Expand description
Certificate fingerprint pinning for QUIC/TLS connections.
This module provides CertPinStore, which supports three pin policies:
- TrustOnFirstUse (TOFU): Accept and pin unknown peers on first contact.
- Strict: Reject peers whose certificates are not pre-registered.
- Observe: Always accept but count mismatches for monitoring.
Structs§
- Cert
Fingerprint - SHA-256 fingerprint of a peer’s TLS certificate (32 bytes, hex-encoded).
- Cert
PinStore - Thread-safe store for peer certificate fingerprint pins.
- Peer
Cert Pin - A pinned certificate entry for one peer.
Enums§
- PinPolicy
- Pin policy for certificate verification.
- Verification
Result - Result of a certificate verification attempt.