Skip to main content

ValidationPolicy

pkix_path

Struct ValidationPolicy 

Source 
pub struct ValidationPolicy {
    pub max_path_len: u8,
    pub current_time_unix: u64,
    pub enforce_key_usage: bool,
}
Expand description

Policy parameters controlling path validation.

§Limitations

v0.1 does not enforce NameConstraints, CertificatePolicies, or PolicyMappings. Fields for these will be added in v0.2.

Fields§

§max_path_len: u8

Maximum chain depth, not counting the trust anchor. Default: 10.

A chain of [leaf] is depth 0. [leaf, intermediate, root] is depth 1 (one intermediate). Validation fails if depth exceeds this value.

§current_time_unix: u64

Current time as seconds since the Unix epoch (1970-01-01T00:00:00Z).

Used to check notBeforenownotAfter on every certificate. Must be set by the caller — there is no platform clock in no_std.

Warning — the default is 0 (1970-01-01): Any certificate issued after 1970 has notBefore > 0 and will fail the validity check with Error::ValidityPeriod. If you see unexpected ValidityPeriod errors, check that current_time_unix is set to the current time.

Warning: passing u64::MAX causes all notAfter checks to pass. This effectively disables expiry checking — only use it in contexts where you explicitly want permissive (clock-free) validation.

§enforce_key_usage: bool

Enforce the KeyUsage extension when present. Default: true.

When true, an intermediate certificate missing keyCertSign in its KeyUsage will be rejected even if BasicConstraints cA=TRUE.

Implementations§

Source§

impl ValidationPolicy

Source

pub fn new(now_unix: u64) -> Self

Construct a policy with the given time and sensible defaults.

Equivalent to ValidationPolicy { current_time_unix: now_unix, ..Default::default() }. This is the preferred constructor: it forces the caller to supply a timestamp, preventing the silent validity failures caused by Default’s current_time_unix = 0.

Trait Implementations§

Source§

impl Clone for ValidationPolicy

Source§

fn clone(&self) -> ValidationPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ValidationPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ValidationPolicy

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V