vibe.d beta banner
get vibe.d

Asynchronous I/O that doesn’t get in your way, written in D

Enum SSLPeerValidationMode

Specifies how rigorously SSL peer certificates are validated.

enum SSLPeerValidationMode : int { ... }

The individual options can be combined using a bitwise "or". Usually it is recommended to use trustedCert for full validation.

Enum members

checkCertCheck the certificate for basic validity.

This verifies the validity of the certificate chain and some other general properties, such as expiration time. It doesn't verify either the peer name or the trust state of the certificate.

checkPeerValidate the actual peer name/address against the certificate.

Compares the name/address of the connected peer, as passed to createSSLStream to the list of patterns present in the certificate, if any. If no match is found, the connection is rejected.

checkTrustRequires that the certificate or any parent certificate is trusted.

Searches list of trusted certificates for a match of the certificate chain. If no match is found, the connection is rejected.

See also


noneAccept any peer regardless if and which certificate is presented.

This mode is generally discouraged and should only be used with a custom validation callback set to do the verification.

requireCertRequire the peer to always present a certificate.

Note that this option alone does not verify the certificate at all. It can be used together with the "check" options, or by using a custom validation callback to actually validate certificates.

trustedCertRequire a valid and trusted certificate (strongly recommended).

Checks the certificate and peer name for validity and requires that the certificate chain originates from a trusted CA (based on the registered pool of certificate authorities).

This option is a combination validCert and checkTrust.

See also


validCertRequire a valid certificate matching the peer name.

In this mode, the certificate is validated for general consistency and possible expiration, and the peer name is checked to see if the certificate actually applies.

However, the certificate chain is not matched against the system's pool of trusted certificate authorities, so a custom validation callback is still needed to get a secure validation process.

This option is a combination requireCert, checkCert and checkPeer.


Sönke Ludwig


© 2012-2014 RejectedSoftware e.K.


Subject to the terms of the MIT license, as written in the included LICENSE.txt file.