Struct rustls::sign::CertifiedKey[][src]

pub struct CertifiedKey {
    pub cert: Vec<Certificate>,
    pub key: Arc<Box<SigningKey>>,
    pub ocsp: Option<Vec<u8>>,
    pub sct_list: Option<Vec<u8>>,
}

A packaged-together certificate chain, matching SigningKey and optional stapled OCSP response and/or SCT.

Fields

The certificate chain.

The certified key.

An optional OCSP response from the certificate issuer, attesting to its continued validity.

An optional collection of SCTs from CT logs, proving the certificate is included on those logs. This must be a SignedCertificateTimestampList encoding; see RFC6962.

Methods

impl CertifiedKey
[src]

Make a new CertifiedKey, with the given chain and key.

The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.

The end-entity certificate.

Steal ownership of the certificate chain.

Return true if there's an OCSP response.

Steal ownership of the OCSP response.

Return true if there's an SCT list.

Steal ownership of the SCT list.

Check the certificate chain for validity:

  • it should be non-empty list
  • the first certificate should be parsable as a x509v3,
  • the first certificate should quote the given server name (if provided)

These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.

Trait Implementations

impl Clone for CertifiedKey
[src]

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Auto Trait Implementations