pub struct ServerCertVerifierBuilder { /* private fields */ }展开描述
一个构建器 用于 configuring 一个 webpki server certificate verifier.
更多信息请参阅 WebPkiServerVerifier 文档。
实现§
Source§impl ServerCertVerifierBuilder
impl ServerCertVerifierBuilder
Sourcepub fn with_crls(
self,
crls: impl IntoIterator<Item = CertificateRevocationListDer<'static>>,
) -> Self
pub fn with_crls( self, crls: impl IntoIterator<Item = CertificateRevocationListDer<'static>>, ) -> Self
验证提交的 client 证书的吊销状态,对比提供的
certificate revocation lists (CRLs)。 调用 with_crls multiple times appends the
given CRLs 到现有集合中
Sourcepub fn only_check_end_entity_revocation(self) -> Self
pub fn only_check_end_entity_revocation(self) -> Self
使用 CRLs.
If CRLs are provided using with_crls only 检查 the end entity
certificate’s revocation status. Overrides 默认行为 checking revocation
status 用于 each certificate in the verified chain built 到 一个 trust anchor
(excluding the trust anchor itself)。
If no CRLs are provided then this setting has no effect. Neither the end entity certificate 或 any intermediates will have revocation status 检查.
Sourcepub fn allow_unknown_revocation_status(self) -> Self
pub fn allow_unknown_revocation_status(self) -> Self
允许未知的 certificate 吊销状态,在使用 CRLs.
If CRLs are provided with with_crls 并不’t possible 到
determine the revocation status of 一个 certificate, 则不将其视为错误
覆盖将未知吊销状态视为错误的默认行为
If no CRLs are provided then this setting has no effect as revocation status checks are not performed.
Sourcepub fn enforce_revocation_expiration(self) -> Self
pub fn enforce_revocation_expiration(self) -> Self
强制 CRL 的 nextUpdate 字段(即过期)
If CRLs are provided with with_crls 并 the verification time is
beyond ,CRL 的 nextUpdate 字段,则该 CRL 已过期并被视为错误
覆盖过期 CRLs 不被视为错误的默认行为
If no CRLs are provided then this setting has no effect as revocation status checks are not performed.
Sourcepub fn build(self) -> Result<Arc<WebPkiServerVerifier>, VerifierBuilderError>
pub fn build(self) -> Result<Arc<WebPkiServerVerifier>, VerifierBuilderError>
构建一个服务器证书验证器, allowing control over the root certificates 到 use as trust anchors, 以及控制如何执行服务器证书吊销检查
If with_signature_verification_algorithms 未在 builder 上调用, 一个 default set of
signature verification algorithms is 用, controlled by the selected crypto::CryptoProvider。
Once built, the provided Arc<dyn ServerCertVerifier> can be 用 with 一个 Rustls
ServerConfig 到 configure client certificate validation using
with_client_cert_verifier。
§Errors
This function 将返回 一个 VerifierBuilderError if:
- No trust anchors have been provided.
- DER encoded CRLs have been provided that can not be parsed successfully.
Trait 实现§
Source§impl Clone for ServerCertVerifierBuilder
impl Clone for ServerCertVerifierBuilder
Source§fn clone(&self) -> ServerCertVerifierBuilder
fn clone(&self) -> ServerCertVerifierBuilder
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. 更多信息