Trait TlsVerifier

Source

pub trait TlsVerifier<CipherSuite>where
    CipherSuite: TlsCipherSuite,{
    // Required methods
    fn set_hostname_verification(
        &mut self,
        hostname: &str,
    ) -> Result<(), TlsError>;
    fn verify_certificate(
        &mut self,
        transcript: &CipherSuite::Hash,
        cert: CertificateRef<'_>,
    ) -> Result<(), TlsError>;
    fn verify_signature(
        &mut self,
        verify: CertificateVerifyRef<'_>,
    ) -> Result<(), TlsError>;
}

Expand description

A TLS 1.3 verifier.

The verifier is responsible for verifying certificates and signatures. Since certificate verification is an expensive process, this trait allows clients to choose how much verification should take place, and also to skip the verification if the server is verified through other means (I.e. a pre-shared key).

Required Methods§

Source

fn set_hostname_verification(&mut self, hostname: &str) -> Result<(), TlsError>

Host verification is enabled by passing a server hostname.

Source

fn verify_certificate( &mut self, transcript: &CipherSuite::Hash, cert: CertificateRef<'_>, ) -> Result<(), TlsError>

Verify a certificate.

The handshake transcript up to this point and the server certificate is provided for the implementation to use. The verifier is responsible for resolving the CA certificate internally.

Source

fn verify_signature( &mut self, verify: CertificateVerifyRef<'_>, ) -> Result<(), TlsError>

Verify the certificate signature.

The signature verification uses the transcript and certificate provided earlier to decode the provided signature.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§

Source §

impl<CipherSuite, Clock, const CERT_SIZE: usize> TlsVerifier<CipherSuite> for embedded_tls::webpki::CertVerifier<'_, CipherSuite, Clock, CERT_SIZE>
where CipherSuite: TlsCipherSuite, Clock: TlsClock,

Available on crate feature webpki only.

Source §

impl<CipherSuite, Clock, const CERT_SIZE: usize> TlsVerifier<CipherSuite> for embedded_tls::pki::CertVerifier<'_, CipherSuite, Clock, CERT_SIZE>
where CipherSuite: TlsCipherSuite, Clock: TlsClock,

Available on crate feature rustpki only.

Source §

TlsVerifier

Trait TlsVerifier Copy item path

Required Methods§

fn set_hostname_verification(&mut self, hostname: &str) -> Result<(), TlsError>

fn verify_certificate( &mut self, transcript: &CipherSuite::Hash, cert: CertificateRef<'_>, ) -> Result<(), TlsError>

fn verify_signature( &mut self, verify: CertificateVerifyRef<'_>, ) -> Result<(), TlsError>

Dyn Compatibility§

Implementors§

impl<CipherSuite, Clock, const CERT_SIZE: usize> TlsVerifier<CipherSuite> for embedded_tls::webpki::CertVerifier<'_, CipherSuite, Clock, CERT_SIZE>where CipherSuite: TlsCipherSuite, Clock: TlsClock,

impl<CipherSuite, Clock, const CERT_SIZE: usize> TlsVerifier<CipherSuite> for embedded_tls::pki::CertVerifier<'_, CipherSuite, Clock, CERT_SIZE>where CipherSuite: TlsCipherSuite, Clock: TlsClock,

impl<CipherSuite> TlsVerifier<CipherSuite> for NoVerifywhere CipherSuite: TlsCipherSuite,

Trait TlsVerifier

impl<CipherSuite, Clock, const CERT_SIZE: usize> TlsVerifier<CipherSuite> for embedded_tls::webpki::CertVerifier<'_, CipherSuite, Clock, CERT_SIZE>
where CipherSuite: TlsCipherSuite, Clock: TlsClock,

impl<CipherSuite, Clock, const CERT_SIZE: usize> TlsVerifier<CipherSuite> for embedded_tls::pki::CertVerifier<'_, CipherSuite, Clock, CERT_SIZE>
where CipherSuite: TlsCipherSuite, Clock: TlsClock,

impl<CipherSuite> TlsVerifier<CipherSuite> for NoVerify
where CipherSuite: TlsCipherSuite,