Enum OutOfScopeReason 

#[non_exhaustive]
pub enum OutOfScopeReason {
    CrlOnlyAttributeCerts,
    CrlOnlyUserCerts,
    CrlOnlyCaCerts,
    CrlIdpDistributionPointMismatch,
}

Reason a revocation check produced no determination.

Carried by Error::OutOfScope to identify which scope-mismatch case the checker hit. Distinct from Crl*Error (parse / signature / validity failures): an OutOfScope outcome is structurally well-formed but the revocation source’s stated scope excludes the certificate being checked.

Hard-fail callers should treat any OutOfScope as a failure (no revocation determination was made). Soft-fail callers can match on the reason and decide which scopes to tolerate (for example, treating CrlOnlyAttributeCerts as “expected and tolerable” while still hard-failing on CrlOnlyCaCerts when checking a CA certificate).

Variants (Non-exhaustive)

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

CrlOnlyAttributeCerts

The CRL’s IssuingDistributionPoint extension has onlyContainsAttributeCerts = true. Attribute-certificate revocation is out of scope for pkix-revocation (RFC 5755 attribute certificates are handled by pkix-ac); the certificate being checked is a public-key certificate, so the CRL cannot apply.

CrlOnlyUserCerts

The CRL’s IssuingDistributionPoint extension has onlyContainsUserCerts = true but the certificate being checked is a CA certificate (BasicConstraints cA = TRUE).

CrlOnlyCaCerts

The CRL’s IssuingDistributionPoint extension has onlyContainsCACerts = true but the certificate being checked is not a CA certificate.

CrlIdpDistributionPointMismatch

The CRL’s IssuingDistributionPoint distributionPoint field does not match (or is incompatible with) any of the certificate’s cRLDistributionPoints extension entries (RFC 5280 §6.3.3(b)(1)).

This case covers two sub-conditions, which are not distinguished in the public API to avoid leaking implementation detail:

1. The CRL’s IDP names a specific distribution point but the certificate carries no cRLDistributionPoints extension at all.
2. Both sides name distribution points but no entry in the certificate’s CDP resolves to a name that intersects the IDP’s distributionPoint name.

Hard-fail callers should treat this exactly like the other OutOfScope reasons: the CRL is structurally well-formed but does not cover the certificate, and a separate CRL/OCSP source must be consulted.

Trait Implementations

impl Clone for OutOfScopeReason

fn clone(&self) -> OutOfScopeReason

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Copy for OutOfScopeReason

impl Debug for OutOfScopeReason

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for OutOfScopeReason

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for OutOfScopeReason

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Eq for OutOfScopeReason

impl Hash for OutOfScopeReason

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for OutOfScopeReason

fn eq(&self, other: &OutOfScopeReason) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for OutOfScopeReason

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for OutOfScopeReason