结构体 WebPkiServerVerifier

Source

pub struct WebPkiServerVerifier { /* private fields */ }

展开描述

默认的 ServerCertVerifier，请参阅 trait 实现以获取更多信息。

实现§

Source §

impl WebPkiServerVerifier

Source

pub fn builder(roots: Arc<RootCertStore>) -> ServerCertVerifierBuilder

创建一个 builder 用于 the webpki server certificate verifier configuration using the process-default CryptoProvider。

服务器证书 – 将使用提供的 roots 中的信任锚点进行验证 –

Use Self::builder_with_provider if you wish 到 specify an explicit provider.

更多信息请参阅 ServerCertVerifierBuilder 文档。

Source

pub fn builder_with_provider( roots: Arc<RootCertStore>, provider: Arc<CryptoProvider>, ) -> ServerCertVerifierBuilder

创建一个 builder 用于 the webpki server certificate verifier configuration using 一个 specified CryptoProvider。

服务器证书 – 将使用提供的 roots 中的信任锚点进行验证 –

此 cryptography 用 comes 从 the specified CryptoProvider。

更多信息请参阅 ServerCertVerifierBuilder 文档。

Trait 实现§

Source §

impl Debug for WebPkiServerVerifier

Source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result

使用给定的格式化器格式化此值。更多信息

Source §

impl ServerCertVerifier for WebPkiServerVerifier

Source §

fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result<ServerCertVerified, Error>

Will 验证证书 is valid in the following ways:

Signed by a trusted RootCertStore CA
Not Expired
Valid for DNS entry
Valid revocation status (if applicable).

Depending on the verifier’s configuration revocation status checking may be performed 用于 each certificate in the chain 到一个 root CA (excluding the root itself), 或 only the end entity certificate. Similarly, unknown revocation status may be treated as an error 或 allowed based on configuration.

Source §