Skip to main content

CertChainError

smime_tree

Enum CertChainError 

Source 
#[non_exhaustive]
pub enum CertChainError {
    NoTrustAnchors,
    CertificateExpired {
        subject: String,
        not_after: String,
    },
    AllTrustAnchorsExpired {
        issuer: String,
    },
    SignatureVerification {
        subject: String,
    },
    PathLenViolated {
        intermediate_count: usize,
        path_len: u8,
    },
    NotACa {
        subject: String,
    },
    Cycle {
        subject: String,
    },
    NoMatchingIssuer {
        issuer: String,
    },
    TooDeep,
    Other(String),
}
Expand description

Structured failure reason for certificate chain validation.

Returned inside SmimeError::CertChain. Callers can match on this enum to distinguish specific failure modes (e.g. expired certificate vs. missing trust anchor) without parsing error strings.

§Compatibility stubs

Two variants — AllTrustAnchorsExpired and PathLenViolated — are marked #[deprecated] and are never emitted by the current validator. They exist solely so that serialized data produced by older versions of this crate can be deserialized without error. New code should not match on them; see each variant’s deprecation message for the current equivalent.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

NoTrustAnchors

No trust anchors were provided.

§

CertificateExpired

Certificate validity period does not contain the check time.

Fields

§subject: String

Subject DN of the certificate that failed the validity check.

§not_after: String

The certificate’s notAfter date (ISO 8601).

§

AllTrustAnchorsExpired

👎Deprecated since 0.2.0:

match CertificateExpired instead

All trust anchors matching the issuer DN are outside their validity period.

Present only for deserialization compatibility with data produced by older versions of this crate; never emitted by the current validator. Match CertChainError::TooDeep or CertChainError::CertificateExpired for the equivalent current failure modes.

Fields

§issuer: String
👎Deprecated since 0.2.0:

match CertificateExpired instead

Issuer DN for which all matching trust anchors were expired.

§

SignatureVerification

Certificate signature does not match the issuer’s public key.

Fields

§subject: String

Subject DN of the certificate whose signature could not be verified.

§

PathLenViolated

👎Deprecated:

never produced by the current pkix-chain-based validator; match TooDeep instead

A pathLen constraint in a CA certificate was violated.

Present only for deserialization compatibility with data produced by older versions of this crate; never emitted by the current validator. Match CertChainError::TooDeep for the equivalent current failure mode.

Fields

§intermediate_count: usize
👎Deprecated:

never produced by the current pkix-chain-based validator; match TooDeep instead

Number of intermediate CA certificates below the constrained issuer.

§path_len: u8
👎Deprecated:

never produced by the current pkix-chain-based validator; match TooDeep instead

The pathLen value from the BasicConstraints extension.

§

NotACa

An intermediate certificate lacks the CA flag (BasicConstraints.cA = false).

Fields

§subject: String

Subject DN of the certificate that was found not to be a CA.

§

Cycle

The certificate chain contains a cycle (A signed by B, B signed by A).

Fields

§subject: String

Subject DN of the certificate that closed the cycle.

§

NoMatchingIssuer

No trust anchor or intermediate certificate matches the issuer DN.

Fields

§issuer: String

Issuer DN for which no matching certificate was found.

§

TooDeep

Certificate chain exceeds the maximum allowed depth.

§

Other(String)

Other chain validation error (DER encoding failures, etc.).

Trait Implementations§

Source§

impl Clone for CertChainError

Source§

fn clone(&self) -> CertChainError

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for CertChainError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for CertChainError

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for CertChainError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Eq for CertChainError

Source§

impl PartialEq for CertChainError

Source§

fn eq(&self, other: &CertChainError) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for CertChainError

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for CertChainError

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V