quic_cert (quic v1.7.0)
View SourceSummary
Functions
Validate a client's certificate chain (mutual TLS, RFC 8446 §4.4.2.4).
Validate a server's certificate chain and identity.
Functions
-spec validate_client(binary() | undefined, [binary()], [binary()] | undefined) -> ok | {error, term()}.
Validate a client's certificate chain (mutual TLS, RFC 8446 §4.4.2.4).
Same trust-anchor chain validation as validate_server/4, but with no identity/hostname check: a client certificate is not bound to a server name, and the peer's application identity is established separately (e.g. from the certificate subject plus an out-of-band token). Leaf is the client's end-entity certificate (DER), Intermediates the rest of the chain in wire (leaf-to-root) order, and CaCerts the trust anchors (DER list, or undefined for the OS trust store).
-spec validate_server(binary() | undefined, [binary()], [binary()] | undefined, binary() | undefined) -> ok | {error, term()}.
Validate a server's certificate chain and identity.
Leaf is the server's end-entity certificate (DER). Intermediates are the remaining certificates sent by the peer (DER), in the leaf-to-root order they arrive on the wire. CaCerts are the trust anchors as a DER list, or undefined to use the OS trust store. ServerName is the expected identity (binary hostname or IP literal), or undefined to skip the hostname check.