Struct rustls::sign::CertifiedKey [−][src]
pub struct CertifiedKey { pub cert: Vec<Certificate>, pub key: Arc<Box<SigningKey>>, pub ocsp: Option<Vec<u8>>, pub sct_list: Option<Vec<u8>>, }
A packaged-together certificate chain, matching SigningKey
and
optional stapled OCSP response and/or SCT.
Fields
cert: Vec<Certificate>
The certificate chain.
key: Arc<Box<SigningKey>>
The certified key.
ocsp: Option<Vec<u8>>
An optional OCSP response from the certificate issuer, attesting to its continued validity.
sct_list: Option<Vec<u8>>
An optional collection of SCTs from CT logs, proving the
certificate is included on those logs. This must be
a SignedCertificateTimestampList
encoding; see RFC6962.
Methods
impl CertifiedKey
[src]
impl CertifiedKey
pub fn new(cert: Vec<Certificate>, key: Arc<Box<SigningKey>>) -> CertifiedKey
[src]
pub fn new(cert: Vec<Certificate>, key: Arc<Box<SigningKey>>) -> CertifiedKey
Make a new CertifiedKey, with the given chain and key.
The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.
pub fn end_entity_cert(&self) -> Result<&Certificate, ()>
[src]
pub fn end_entity_cert(&self) -> Result<&Certificate, ()>
The end-entity certificate.
pub fn take_cert(&mut self) -> Vec<Certificate>
[src]
pub fn take_cert(&mut self) -> Vec<Certificate>
Steal ownership of the certificate chain.
pub fn has_ocsp(&self) -> bool
[src]
pub fn has_ocsp(&self) -> bool
Return true if there's an OCSP response.
pub fn take_ocsp(&mut self) -> Option<Vec<u8>>
[src]
pub fn take_ocsp(&mut self) -> Option<Vec<u8>>
Steal ownership of the OCSP response.
pub fn has_sct_list(&self) -> bool
[src]
pub fn has_sct_list(&self) -> bool
Return true if there's an SCT list.
pub fn take_sct_list(&mut self) -> Option<Vec<u8>>
[src]
pub fn take_sct_list(&mut self) -> Option<Vec<u8>>
Steal ownership of the SCT list.
pub fn cross_check_end_entity_cert(
&self,
name: Option<DNSNameRef>
) -> Result<(), TLSError>
[src]
pub fn cross_check_end_entity_cert(
&self,
name: Option<DNSNameRef>
) -> Result<(), TLSError>
Check the certificate chain for validity:
- it should be non-empty list
- the first certificate should be parsable as a x509v3,
- the first certificate should quote the given server name (if provided)
These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.
Trait Implementations
impl Clone for CertifiedKey
[src]
impl Clone for CertifiedKey
fn clone(&self) -> CertifiedKey
[src]
fn clone(&self) -> CertifiedKey
Returns a copy of the value. Read more
fn clone_from(&mut self, source: &Self)
1.0.0[src]
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
Auto Trait Implementations
impl Send for CertifiedKey
impl Send for CertifiedKey
impl Sync for CertifiedKey
impl Sync for CertifiedKey