Struct RefreshableServerCertVerifier 

pub struct RefreshableServerCertVerifier { /* private fields */ }

Upstream-side counterpart. Reuses a cached WebPkiServerVerifier across handshakes when the CRL snapshot’s Arc identity is unchanged; rebuilds only after a refresh swaps the underlying bytes.

Implementations

impl RefreshableServerCertVerifier

pub fn new( cache: Arc<CrlCache>, sources: Vec<CrlSourceId>, cas: Arc<RootCertStore>, ) -> Arc<Self>

Trait Implementations

impl Debug for RefreshableServerCertVerifier

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ServerCertVerifier for RefreshableServerCertVerifier

fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result<ServerCertVerified, Error>

Verify the end-entity certificate end_entity is valid for the hostname dns_name and chains to at least one trust anchor.

fn verify_tls12_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate.

fn verify_tls13_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

Verify a signature allegedly by the given server certificate.

fn supported_verify_schemes(&self) -> Vec<SignatureScheme>

Return the list of SignatureSchemes that this verifier will handle, in verify_tls12_signature and verify_tls13_signature calls.

fn requires_raw_public_keys(&self) -> bool

Returns whether this verifier requires raw public keys as defined in RFC 7250.

fn root_hint_subjects(&self) -> Option<&[DistinguishedName]>

Return the DistinguishedNames of certificate authorities that this verifier trusts.