tls_verifier
Module: tls_verifier
Section titled “Module: tls_verifier”Contents
Section titled “Contents”Structs
AllowListClientVerifier- A [ClientCertVerifier] that delegates chain validation to an inner
firma_authority::tls_verifier::AllowListClientVerifier
Section titled “firma_authority::tls_verifier::AllowListClientVerifier”Struct
A [ClientCertVerifier] that delegates chain validation to an inner
WebPkiClientVerifier and additionally requires the client CN or DNS SAN
to appear in an [AuthorizedClientSet].
Rejects at handshake time with rustls::Error::General so the TCP
connection is closed before any gRPC traffic flows.
Methods:
fn new(inner: Arc<dyn ClientCertVerifier>, allow_list: Arc<AuthorizedClientSet>, supported_algs: WebPkiSupportedAlgorithms) -> Self- Create a new verifier.
Trait Implementations:
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
- ClientCertVerifier
fn offer_client_auth(self: &Self) -> boolfn client_auth_mandatory(self: &Self) -> boolfn root_hint_subjects(self: &Self) -> &[DistinguishedName]fn verify_client_cert(self: &Self, end_entity: &CertificateDer, intermediates: &[CertificateDer], now: UnixTime) -> Result<ClientCertVerified, TlsError>fn verify_tls12_signature(self: &Self, message: &[u8], cert: &CertificateDer, dss: &DigitallySignedStruct) -> Result<HandshakeSignatureValid, TlsError>fn verify_tls13_signature(self: &Self, message: &[u8], cert: &CertificateDer, dss: &DigitallySignedStruct) -> Result<HandshakeSignatureValid, TlsError>fn supported_verify_schemes(self: &Self) -> Vec<SignatureScheme>