A packaged-together certificate chain, matching SigningKey
and
optional stapled OCSP response and/or SCT.
An optional OCSP response from the certificate issuer,
attesting to its continued validity.
An optional collection of SCTs from CT logs, proving the
certificate is included on those logs. This must be
a SignedCertificateTimestampList
encoding; see RFC6962.
Make a new CertifiedKey, with the given chain and key.
The cert chain must not be empty. The first certificate in the chain
must be the end-entity certificate.
The end-entity certificate.
Steal ownership of the certificate chain.
Return true if there's an OCSP response.
Steal ownership of the OCSP response.
Return true if there's an SCT list.
Steal ownership of the SCT list.
Check the certificate chain for validity:
- it should be non-empty list
- the first certificate should be parsable as a x509v3,
- the first certificate should quote the given server name
(if provided)
These checks are not security-sensitive. They are the
server attempting to detect accidental misconfiguration.
Performs copy-assignment from source
. Read more
Creates owned data from borrowed data, usually by cloning. Read more
🔬 This is a nightly-only experimental API. (toowned_clone_into
)
recently added
Uses borrowed data to replace owned data, usually by cloning. Read more
🔬 This is a nightly-only experimental API. (try_from
)
The type returned in the event of a conversion error.
🔬 This is a nightly-only experimental API. (try_from
)
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
🔬 This is a nightly-only experimental API. (try_from
)
The type returned in the event of a conversion error.
🔬 This is a nightly-only experimental API. (try_from
)
🔬 This is a nightly-only experimental API. (get_type_id
)
this method will likely be replaced by an associated static