pub trait AllowConnection:
Debug
+ Send
+ Sync
+ 'static {
// Required method
fn allow_public_key(
&self,
key: SubjectPublicKeyInfoDer<'_>,
now: UnixTime,
) -> Result<(), CertificateError>;
// Provided method
fn require_client_auth(&self) -> bool { ... }
}Expand description
The “allower” trait, which defines a peer trust policy.
Required Methods§
Sourcefn allow_public_key(
&self,
key: SubjectPublicKeyInfoDer<'_>,
now: UnixTime,
) -> Result<(), CertificateError>
fn allow_public_key( &self, key: SubjectPublicKeyInfoDer<'_>, now: UnixTime, ) -> Result<(), CertificateError>
Given a public key, determine whether a connection (peer) should be allowed.
Return Ok(()) to allow the peer to connect (or be connected to), and Err(_) to reject
the peer. You should select an appropriate CertificateError; if in doubt, use
ApplicationVerificationFailure.
now provides a normalised timestamp from within the TLS machinery, which can be used for
consistent calculations if time is a relevant decision factor.
Provided Methods§
Sourcefn require_client_auth(&self) -> bool
fn require_client_auth(&self) -> bool
Whether incoming peers need to provide a certificate.
This is true by default, and is the expectation in Mushi applications. In certain
use-cases, allowing “anonymous” clients may be necessary; take care to implement your own
authorisation layer as required.