pub trait ResolvesClientCert:
Debug
+ Send
+ Sync {
// Required methods
fn resolve(
&self,
root_hint_subjects: &[&[u8]],
sigschemes: &[SignatureScheme],
) -> Option<Arc<CertifiedKey>>;
fn has_certs(&self) -> bool;
// Provided method
fn only_raw_public_keys(&self) -> bool { ... }
}Expand description
A trait for the ability to choose a certificate chain and private key for the purposes of client authentication.
Required Methods§
Sourcefn resolve(
&self,
root_hint_subjects: &[&[u8]],
sigschemes: &[SignatureScheme],
) -> Option<Arc<CertifiedKey>>
fn resolve( &self, root_hint_subjects: &[&[u8]], sigschemes: &[SignatureScheme], ) -> Option<Arc<CertifiedKey>>
Resolve a client certificate chain/private key to use as the client’s identity.
root_hint_subjects is an optional list of certificate authority
subject distinguished names that the client can use to help
decide on a client certificate the server is likely to accept. If
the list is empty, the client should send whatever certificate it
has. The hints are expected to be DER-encoded X.500 distinguished names,
per RFC 5280 A.1. See DistinguishedName for more information
on decoding with external crates like x509-parser.
sigschemes is the list of the SignatureSchemes the server
supports.
Return None to continue the handshake without any client
authentication. The server may reject the handshake later
if it requires authentication.
Provided Methods§
Sourcefn only_raw_public_keys(&self) -> bool
fn only_raw_public_keys(&self) -> bool
Return true if the client only supports raw public keys.
See RFC 7250.