Closed jsha closed 3 years ago
When you pass the trust anchors into webpki, you have to wrap them either in TLSServerTrustAnchors
or TLSClientTrustAnchors
; i.e. this is explicit in the API already. I'm planning to refactor the API and when I do I intend to keep the distinction explicit in the types.
Right now TrustAnchor has the fields
subject
,spki
, andname_constraints
. Some trust stores have "trust bits" for various purposes (mainly TLS server vs email). I suspect it's implicit thatwebpki
TrustAnchors are always considered to be trusted for authenticating TLS servers and TLS clients. Does it make sense to make that explicit in the documentation?