Google Git
Sign in
apache / incubator-teaclave-website / refs/heads/asf-site / . / api-docs / crates-enclave / src / webpki / webpki.rs.html
blob: 6ed3dc38545e6604090084e75e65d4a453db45e2 [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/webpki-0.21.4/src/webpki.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>webpki.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../webpki/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../webpki/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
</pre><pre class="rust"><code><span class="comment">// Copyright 2015 Brian Smith.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED &quot;AS IS&quot; AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
</span><span class="doccomment">//! webpki: Web PKI X.509 Certificate Validation.
//!
//! See `EndEntityCert`&#39;s documentation for a description of the certificate
//! processing steps necessary for a TLS connection.
</span><span class="attribute">#![doc(html_root_url = <span class="string">&quot;https://briansmith.org/rustdoc/&quot;</span>)]
#![cfg_attr(not(feature = <span class="string">&quot;std&quot;</span>), no_std)]
#![allow(missing_debug_implementations)]
</span><span class="comment">// `#[derive(...)]` uses `#[allow(unused_qualifications)]` internally.
</span><span class="attribute">#![deny(unused_qualifications)]
#![forbid(
anonymous_parameters,
box_pointers,
missing_copy_implementations,
missing_docs,
trivial_casts,
trivial_numeric_casts,
unsafe_code,
unstable_features,
unused_extern_crates,
unused_import_braces,
unused_results,
variant_size_differences,
warnings
)]
#[cfg(all(test, not(feature = <span class="string">&quot;std&quot;</span>)))]
#[macro_use]
</span><span class="kw">extern crate </span>std;
<span class="attribute">#[macro_use]
</span><span class="kw">mod </span>der;
<span class="kw">mod </span>calendar;
<span class="kw">mod </span>cert;
<span class="kw">mod </span>error;
<span class="kw">mod </span>name;
<span class="kw">mod </span>signed_data;
<span class="kw">mod </span>time;
<span class="attribute">#[cfg(feature = <span class="string">&quot;trust_anchor_util&quot;</span>)]
</span><span class="kw">pub mod </span>trust_anchor_util;
<span class="kw">mod </span>verify_cert;
<span class="kw">pub use </span>error::Error;
<span class="kw">pub use </span>name::{DNSNameRef, InvalidDNSNameError};
<span class="attribute">#[cfg(feature = <span class="string">&quot;std&quot;</span>)]
</span><span class="kw">pub use </span>name::DNSName;
<span class="kw">pub use </span>signed_data::{
SignatureAlgorithm, ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384,
ED25519, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};
<span class="kw">pub use </span>time::Time;
<span class="doccomment">/// An end-entity certificate.
///
/// Server certificate processing in a TLS connection consists of several
/// steps. All of these steps are necessary:
///
/// * `EndEntityCert.verify_is_valid_tls_server_cert`: Verify that the server&#39;s
/// certificate is currently valid *for use by a TLS server*.
/// * `EndEntityCert.verify_is_valid_for_dns_name`: Verify that the server&#39;s
/// certificate is valid for the host that is being connected to.
/// * `EndEntityCert.verify_signature`: Verify that the signature of server&#39;s
/// `ServerKeyExchange` message is valid for the server&#39;s certificate.
///
/// Client certificate processing in a TLS connection consists of analogous
/// steps. All of these steps are necessary:
///
/// * `EndEntityCert.verify_is_valid_tls_client_cert`: Verify that the client&#39;s
/// certificate is currently valid *for use by a TLS client*.
/// * `EndEntityCert.verify_is_valid_for_dns_name` or
/// `EndEntityCert.verify_is_valid_for_at_least_one_dns_name`: Verify that the
/// client&#39;s certificate is valid for the identity or identities used to
/// identify the client. (Currently client authentication only works when the
/// client is identified by one or more DNS hostnames.)
/// * `EndEntityCert.verify_signature`: Verify that the client&#39;s signature in
/// its `CertificateVerify` message is valid using the public key from the
/// client&#39;s certificate.
///
/// Although it would be less error-prone to combine all these steps into a
/// single function call, some significant optimizations are possible if the
/// three steps are processed separately (in parallel). It does not matter much
/// which order the steps are done in, but **all of these steps must completed
/// before application data is sent and before received application data is
/// processed**. `EndEntityCert::from` is an inexpensive operation and is
/// deterministic, so if these tasks are done in multiple threads, it is
/// probably best to just call `EndEntityCert::from` multiple times (before each
/// operation) for the same DER-encoded ASN.1 certificate bytes.
