Struct wtransport::tls::client::ServerHashVerification
source · pub struct ServerHashVerification { /* private fields */ }
Expand description
A custom ServerCertVerifier
implementation.
Configures the client to skip some server certificates validation.
This verifier is configured to accept server certificates whose digests match the specified SHA-256 hashes and fulfill some additional constraints (see notes below).
This is useful for scenarios where clients need to accept known self-signed certificates or certificates from non-standard authorities.
§Notes
- The current time MUST be within the validity period of the certificate.
- The total length of the validity period MUST NOT exceed two weeks.
- Only certificates for which the public key algorithm is ECDSA with the secp256r1 are accepted.
Implementations§
source§impl ServerHashVerification
impl ServerHashVerification
sourcepub fn new<H>(hashes: H) -> Selfwhere
H: IntoIterator<Item = Sha256Digest>,
pub fn new<H>(hashes: H) -> Selfwhere
H: IntoIterator<Item = Sha256Digest>,
Creates a new instance of ServerHashVerification
.
§Arguments
hashes
: An iterator yieldingSha256Digest
instances representing the accepted certificate hashes.
Trait Implementations§
source§impl ServerCertVerifier for ServerHashVerification
impl ServerCertVerifier for ServerHashVerification
source§fn verify_server_cert(
&self,
end_entity: &Certificate,
_intermediates: &[Certificate],
_server_name: &ServerName,
_scts: &mut dyn Iterator<Item = &[u8]>,
_ocsp_response: &[u8],
now: SystemTime
) -> Result<ServerCertVerified, Error>
fn verify_server_cert( &self, end_entity: &Certificate, _intermediates: &[Certificate], _server_name: &ServerName, _scts: &mut dyn Iterator<Item = &[u8]>, _ocsp_response: &[u8], now: SystemTime ) -> Result<ServerCertVerified, Error>
Verify the end-entity certificate
end_entity
is valid for the
hostname dns_name
and chains to at least one trust anchor. Read moresource§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls12_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given server certificate. Read more
source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls13_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given server certificate. Read more
source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
Return the list of SignatureSchemes that this verifier will handle,
in
verify_tls12_signature
and verify_tls13_signature
calls. Read moresource§fn request_scts(&self) -> bool
fn request_scts(&self) -> bool
Returns
true
if Rustls should ask the server to send SCTs. Read moreAuto Trait Implementations§
impl Freeze for ServerHashVerification
impl RefUnwindSafe for ServerHashVerification
impl Send for ServerHashVerification
impl Sync for ServerHashVerification
impl Unpin for ServerHashVerification
impl UnwindSafe for ServerHashVerification
Blanket Implementations§
source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more