pub trait TlsVerifier<CipherSuite>where
CipherSuite: TlsCipherSuite,{
// Required methods
fn set_hostname_verification(
&mut self,
hostname: &str,
) -> Result<(), TlsError>;
fn verify_certificate(
&mut self,
transcript: &CipherSuite::Hash,
ca: &Option<Certificate<'_>>,
cert: CertificateRef<'_>,
) -> Result<(), TlsError>;
fn verify_signature(
&mut self,
verify: CertificateVerifyRef<'_>,
) -> Result<(), TlsError>;
}Expand description
A TLS 1.3 verifier.
The verifier is responsible for verifying certificates and signatures. Since certificate verification is an expensive process, this trait allows clients to choose how much verification should take place, and also to skip the verification if the server is verified through other means (I.e. a pre-shared key).
Required Methods§
Sourcefn set_hostname_verification(&mut self, hostname: &str) -> Result<(), TlsError>
fn set_hostname_verification(&mut self, hostname: &str) -> Result<(), TlsError>
Host verification is enabled by passing a server hostname.
Sourcefn verify_certificate(
&mut self,
transcript: &CipherSuite::Hash,
ca: &Option<Certificate<'_>>,
cert: CertificateRef<'_>,
) -> Result<(), TlsError>
fn verify_certificate( &mut self, transcript: &CipherSuite::Hash, ca: &Option<Certificate<'_>>, cert: CertificateRef<'_>, ) -> Result<(), TlsError>
Verify a certificate.
The handshake transcript up to this point and the server certificate is provided for the implementation to use.
Sourcefn verify_signature(
&mut self,
verify: CertificateVerifyRef<'_>,
) -> Result<(), TlsError>
fn verify_signature( &mut self, verify: CertificateVerifyRef<'_>, ) -> Result<(), TlsError>
Verify the certificate signature.
The signature verification uses the transcript and certificate provided earlier to decode the provided signature.