</span><span class="kw">pub struct </span>EndEntityCert&lt;<span class="lifetime">&#39;a</span>&gt; {
inner: cert::Cert&lt;<span class="lifetime">&#39;a</span>&gt;,
}
<span class="kw">impl</span>&lt;<span class="lifetime">&#39;a</span>&gt; EndEntityCert&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="doccomment">/// Parse the ASN.1 DER-encoded X.509 encoding of the certificate
/// `cert_der`.
</span><span class="kw">pub fn </span>from(cert_der: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8]) -&gt; <span class="prelude-ty">Result</span>&lt;<span class="self">Self</span>, Error&gt; {
<span class="prelude-val">Ok</span>(<span class="self">Self </span>{
inner: cert::parse_cert(
untrusted::Input::from(cert_der),
cert::EndEntityOrCA::EndEntity,
)<span class="question-mark">?</span>,
})
}
<span class="doccomment">/// Verifies that the end-entity certificate is valid for use by a TLS
/// server.
///
/// `supported_sig_algs` is the list of signature algorithms that are
/// trusted for use in certificate signatures; the end-entity certificate&#39;s
/// public key is not validated against this list. `trust_anchors` is the
/// list of root CAs to trust. `intermediate_certs` is the sequence of
/// intermediate certificates that the server sent in the TLS handshake.
/// `time` is the time for which the validation is effective (usually the
/// current time).
</span><span class="kw">pub fn </span>verify_is_valid_tls_server_cert(
<span class="kw-2">&amp;</span><span class="self">self</span>, supported_sig_algs: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span>SignatureAlgorithm],
<span class="kw-2">&amp;</span>TLSServerTrustAnchors(trust_anchors): <span class="kw-2">&amp;</span>TLSServerTrustAnchors,
intermediate_certs: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span>[u8]], time: Time,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), Error&gt; {
verify_cert::build_chain(
verify_cert::EKU_SERVER_AUTH,
supported_sig_algs,
trust_anchors,
intermediate_certs,
<span class="kw-2">&amp;</span><span class="self">self</span>.inner,
time,
<span class="number">0</span>,
)
}
<span class="doccomment">/// Verifies that the end-entity certificate is valid for use by a TLS
/// client.
///
/// If the certificate is not valid for any of the given names then this
/// fails with `Error::CertNotValidForName`.
///
/// `supported_sig_algs` is the list of signature algorithms that are
/// trusted for use in certificate signatures; the end-entity certificate&#39;s
/// public key is not validated against this list. `trust_anchors` is the
/// list of root CAs to trust. `intermediate_certs` is the sequence of
/// intermediate certificates that the client sent in the TLS handshake.
/// `cert` is the purported end-entity certificate of the client. `time` is
/// the time for which the validation is effective (usually the current
/// time).
</span><span class="kw">pub fn </span>verify_is_valid_tls_client_cert(
<span class="kw-2">&amp;</span><span class="self">self</span>, supported_sig_algs: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span>SignatureAlgorithm],
<span class="kw-2">&amp;</span>TLSClientTrustAnchors(trust_anchors): <span class="kw-2">&amp;</span>TLSClientTrustAnchors,
intermediate_certs: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span>[u8]], time: Time,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), Error&gt; {
verify_cert::build_chain(
verify_cert::EKU_CLIENT_AUTH,
supported_sig_algs,
trust_anchors,
intermediate_certs,
<span class="kw-2">&amp;</span><span class="self">self</span>.inner,
time,
<span class="number">0</span>,
)
}
<span class="doccomment">/// Verifies that the certificate is valid for the given DNS host name.
</span><span class="kw">pub fn </span>verify_is_valid_for_dns_name(<span class="kw-2">&amp;</span><span class="self">self</span>, dns_name: DNSNameRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), Error&gt; {
name::verify_cert_dns_name(<span class="kw-2">&amp;</span><span class="self">self</span>, dns_name)
}
<span class="doccomment">/// Verifies that the certificate is valid for at least one of the given DNS
/// host names.
///
/// If the certificate is not valid for any of the given names then this
/// fails with `Error::CertNotValidForName`. Otherwise the DNS names for
/// which the certificate is valid are returned.
///
/// Requires the `std` default feature; i.e. this isn&#39;t available in
/// `#![no_std]` configurations.
