Trait rustls::client::ResolvesClientCert

source ·
pub trait ResolvesClientCert:
    Debug
    + Send
    + Sync {
    // Required methods
    fn resolve(
        &self,
        root_hint_subjects: &[&[u8]],
        sigschemes: &[SignatureScheme],
    ) -> Option<Arc<CertifiedKey>>;
    fn has_certs(&self) -> bool;

    // Provided method
    fn only_raw_public_keys(&self) -> bool { ... }
}
Expand description

A trait for the ability to choose a certificate chain and private key for the purposes of client authentication.

Required Methods§

source

fn resolve( &self, root_hint_subjects: &[&[u8]], sigschemes: &[SignatureScheme], ) -> Option<Arc<CertifiedKey>>

Resolve a client certificate chain/private key to use as the client’s identity.

root_hint_subjects is an optional list of certificate authority subject distinguished names that the client can use to help decide on a client certificate the server is likely to accept. If the list is empty, the client should send whatever certificate it has. The hints are expected to be DER-encoded X.500 distinguished names, per RFC 5280 A.1. See DistinguishedName for more information on decoding with external crates like x509-parser.

sigschemes is the list of the SignatureSchemes the server supports.

Return None to continue the handshake without any client authentication. The server may reject the handshake later if it requires authentication.

source

fn has_certs(&self) -> bool

Return true if any certificates at all are available.

Provided Methods§

source

fn only_raw_public_keys(&self) -> bool

Return true if the client only supports raw public keys.

See RFC 7250.

Implementors§