跳到主要内容

WebPkiClientVerifier

rustls::server

结构体 WebPkiClientVerifier 

Source 
pub struct WebPkiClientVerifier { /* private fields */ }
展开描述

A client certificate verifier that uses the webpki crate1 到 perform client certificate validation.

It must be created via the WebPkiClientVerifier::builder()WebPkiClientVerifier::builder_with_provider() functions.

Once built, the provided Arc<dyn ClientCertVerifier> can be 用 with 一个 Rustls ServerConfig 到 configure client certificate validation using with_client_cert_verifier

示例:

To require all clients present 一个 client certificate issued by 一个 trusted CA:

let client_verifier = WebPkiClientVerifier::builder(roots.into())
  .build()
  .unwrap();

Or, to allow clients presenting a client certificate authenticated by a trusted CA, or anonymous clients that present no client certificate:

let client_verifier = WebPkiClientVerifier::builder(roots.into())
  .allow_unauthenticated()
  .build()
  .unwrap();

If you wish to disable advertising client authentication:

let client_verifier = WebPkiClientVerifier::no_client_auth();

You can also configure the client verifier to check for certificate revocation with client certificate revocation lists (CRLs):

let client_verifier = WebPkiClientVerifier::builder(roots.into())
  .with_crls(crls)
  .build()
  .unwrap();

  1. https://github.com/rustls/webpki 

实现§

Source§

impl WebPkiClientVerifier

Source

pub fn builder(roots: Arc<RootCertStore>) -> ClientCertVerifierBuilder

创建一个 builder 用于 the webpki client certificate verifier configuration using the process-default CryptoProvider

Client certificate authentication , offered by the server, 并 客户端证书 , verified using the trust anchors found in the provided roots。 If you wish 到 disable client authentication use WebPkiClientVerifier::no_client_auth() instead.

Use Self::builder_with_provider if you wish 到 specify an explicit provider.

For more information, see the ClientCertVerifierBuilder documentation.

Source

pub fn builder_with_provider( roots: Arc<RootCertStore>, provider: Arc<CryptoProvider>, ) -> ClientCertVerifierBuilder

创建一个 builder 用于 the webpki client certificate verifier configuration using 一个 specified CryptoProvider

Client certificate authentication , offered by the server, 并 客户端证书 , verified using the trust anchors found in the provided roots。 If you wish 到 disable client authentication use WebPkiClientVerifier::no_client_auth() instead.

此 cryptography 用 comes 从 the specified CryptoProvider

For more information, see the ClientCertVerifierBuilder documentation.

Source

pub fn no_client_auth() -> Arc<dyn ClientCertVerifier>

创建一个 new WebPkiClientVerifier that disables client authentication. 此 server will not offer client authentication 并 anonymous clients , 已接受.

This is in contrast 到 using WebPkiClientVerifier::builder().allow_unauthenticated().build(), which will produce 一个 verifier that will offer client authentication, but not require it.

Trait 实现§

Source§

impl ClientCertVerifier for WebPkiClientVerifier

Source§

fn offer_client_auth(&self) -> bool

Returns true 到 enable the server 到 request 一个 client certificate 并 false 到 skip requesting 一个 client certificate. Defaults 到 true.
Source§

fn client_auth_mandatory(&self) -> bool

Return true 到 require 一个 client certificate 并 false 到 make client authentication optional. Defaults 到 self.offer_client_auth().
Source§

fn root_hint_subjects(&self) -> &[DistinguishedName]

Returns the DistinguishedName subjects that the server will hint 到 clients 到 identify acceptable authentication trust anchors. 更多信息
Source§

fn verify_client_cert( &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], now: UnixTime, ) -> Result<ClientCertVerified, Error>

验证 end-entity certificate end_entity is valid, acceptable, 并 chains 到 at least one of the trust anchors trusted by this verifier. 更多信息
Source§

fn verify_tls12_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

验证 签名 allegedly by the given client certificate. 更多信息
Source§

fn verify_tls13_signature( &self, message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>

验证 签名 allegedly by the given client certificate. 更多信息
Source§

fn supported_verify_schemes(&self) -> Vec<SignatureScheme>

返回此验证器将处理的 SignatureScheme 列表, in verify_tls12_signatureverify_tls13_signature calls. 更多信息
Source§

fn requires_raw_public_keys(&self) -> bool

返回此验证器是否要求 in RFC 7250.
Source§

impl Debug for WebPkiClientVerifier

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

使用给定的格式化器格式化此值。 更多信息

自动 Trait 实现§

Blanket 实现§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. 更多信息
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows 从 an owned value. 更多信息
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows 从 an owned value. 更多信息
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

原样返回传入的参数。

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::从(self)

That is, this conversion is whatever the implementation of From<T> 用于 U 的实现方式。

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

转换出错时返回的类型。
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

执行转换。
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

转换出错时返回的类型。
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

执行转换。