Struct rustls_pin::PinnedServerCertVerifier [−][src]
A struct for TLS clients to verify the server’s certificate. Implements certificate pinning. It accepts the server’s certificate if it is identical to any of the certificates in the struct.
The rustls library has an open issue to add something like this: “Implement support for certificate pinning” https://github.com/ctz/rustls/issues/227
Example
use std::net::TcpStream; use std::sync::Arc; use rustls_pin::{ arbitrary_dns_name, PinnedServerCertVerifier }; let mut tcp_stream = TcpStream::connect(addr).unwrap(); let mut config = rustls::ClientConfig::new(); config.dangerous().set_certificate_verifier( Arc::new( PinnedServerCertVerifier::new(vec![ server_cert1, server_cert2 ]), ) ); let mut session = rustls::ClientSession::new( &Arc::new(config), arbitrary_dns_name().as_ref() ); let mut stream = rustls::Stream::new( &mut session, &mut tcp_stream);
Implementations
impl<T> PinnedServerCertVerifier<T> where
T: AsRef<[Certificate]> + Send + Sync,
[src]
T: AsRef<[Certificate]> + Send + Sync,
Trait Implementations
impl<T> ServerCertVerifier for PinnedServerCertVerifier<T> where
T: AsRef<[Certificate]> + Send + Sync,
[src]
T: AsRef<[Certificate]> + Send + Sync,
fn verify_server_cert(
&self,
_roots: &RootCertStore,
presented_certs: &[Certificate],
_dns_name: DNSNameRef<'_>,
_ocsp_response: &[u8]
) -> Result<ServerCertVerified, TLSError>
[src]
&self,
_roots: &RootCertStore,
presented_certs: &[Certificate],
_dns_name: DNSNameRef<'_>,
_ocsp_response: &[u8]
) -> Result<ServerCertVerified, TLSError>
pub fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
[src]
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
pub fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
[src]
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
pub fn supported_verify_schemes(&self) -> Vec<SignatureScheme, Global>
[src]
Auto Trait Implementations
impl<T> RefUnwindSafe for PinnedServerCertVerifier<T> where
T: RefUnwindSafe,
T: RefUnwindSafe,
impl<T> Send for PinnedServerCertVerifier<T>
impl<T> Sync for PinnedServerCertVerifier<T>
impl<T> Unpin for PinnedServerCertVerifier<T> where
T: Unpin,
T: Unpin,
impl<T> UnwindSafe for PinnedServerCertVerifier<T> where
T: UnwindSafe,
T: UnwindSafe,
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,