Expand description
secure_network — TLS configuration validation, certificate pinning, and cleartext detection
for OWASP MASVS-NETWORK-1 and MASVS-NETWORK-2.
All types are pure Rust policy objects and validators — they do not perform TLS handshakes. The consuming application provides raw certificate chains and TLS parameters; this crate provides the validation logic.
Re-exports§
pub use cert_pin::CertPinResult;pub use cert_pin::CertPinValidator;pub use cert_pin::PinSet;pub use cleartext::CleartextDetector;pub use cleartext::CleartextResult;pub use error::NetworkSecurityError;pub use mtls::MtlsClientIdentity;pub use mtls::MtlsClientIdentityStatus;pub use mtls::MtlsRevocationLookup;pub use mtls::NoMtlsRevocations;pub use tls_policy::CipherSuite;pub use tls_policy::TlsPolicy;pub use tls_policy::TlsValidationResult;pub use tls_policy::TlsVersion;
Modules§
- cert_
pin - Certificate pinning validation — SPKI hash comparison.
- cleartext
- Cleartext traffic detection — URL scheme and port checks.
- error
- Network security error types.
- mtls
- mTLS client identity validation extracted from trusted edge metadata.
- tls_
policy - TLS policy enforcement — version and cipher suite validation.