5.108. kink/tls/TRUST_ANCHOR

5.108.1. type trust_anchor

trust_anchor is a set of certificates used for TLS.

5.108.2. TRUST_ANCHOR.is?(Val)

`is?` returns whether `Val` is a trust_anchor.

5.108.3. TRUST_ANCHOR.read_pkcs12(Bin Password ...[$config={}])

read_pkcs12 reads a trust_anchor from a `bin` in PKCS #12 format, which is defined in RFC 7292.

Preconditions

• `Bin` must be a `bin`

• `Password` must be a `str`

• $config must be a fun which takes a config val

Config val methods

• C.on_success($success): uses $success as the success cont. $success must be a fun which takes a trust_anchor val. The default success cont is VAL.identity.

• C.on_wrong_password($wrong_password): uses $wrong_password as the wrong-password cont. $wrong_password must be a fun which takes no arg. The default wrong-password cont is a fun which tail-calls the error cont.

• C.on_error($error): uses $error as the error cont. $error must be a fun which takes a `str` val. The default error cont is a fun which raises an exception.

Result

If read_pkcs12 successfully reads a trust_anchor, it tail-calls the success cont with the trust_anchor.

If the password is wrong, read_pkcs12 tail-calls the wrong-password cont.

If an error occurs while reading the bin, read_pkcs12 tail-calls the error cont with a `str` as the error message.

5.108.4. TRUST_ANCHOR.default

`default` returns the default trust_anchor provided by the runtime, which usually consists of public root CAs.

5.108.5. TRUST_ANCHOR.empty

`empty` returns a trust_anchor which trusts nothing.