Struct rustls::sign::CertifiedKey[][src]

pub struct CertifiedKey {
    pub cert: Vec<Certificate>,
    pub key: Arc<Box<dyn SigningKey>>,
    pub ocsp: Option<Vec<u8>>,
    pub sct_list: Option<Vec<u8>>,
}

A packaged-together certificate chain, matching SigningKey and optional stapled OCSP response and/or SCT list.

Fields

cert: Vec<Certificate>

The certificate chain.

key: Arc<Box<dyn SigningKey>>

The certified key.

ocsp: Option<Vec<u8>>

An optional OCSP response from the certificate issuer, attesting to its continued validity.

sct_list: Option<Vec<u8>>

An optional collection of SCTs from CT logs, proving the certificate is included on those logs. This must be a SignedCertificateTimestampList encoding; see RFC6962.

Implementations

impl CertifiedKey[src]

pub fn new(
    cert: Vec<Certificate>,
    key: Arc<Box<dyn SigningKey>>
) -> CertifiedKey
[src]

Make a new CertifiedKey, with the given chain and key.

The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.

pub fn end_entity_cert(&self) -> Result<&Certificate, ()>[src]

The end-entity certificate.

pub fn take_cert(&mut self) -> Vec<Certificate>[src]

Steal ownership of the certificate chain.

pub fn has_ocsp(&self) -> bool[src]

Return true if there’s an OCSP response.

pub fn take_ocsp(&mut self) -> Option<Vec<u8>>[src]

Steal ownership of the OCSP response.

pub fn has_sct_list(&self) -> bool[src]

Return true if there’s an SCT list.

pub fn take_sct_list(&mut self) -> Option<Vec<u8>>[src]

Steal ownership of the SCT list.

pub fn cross_check_end_entity_cert(
    &self,
    name: Option<DNSNameRef<'_>>
) -> Result<(), TLSError>
[src]

Check the certificate chain for validity:

  • it should be non-empty list
  • the first certificate should be parsable as a x509v3,
  • the first certificate should quote the given server name (if provided)

These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.

Trait Implementations

impl Clone for CertifiedKey[src]

Auto Trait Implementations

impl !RefUnwindSafe for CertifiedKey

impl Send for CertifiedKey

impl Sync for CertifiedKey

impl Unpin for CertifiedKey

impl !UnwindSafe for CertifiedKey

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T> ToOwned for T where
    T: Clone
[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.