5.108. kink/tls/TRUST_ANCHOR

5.108.1. type trust_anchor

trust_anchor is a set of certificates used for TLS.

5.108.2. TRUST_ANCHOR.is?(Val)

`is?` returns whether `Val` is a trust_anchor.

5.108.3. TRUST_ANCHOR.read_pkcs12(Bin Password ...[$config={}])

`read_pkcs12` reads a `trust_anchor` from `Bin` in PKCS #12 format, which is defined in RFC 7292.

Config methods:

• C.on_success($success): default = VAL.identity

• C.on_error($error): default = {(:Exc) Exc.raise }

• C.on_wrong_password($wrong_password): default = a fun which tail-calls $error

Result

If a `trust_anchor` is successfully read, `read_pkcs12` tail-calsl $success with the `trust_anchor`.

If the password is wrong, `read_pkcs12` tail-calls $wrong_password with no arg.

If an error occurs while reading the bin, `read_pkcs12` tail-calls $error with an `exception`.

Preconditions

• `Bin` must be a `bin`

• `Password` must be a `str`

• $success must be a fun which takes a `trust_anchor`

• $error must be a fun which takes an `exception`

• $wrong_password must be a fun which takes no arg

5.108.4. TRUST_ANCHOR.default

`default` returns the default trust_anchor provided by the runtime, which usually consists of public root CAs.

5.108.5. TRUST_ANCHOR.empty

`empty` returns a trust_anchor which trusts nothing.