[−][src]Trait rustls::ClientCertVerifier
Something that can verify a client certificate chain
Required methods
fn client_auth_root_subjects(
&self,
sni: Option<&DNSName>
) -> Option<DistinguishedNames>
&self,
sni: Option<&DNSName>
) -> Option<DistinguishedNames>
Returns the subject names of the client authentication trust anchors to share with the client when requesting client authentication.
Return None
to abort the connection.
sni
is the server name quoted by the client in its ClientHello; it has
been validated as a proper DNS name but is otherwise untrusted.
fn verify_client_cert(
&self,
presented_certs: &[Certificate],
sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
&self,
presented_certs: &[Certificate],
sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
Verify a certificate chain. presented_certs
is the certificate chain from the client.
sni
is the server name quoted by the client in its ClientHello; it has
been validated as a proper DNS name but is otherwise untrusted.
Provided methods
fn offer_client_auth(&self) -> bool
Returns true
to enable the server to request a client certificate and
false
to skip requesting a client certificate. Defaults to true
.
fn client_auth_mandatory(&self, _sni: Option<&DNSName>) -> Option<bool>
Return Some(true)
to require a client certificate and Some(false)
to make
client authentication optional. Return None
to abort the connection.
Defaults to Some(self.offer_client_auth())
.
sni
is the server name quoted by the client in its ClientHello; it has
been validated as a proper DNS name but is otherwise untrusted.
Implementors
impl ClientCertVerifier for AllowAnyAnonymousOrAuthenticatedClient
[src]
fn offer_client_auth(&self) -> bool
[src]
fn client_auth_mandatory(&self, _sni: Option<&DNSName>) -> Option<bool>
[src]
fn client_auth_root_subjects(
&self,
sni: Option<&DNSName>
) -> Option<DistinguishedNames>
[src]
&self,
sni: Option<&DNSName>
) -> Option<DistinguishedNames>
fn verify_client_cert(
&self,
presented_certs: &[Certificate],
sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
[src]
&self,
presented_certs: &[Certificate],
sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
impl ClientCertVerifier for AllowAnyAuthenticatedClient
[src]
fn offer_client_auth(&self) -> bool
[src]
fn client_auth_mandatory(&self, _sni: Option<&DNSName>) -> Option<bool>
[src]
fn client_auth_root_subjects(
&self,
_sni: Option<&DNSName>
) -> Option<DistinguishedNames>
[src]
&self,
_sni: Option<&DNSName>
) -> Option<DistinguishedNames>
fn verify_client_cert(
&self,
presented_certs: &[Certificate],
_sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
[src]
&self,
presented_certs: &[Certificate],
_sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
impl ClientCertVerifier for NoClientAuth
[src]
fn offer_client_auth(&self) -> bool
[src]
fn client_auth_root_subjects(
&self,
_sni: Option<&DNSName>
) -> Option<DistinguishedNames>
[src]
&self,
_sni: Option<&DNSName>
) -> Option<DistinguishedNames>
fn verify_client_cert(
&self,
_presented_certs: &[Certificate],
_sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
[src]
&self,
_presented_certs: &[Certificate],
_sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>