</span><span class="attribute">#[cfg(feature = <span class="string">&quot;std&quot;</span>)]
</span><span class="kw">pub fn </span>verify_is_valid_for_at_least_one_dns_name&lt;<span class="lifetime">&#39;names</span>, Names&gt;(
<span class="kw-2">&amp;</span><span class="self">self</span>, dns_names: Names,
) -&gt; <span class="prelude-ty">Result</span>&lt;Vec&lt;DNSNameRef&lt;<span class="lifetime">&#39;names</span>&gt;&gt;, Error&gt;
<span class="kw">where
</span>Names: Iterator&lt;Item = DNSNameRef&lt;<span class="lifetime">&#39;names</span>&gt;&gt;,
{
<span class="kw">let </span>result: Vec&lt;DNSNameRef&lt;<span class="lifetime">&#39;names</span>&gt;&gt; = dns_names
.filter(|n| <span class="self">self</span>.verify_is_valid_for_dns_name(<span class="kw-2">*</span>n).is_ok())
.collect();
<span class="kw">if </span>result.is_empty() {
<span class="kw">return </span><span class="prelude-val">Err</span>(Error::CertNotValidForName);
}
<span class="prelude-val">Ok</span>(result)
}
<span class="doccomment">/// Verifies the signature `signature` of message `msg` using the
/// certificate&#39;s public key.
///
/// `signature_alg` is the algorithm to use to
/// verify the signature; the certificate&#39;s public key is verified to be
/// compatible with this algorithm.
///
/// For TLS 1.2, `signature` corresponds to TLS&#39;s
/// `DigitallySigned.signature` and `signature_alg` corresponds to TLS&#39;s
/// `DigitallySigned.algorithm` of TLS type `SignatureAndHashAlgorithm`. In
/// TLS 1.2 a single `SignatureAndHashAlgorithm` may map to multiple
/// `SignatureAlgorithm`s. For example, a TLS 1.2
/// `ignatureAndHashAlgorithm` of (ECDSA, SHA-256) may map to any or all
/// of {`ECDSA_P256_SHA256`, `ECDSA_P384_SHA256`}, depending on how the TLS
/// implementation is configured.
///
/// For current TLS 1.3 drafts, `signature_alg` corresponds to TLS&#39;s
/// `algorithm` fields of type `SignatureScheme`. There is (currently) a
/// one-to-one correspondence between TLS 1.3&#39;s `SignatureScheme` and
/// `SignatureAlgorithm`.
</span><span class="kw">pub fn </span>verify_signature(
<span class="kw-2">&amp;</span><span class="self">self</span>, signature_alg: <span class="kw-2">&amp;</span>SignatureAlgorithm, msg: <span class="kw-2">&amp;</span>[u8], signature: <span class="kw-2">&amp;</span>[u8],
) -&gt; <span class="prelude-ty">Result</span>&lt;(), Error&gt; {
signed_data::verify_signature(
signature_alg,
<span class="self">self</span>.inner.spki.value(),
untrusted::Input::from(msg),
untrusted::Input::from(signature),
)
}
}
<span class="doccomment">/// A trust anchor (a.k.a. root CA).
///
/// Traditionally, certificate verification libraries have represented trust
/// anchors as full X.509 root certificates. However, those certificates
/// contain a lot more data than is needed for verifying certificates. The
/// `TrustAnchor` representation allows an application to store just the
/// essential elements of trust anchors. The `webpki::trust_anchor_util` module
/// provides functions for converting X.509 certificates to to the minimized
/// `TrustAnchor` representation, either at runtime or in a build script.
</span><span class="attribute">#[derive(Debug)]
</span><span class="kw">pub struct </span>TrustAnchor&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="doccomment">/// The value of the `subject` field of the trust anchor.
</span><span class="kw">pub </span>subject: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8],
<span class="doccomment">/// The value of the `subjectPublicKeyInfo` field of the trust anchor.
</span><span class="kw">pub </span>spki: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8],
<span class="doccomment">/// The value of a DER-encoded NameConstraints, containing name
/// constraints to apply to the trust anchor, if any.
</span><span class="kw">pub </span>name_constraints: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[u8]&gt;,
}
<span class="doccomment">/// Trust anchors which may be used for authenticating servers.
</span><span class="attribute">#[derive(Debug)]
</span><span class="kw">pub struct </span>TLSServerTrustAnchors&lt;<span class="lifetime">&#39;a</span>&gt;(<span class="kw">pub </span><span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[TrustAnchor&lt;<span class="lifetime">&#39;a</span>&gt;]);
<span class="doccomment">/// Trust anchors which may be used for authenticating clients.
</span><span class="attribute">#[derive(Debug)]
</span><span class="kw">pub struct </span>TLSClientTrustAnchors&lt;<span class="lifetime">&#39;a</span>&gt;(<span class="kw">pub </span><span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>[TrustAnchor&lt;<span class="lifetime">&#39;a</span>&gt;]);
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="webpki" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>