pub struct CertifiedKey {
pub cert: Vec<Certificate>,
pub key: Arc<dyn SigningKey>,
pub ocsp: Option<Vec<u8>>,
pub sct_list: Option<Vec<u8>>,
}
Expand description
A packaged-together certificate chain, matching SigningKey
and
optional stapled OCSP response and/or SCT list.
Fields§
§cert: Vec<Certificate>
The certificate chain.
key: Arc<dyn SigningKey>
The certified key.
ocsp: Option<Vec<u8>>
An optional OCSP response from the certificate issuer, attesting to its continued validity.
sct_list: Option<Vec<u8>>
An optional collection of SCTs from CT logs, proving the
certificate is included on those logs. This must be
a SignedCertificateTimestampList
encoding; see RFC6962.
Implementations§
source§impl CertifiedKey
impl CertifiedKey
sourcepub fn new(cert: Vec<Certificate>, key: Arc<dyn SigningKey>) -> Self
pub fn new(cert: Vec<Certificate>, key: Arc<dyn SigningKey>) -> Self
Make a new CertifiedKey, with the given chain and key.
The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.
sourcepub fn end_entity_cert(&self) -> Result<&Certificate, SignError>
pub fn end_entity_cert(&self) -> Result<&Certificate, SignError>
The end-entity certificate.
sourcepub fn cross_check_end_entity_cert(
&self,
name: Option<DnsNameRef<'_>>,
) -> Result<(), Error>
pub fn cross_check_end_entity_cert( &self, name: Option<DnsNameRef<'_>>, ) -> Result<(), Error>
Check the certificate chain for validity:
- it should be non-empty list
- the first certificate should be parsable as a x509v3,
- the first certificate should quote the given server name (if provided)
These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.
Trait Implementations§
source§impl Clone for CertifiedKey
impl Clone for CertifiedKey
source§fn clone(&self) -> CertifiedKey
fn clone(&self) -> CertifiedKey
Returns a copy of the value. Read more
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source
. Read moreAuto Trait Implementations§
impl Freeze for CertifiedKey
impl !RefUnwindSafe for CertifiedKey
impl Send for CertifiedKey
impl Sync for CertifiedKey
impl Unpin for CertifiedKey
impl !UnwindSafe for CertifiedKey
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
§impl<T> CloneAny for T
impl<T> CloneAny for T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
🔬This is a nightly-only experimental API. (
clone_to_uninit
)§impl<Tail, T> Prepend<T> for Tail
impl<Tail, T> Prepend<T> for Tail
§type PreprendResult = Tail
type PreprendResult = Tail
The Resulting [
TupleList
], of an [Prepend::prepend()
] call,
including the prepended entry.