.
- DER encoded CRLs have been provided that can not be parsed successfully.
Trait Implementations§
source§impl Clone for ServerCertVerifierBuilder
impl Clone for ServerCertVerifierBuilder
source§fn clone(&self) -> ServerCertVerifierBuilder
fn clone(&self) -> ServerCertVerifierBuilder
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreAuto Trait Implementations§
impl Freeze for ServerCertVerifierBuilder
impl !RefUnwindSafe for ServerCertVerifierBuilder
impl Send for ServerCertVerifierBuilder
impl Sync for ServerCertVerifierBuilder
impl Unpin for ServerCertVerifierBuilder
impl !UnwindSafe for ServerCertVerifierBuilder
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)