Enum Error 

#[non_exhaustive]
pub enum Error {
    Revoked {
        serial: SerialNumber,
        reason_code: Option<CrlReason>,
    },
    CrlExpired,
    CrlIssuerMismatch,
    CrlSignatureInvalid,
    CrlParseError(Error),
    OcspSignatureInvalid,
    OcspStatusUnknown,
    OcspParseError(Error),
    OcspMalformed,
    CrlSignMissing,
    DeltaCrlBaseMismatch,
    CrlNumberMismatch,
}

Errors returned by revocation checking.

Variants (Non-exhaustive)

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

Revoked

The certificate has been revoked.

Fields

serial: SerialNumber

Serial number of the revoked certificate (for logging/diagnostics).

reason_code: Option<CrlReason>

RFC 5280 §5.3.1 reason code from the CRL/OCSP entry, if present. None means no reason code was provided.

CrlExpired

The CRL validity window check failed.

This covers two cases:

• now < thisUpdate: the CRL is not yet valid (clock skew or future-dated CRL)
• now > nextUpdate: the CRL has expired
• nextUpdate absent: treated as expired (no expiry information means stale)

CrlIssuerMismatch

The CRL issuer name does not match the certificate’s issuer.

The CRL’s issuer field must match the certificate’s issuer field for the CRL to apply to that certificate. A mismatch indicates the wrong CRL was provided.

CrlSignatureInvalid

The CRL signature did not verify against the issuer’s SPKI.

CrlParseError(Error)

DER decoding of a CRL failed.

OcspSignatureInvalid

An OCSP response signature did not verify against the responder’s key.

OcspStatusUnknown

The OCSP responder returned an unknown status (hard-fail mode).

OcspParseError(Error)

DER decoding of an OCSP response failed.

OcspMalformed

The OCSP response is structurally invalid per RFC 6960 but DER-decodable.

Currently returned in two cases:

• responseBytes is absent in a Successful response (RFC 6960 §4.2.1)
• responseType is not id-pkix-ocsp-basic (unrecognized response format)

CrlSignMissing

The CRL issuer certificate does not have the cRLSign bit set in KeyUsage (RFC 5280 §6.3.3(f)).

DeltaCrlBaseMismatch

A delta CRL was supplied but no base CRL is available, or the delta’s BaseCRLNumber does not match the base CRL’s CRLNumber.

CrlNumberMismatch

The CRL’s CRL number is lower than expected (base CRL must have a number ≥ the delta’s BaseCRLNumber).

Trait Implementations

impl Clone for Error

fn clone(&self) -> Error

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Error

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Display for Error

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Error for Error

Available on crate feature std only.

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any.

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)

Provides type-based access to context intended for error reports.

impl PartialEq for Error

fn eq(&self, other: &Error) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Error

impl StructuralPartialEq for Error