pub struct TrustAnchor<'a> {
    pub subject: &'a [u8],
    pub spki: &'a [u8],
    pub name_constraints: Option<&'a [u8]>,
}
Expand description

A trust anchor (a.k.a. root CA).

Traditionally, certificate verification libraries have represented trust anchors as full X.509 root certificates. However, those certificates contain a lot more data than is needed for verifying certificates. The TrustAnchor representation allows an application to store just the essential elements of trust anchors. The TrustAnchor::try_from_cert_der function allows converting X.509 certificates to to the minimized TrustAnchor representation, either at runtime or in a build script.

Fields

subject: &'a [u8]

The value of the subject field of the trust anchor.

spki: &'a [u8]

The value of the subjectPublicKeyInfo field of the trust anchor.

name_constraints: Option<&'a [u8]>

The value of a DER-encoded NameConstraints, containing name constraints to apply to the trust anchor, if any.

Implementations

Interprets the given DER-encoded certificate as a TrustAnchor. The certificate is not validated. In particular, there is no check that the certificate is self-signed or even that the certificate has the cA basic constraint.

Trait Implementations

Formats the value using the given formatter. Read more
Converts to this type from the input type.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.