pub enum CertificateValidationOptions {
None,
Full,
Partial,
}
Expand description
Certificate validation options
Variants§
None
No validation is performed on the certificate provided by the server.
This disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors, and its use on production clusters is strongly discouraged.
Full
Full validation of the certificate, which validates that the certificate provided by the server is signed by a trusted Certificate Authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified by the CommonName (CN) or Subject Alternative Name (SAN) within the certificate.
This is useful for self-signed certificates generated by your own CA, where the certificate contains the CommonName (CN) or a Subject Alternative Name (SAN) that matches the server hostname.
Typically, the certificate provided to the client is the Certificate Authority (CA) used to sign the certificate used by the server.
Partial
Validates that the certificate provided by the server is signed by a trusted Certificate Authority (CA), but does not perform hostname verification.
This is useful for self-signed certificates generated by your own CA that do not contain the CommonName (CN) or a Subject Alternative Name (SAN) that matches the server hostname.
Typically, the certificate provided to the client will be the Certificate Authority (CA) used to sign the certificate used by the server.
§Optional
This requires the native-tls
feature to be enabled.
Trait Implementations§
source§impl Clone for CertificateValidationOptions
impl Clone for CertificateValidationOptions
source§fn clone(&self) -> CertificateValidationOptions
fn clone(&self) -> CertificateValidationOptions
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more