pub struct X509(/* private fields */);Expand description
An X509 public key certificate.
Implementations§
Source§impl X509
 
impl X509
Sourcepub fn builder() -> Result<X509Builder, ErrorStack>
 
pub fn builder() -> Result<X509Builder, ErrorStack>
Returns a new builder.
Sourcepub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>
 
pub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>
Deserializes a PEM-encoded X509 structure.
The input should have a header of -----BEGIN CERTIFICATE-----.
This corresponds to PEM_read_bio_X509.
Sourcepub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>
 
pub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>
Deserializes a DER-encoded X509 structure.
This corresponds to d2i_X509.
Sourcepub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>
 
pub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>
Deserializes a list of PEM-formatted certificates.
This corresponds to PEM_read_bio_X509.
Methods from Deref<Target = X509Ref>§
Sourcepub fn subject_name(&self) -> &X509NameRef
 
pub fn subject_name(&self) -> &X509NameRef
Returns this certificate’s subject name.
This corresponds to X509_get_subject_name.
Sourcepub fn subject_name_hash(&self) -> u32
 
pub fn subject_name_hash(&self) -> u32
Returns the hash of the certificates subject
This corresponds to X509_subject_name_hash.
Sourcepub fn issuer_name(&self) -> &X509NameRef
 
pub fn issuer_name(&self) -> &X509NameRef
Returns this certificate’s issuer name.
This corresponds to X509_get_issuer_name.
Sourcepub fn issuer_name_hash(&self) -> u32
 
pub fn issuer_name_hash(&self) -> u32
Returns the hash of the certificates issuer
This corresponds to X509_issuer_name_hash.
Sourcepub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>
 
pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>
Returns this certificate’s subject alternative name entries, if they exist.
This corresponds to X509_get_ext_d2i.
Sourcepub fn crl_distribution_points(&self) -> Option<Stack<DistPoint>>
 
pub fn crl_distribution_points(&self) -> Option<Stack<DistPoint>>
Returns this certificate’s CRL distribution points, if they exist.
This corresponds to X509_get_ext_d2i.
Sourcepub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>
 
pub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>
Returns this certificate’s issuer alternative name entries, if they exist.
This corresponds to X509_get_ext_d2i.
Returns this certificate’s authority information access entries, if they exist.
This corresponds to X509_get_ext_d2i.
Sourcepub fn pathlen(&self) -> Option<u32>
 
pub fn pathlen(&self) -> Option<u32>
Retrieves the path length extension from a certificate, if it exists.
This corresponds to X509_get_pathlen.
Sourcepub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef>
 
pub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef>
Returns this certificate’s subject key id, if it exists.
This corresponds to X509_get0_subject_key_id.
Returns this certificate’s authority key id, if it exists.
This corresponds to X509_get0_authority_key_id.
Returns this certificate’s authority issuer name entries, if they exist.
This corresponds to X509_get0_authority_issuer.
Returns this certificate’s authority serial number, if it exists.
This corresponds to X509_get0_authority_serial.
Sourcepub fn public_key(&self) -> Result<PKey<Public>, ErrorStack>
 
pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack>
This corresponds to X509_get_pubkey.
Sourcepub fn digest(
    &self,
    hash_type: MessageDigest,
) -> Result<DigestBytes, ErrorStack>
 
pub fn digest( &self, hash_type: MessageDigest, ) -> Result<DigestBytes, ErrorStack>
Returns a digest of the DER representation of the certificate.
This corresponds to X509_digest.
pub fn fingerprint( &self, hash_type: MessageDigest, ) -> Result<Vec<u8>, ErrorStack>
Sourcepub fn not_after(&self) -> &Asn1TimeRef
 
pub fn not_after(&self) -> &Asn1TimeRef
Returns the certificate’s Not After validity period.
This corresponds to X509_getm_notAfter.
Sourcepub fn not_before(&self) -> &Asn1TimeRef
 
pub fn not_before(&self) -> &Asn1TimeRef
Returns the certificate’s Not Before validity period.
This corresponds to X509_getm_notBefore.
Sourcepub fn signature(&self) -> &Asn1BitStringRef
 
pub fn signature(&self) -> &Asn1BitStringRef
Returns the certificate’s signature
This corresponds to X509_get0_signature.
Sourcepub fn signature_algorithm(&self) -> &X509AlgorithmRef
 
pub fn signature_algorithm(&self) -> &X509AlgorithmRef
Returns the certificate’s signature algorithm.
This corresponds to X509_get0_signature.
Sourcepub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>
 
pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>
Returns the list of OCSP responder URLs specified in the certificate’s Authority Information Access field.
This corresponds to X509_get1_ocsp.
Sourcepub fn issued(&self, subject: &X509Ref) -> X509VerifyResult
 
pub fn issued(&self, subject: &X509Ref) -> X509VerifyResult
Checks that this certificate issued subject.
This corresponds to X509_check_issued.
Sourcepub fn version(&self) -> i32
 
pub fn version(&self) -> i32
Returns certificate version. If this certificate has no explicit version set, it defaults to version 1.
Note that 0 return value stands for version 1, 1 for version 2 and so on.
This corresponds to X509_get_version.
Sourcepub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>where
    T: HasPublic,
 
pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>where
    T: HasPublic,
Check if the certificate is signed using the given public key.
Only the signature is checked: no other checks (such as certificate chain validity) are performed.
Returns true if verification succeeds.
This corresponds to X509_verify.
Sourcepub fn serial_number(&self) -> &Asn1IntegerRef
 
pub fn serial_number(&self) -> &Asn1IntegerRef
Returns this certificate’s serial number.
This corresponds to X509_get_serialNumber.
Sourcepub fn alias(&self) -> Option<&[u8]>
 
pub fn alias(&self) -> Option<&[u8]>
Returns this certificate’s “alias”. This field is populated by
OpenSSL in some situations – specifically OpenSSL will store a
PKCS#12 friendlyName in this field. This is not a part of the X.509
certificate itself, OpenSSL merely attaches it to this structure in
memory.
This corresponds to X509_alias_get0.
Sourcepub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
 
pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the certificate into a PEM-encoded X509 structure.
The output will have a header of -----BEGIN CERTIFICATE-----.
This corresponds to PEM_write_bio_X509.
Sourcepub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>
 
pub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the certificate into a DER-encoded X509 structure.
This corresponds to i2d_X509.
Sourcepub fn to_text(&self) -> Result<Vec<u8>, ErrorStack>
 
pub fn to_text(&self) -> Result<Vec<u8>, ErrorStack>
Converts the certificate to human readable text.
This corresponds to X509_print.