pub struct AllowAnyAnonymousOrAuthenticatedClient { /* private fields */ }
Expand description
A ClientCertVerifier
that will allow both anonymous and authenticated
clients, without any name checking.
Client authentication will be requested during the TLS handshake. If the
client offers a certificate then this acts like
AllowAnyAuthenticatedClient
, otherwise this acts like NoClientAuth
.
Implementations§
source§impl AllowAnyAnonymousOrAuthenticatedClient
impl AllowAnyAnonymousOrAuthenticatedClient
sourcepub fn new(roots: RootCertStore) -> Self
pub fn new(roots: RootCertStore) -> Self
Construct a new AllowAnyAnonymousOrAuthenticatedClient
.
roots
is the list of trust anchors to use for certificate validation.
sourcepub fn with_crls(
self,
crls: impl IntoIterator<Item = UnparsedCertRevocationList>,
) -> Result<Self, CertRevocationListError>
pub fn with_crls( self, crls: impl IntoIterator<Item = UnparsedCertRevocationList>, ) -> Result<Self, CertRevocationListError>
Update the verifier to validate client certificates against the provided DER format unparsed certificate revocation lists (CRLs).
sourcepub fn boxed(self) -> Arc<dyn ClientCertVerifier>
pub fn boxed(self) -> Arc<dyn ClientCertVerifier>
Wrap this verifier in an Arc
and coerce it to dyn ClientCertVerifier
Trait Implementations§
source§impl ClientCertVerifier for AllowAnyAnonymousOrAuthenticatedClient
impl ClientCertVerifier for AllowAnyAnonymousOrAuthenticatedClient
source§fn offer_client_auth(&self) -> bool
fn offer_client_auth(&self) -> bool
Returns
true
to enable the server to request a client certificate and
false
to skip requesting a client certificate. Defaults to true
.source§fn client_auth_mandatory(&self) -> bool
fn client_auth_mandatory(&self) -> bool
Return
true
to require a client certificate and false
to make
client authentication optional.
Defaults to Some(self.offer_client_auth())
.source§fn client_auth_root_subjects(&self) -> &[DistinguishedName]
fn client_auth_root_subjects(&self) -> &[DistinguishedName]
source§fn verify_client_cert(
&self,
end_entity: &Certificate,
intermediates: &[Certificate],
now: SystemTime,
) -> Result<ClientCertVerified, Error>
fn verify_client_cert( &self, end_entity: &Certificate, intermediates: &[Certificate], now: SystemTime, ) -> Result<ClientCertVerified, Error>
Verify the end-entity certificate
end_entity
is valid, acceptable,
and chains to at least one of the trust anchors trusted by
this verifier. Read moresource§fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls12_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given client certificate. Read more
source§fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, Error>
fn verify_tls13_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, ) -> Result<HandshakeSignatureValid, Error>
Verify a signature allegedly by the given client certificate. Read more
source§fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme>
Return the list of SignatureSchemes that this verifier will handle,
in
verify_tls12_signature
and verify_tls13_signature
calls. Read moreAuto Trait Implementations§
impl Freeze for AllowAnyAnonymousOrAuthenticatedClient
impl RefUnwindSafe for AllowAnyAnonymousOrAuthenticatedClient
impl Send for AllowAnyAnonymousOrAuthenticatedClient
impl Sync for AllowAnyAnonymousOrAuthenticatedClient
impl Unpin for AllowAnyAnonymousOrAuthenticatedClient
impl UnwindSafe for AllowAnyAnonymousOrAuthenticatedClient
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more