docs: add doc-comments for crate::certs

src/certs/fingerprint.rs

@@ -1,17 +1,23 @@
+//! Helpers for TLS cert fingerprint generating
+
 use base64ct::{Base64Unpadded, Encoding};
 use sha2::{Digest, Sha256, Sha512};
 
 use super::verifier::CertificateDer;
 
-const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
+pub const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
-const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
+pub const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
 
+/// Certificate hashing algorithms
+/// supported in this library
 #[derive(Debug, Clone, Copy)]
 pub enum Algorithm {
     Sha256,
     Sha512,
 }
 
+/// Generate a fingerprint for the provided certificate
+/// using the specified algorithm + base64
 pub fn generate_fingerprint(cert: &CertificateDer, algo: Algorithm) -> String {
     match algo {
         Algorithm::Sha256 => {

src/certs/insecure.rs

@@ -1,13 +1,26 @@
+//! Custom verifier for Rustls accepting any TLS cert
+//! (usually called "insecure mode")
+
 use tokio_rustls::rustls::{
     self,
     client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
     crypto::CryptoProvider,
 };
 
+/// Custom verifier for Rustls accepting any TLS certificate
 #[derive(Debug)]
 pub struct AllowAllCertVerifier(std::sync::Arc<CryptoProvider>);
 
 impl AllowAllCertVerifier {
+    /// Constructor for this verifier.
+    /// Use only if you know what you are doing.
+    ///
+    /// # Examples
+    /// ```
+    /// let client = tokio_gemini::Client::builder()
+    ///     .with_custom_verifier(AllowAllCertVerifier::yes_i_know_what_i_am_doing())
+    ///     .build()
+    /// ```
     pub fn yes_i_know_what_i_am_doing() -> Self {
         AllowAllCertVerifier(
             CryptoProvider::get_default()

src/certs/mod.rs

@@ -1,3 +1,5 @@
+//! Everything related to TLS certs verification
+
 pub mod fingerprint;
 pub mod insecure;
 
@@ -10,6 +12,9 @@ pub use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
 
 use tokio_rustls::rustls;
 
+/// Trait for implementing self-signed cert verifiers
+/// like [`file_sscv::FileBasedCertVerifier`]
+/// (probably via known_hosts with TOFU policy or DANE verification)
 pub trait SelfsignedCertVerifier: Send + Sync {
     fn verify(
         &self,
@@ -19,6 +24,9 @@ pub trait SelfsignedCertVerifier: Send + Sync {
     ) -> Result<bool, rustls::Error>;
 }
 
+/// Structure holding a cert fingerprint and expiry date,
+/// suggested for using in a [`SelfsignedCertVerifier`] cert storage
+/// (like `HashMap<String, SelfsignedCert>`, as a known_hosts parsing result)
 pub struct SelfsignedCert {
     pub algo: crate::certs::fingerprint::Algorithm,
     pub fingerprint: String,

src/certs/verifier.rs

@@ -1,3 +1,7 @@
+//! Internal custom Rustls verifier
+//! allowing verification both with webpki trust roots (when enabled)
+//! and with implementaions of our own [`SelfsignedCertVerifier`]
+
 use crate::certs::SelfsignedCertVerifier;
 
 use std::sync::Arc;