#[non_exhaustive]
pub enum CertificateError {
    BadEncoding,
    Expired,
    NotValidYet,
    Revoked,
    UnhandledCriticalExtension,
    UnknownIssuer,
    BadSignature,
    NotValidForName,
    InvalidPurpose,
    ApplicationVerificationFailure,
    Other(Arc<dyn StdError + Send + Sync>),
}
Expand description

The ways in which certificate validators can express errors.

Note that the rustls TLS protocol code interprets specifically these error codes to send specific TLS alerts. Therefore, if a custom certificate validator uses incorrect errors the library as a whole will send alerts that do not match the standard (this is usually a minor issue, but could be misleading).

Variants (Non-exhaustive)

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

BadEncoding

The certificate is not correctly encoded.

Expired

The current time is after the notAfter time in the certificate.

NotValidYet

The current time is before the notBefore time in the certificate.

Revoked

The certificate has been revoked.

UnhandledCriticalExtension

The certificate contains an extension marked critical, but it was not processed by the certificate validator.

UnknownIssuer

The certificate chain is not issued by a known root certificate.

BadSignature

A certificate is not correctly signed by the key of its alleged issuer.

NotValidForName

The subject names in an end-entity certificate do not include the expected name.

InvalidPurpose

The certificate is being used for a different purpose than allowed.

ApplicationVerificationFailure

The certificate is valid, but the handshake is rejected for other reasons.

Other(Arc<dyn StdError + Send + Sync>)

Any other error.

This can be used by custom verifiers to expose the underlying error (where they are not better described by the more specific errors above).

It is also used by the default verifier in case its error is not covered by the above common cases.

Enums holding this variant will never compare equal to each other.

Trait Implementations

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Converts to this type from the input type.
Converts to this type from the input type.
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.