#[non_exhaustive]pub enum CertificateError {
Show 22 variants
BadEncoding,
Expired,
ExpiredContext {
time: UnixTime,
not_after: UnixTime,
},
NotValidYet,
NotValidYetContext {
time: UnixTime,
not_before: UnixTime,
},
Revoked,
UnhandledCriticalExtension,
UnknownIssuer,
UnknownRevocationStatus,
ExpiredRevocationList,
ExpiredRevocationListContext {
time: UnixTime,
next_update: UnixTime,
},
BadSignature,
UnsupportedSignatureAlgorithm,
UnsupportedSignatureAlgorithmContext {
signature_algorithm_id: Vec<u8>,
supported_algorithms: Vec<AlgorithmIdentifier>,
},
UnsupportedSignatureAlgorithmForPublicKeyContext {
signature_algorithm_id: Vec<u8>,
public_key_algorithm_id: Vec<u8>,
},
NotValidForName,
NotValidForNameContext {
expected: ServerName<'static>,
presented: Vec<String>,
},
InvalidPurpose,
InvalidPurposeContext {
required: ExtendedKeyPurpose,
presented: Vec<ExtendedKeyPurpose>,
},
InvalidOcspResponse,
ApplicationVerificationFailure,
Other(OtherError),
}展开描述
证书验证器表达错误的方式。
Note that the rustls TLS protocol code interprets specifically these error codes 到 send specific TLS alerts. Therefore, if 一个 custom certificate validator uses incorrect errors the library as 一个 whole will send alerts that do not match 标准 (this is usually 一个 minor issue, but could be misleading)。
变体 (Non-exhaustive)§
This enum is marked as non-exhaustive
BadEncoding
此 certificate is not correctly encoded.
Expired
此 current time is after the notAfter time in 证书.
ExpiredContext
此 current time is after the notAfter time in 证书.
This variant is semantically the same as Expired, but includes
extra data 到 improve error reports.
字段
time: UnixTime此 validation time.
NotValidYet
此 current time is before the notBefore time in 证书.
NotValidYetContext
此 current time is before the notBefore time in 证书.
This variant is semantically the same as NotValidYet, but includes
extra data 到 improve error reports.
字段
time: UnixTime此 validation time.
Revoked
此 certificate has been revoked.
UnhandledCriticalExtension
此 certificate contains an extension marked critical, but it was not processed by 证书 validator.
UnknownIssuer
此 certificate chain is not issued by 一个 known root certificate.
UnknownRevocationStatus
此 certificate’s revocation status could not be determined.
ExpiredRevocationList
此 certificate’s revocation status could not be determined, because the CRL is expired.
ExpiredRevocationListContext
此 certificate’s revocation status could not be determined, because the CRL is expired.
This variant is semantically the same as ExpiredRevocationList, but includes
extra data 到 improve error reports.
字段
time: UnixTime此 validation time.
BadSignature
证书未被其宣称的白发者的密钥正确签署。
UnsupportedSignatureAlgorithm
UnsupportedSignatureAlgorithmContext insteadA signature inside 一个 certificate 或 on 一个 handshake was made with an unsupported 算法.
UnsupportedSignatureAlgorithmContext
A signature inside 一个 certificate 或 on 一个 handshake was made with an unsupported 算法.
字段
signature_algorithm_id: Vec<u8>此 签名算法 OID that was unsupported.
supported_algorithms: Vec<AlgorithmIdentifier>Supported algorithms that were available 用于 signature verification.
UnsupportedSignatureAlgorithmForPublicKeyContext
A signature was made with an 算法 that doesn’t match the relevant 公钥.
字段
signature_algorithm_id: Vec<u8>此 签名算法 OID.
NotValidForName
此 subject names in an end-entity certificate do not include the expected name.
NotValidForNameContext
此 subject names in an end-entity certificate do not include the expected name.
This variant is semantically the same as NotValidForName, but includes
extra data 到 improve error reports.
字段
expected: ServerName<'static>期望的服务器名称。
presented: Vec<String>此 names presented in the end entity certificate.
These are the subject names as present in the leaf certificate 并 may contain DNS names with 或 without 一个 wildcard label as well as IP address names.
InvalidPurpose
此 certificate is being 用 用于 一个 different purpose than allowed.
InvalidPurposeContext
此 certificate is being 用 用于 一个 different purpose than allowed.
This variant is semantically the same as InvalidPurpose, but includes
extra data 到 improve error reports.
字段
required: ExtendedKeyPurpose应用程序要求的扩展密钥用途。
presented: Vec<ExtendedKeyPurpose>在 peer è¯ä¹¦ä¸æ交çæ©å±å¯é¥ç¨éã
InvalidOcspResponse
此 OCSP response provided 到 the verifier was invalid.
This should be returned 从 ServerCertVerifier::verify_server_cert()
when 一个 verifier checks its ocsp_response parameter 并 finds it invalid.
This maps 到 AlertDescription::BadCertificateStatusResponse。
ApplicationVerificationFailure
此 certificate is valid, but the handshake is rejected 用于 other reasons.
Other(OtherError)
Any other error.
This can be 用于 custom verifiers 到 expose 底层 error (where they are not better described by the more specific errors above)。
It 也 用于 默认 verifier in case its error is not covered by the above common cases.
Enums holding this variant will never compare equal 到 each other.
Trait 实现§
Source§impl Clone for CertificateError
impl Clone for CertificateError
Source§fn clone(&self) -> CertificateError
fn clone(&self) -> CertificateError
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. 更多信息