Struct webpki::TrustAnchor
source · [−]pub struct TrustAnchor<'a> {
pub subject: &'a [u8],
pub spki: &'a [u8],
pub name_constraints: Option<&'a [u8]>,
}
Expand description
A trust anchor (a.k.a. root CA).
Traditionally, certificate verification libraries have represented trust
anchors as full X.509 root certificates. However, those certificates
contain a lot more data than is needed for verifying certificates. The
TrustAnchor
representation allows an application to store just the
essential elements of trust anchors. The TrustAnchor::try_from_cert_der
function allows converting X.509 certificates to to the minimized
TrustAnchor
representation, either at runtime or in a build script.
Fields
subject: &'a [u8]
The value of the subject
field of the trust anchor.
spki: &'a [u8]
The value of the subjectPublicKeyInfo
field of the trust anchor.
name_constraints: Option<&'a [u8]>
The value of a DER-encoded NameConstraints, containing name constraints to apply to the trust anchor, if any.
Implementations
sourceimpl<'a> TrustAnchor<'a>
impl<'a> TrustAnchor<'a>
sourcepub fn try_from_cert_der(cert_der: &'a [u8]) -> Result<Self, Error>
pub fn try_from_cert_der(cert_der: &'a [u8]) -> Result<Self, Error>
Interprets the given DER-encoded certificate as a TrustAnchor
. The
certificate is not validated. In particular, there is no check that the
certificate is self-signed or even that the certificate has the cA basic
constraint.