pub fn compute_channel_binding(cert_der: &[u8]) -> Vec<u8> ⓘExpand description
Compute the tls-server-end-point channel binding value (RFC 5929).
This is the hash of the server’s TLS certificate, used for channel binding in HTTP authentication protocols. The hash algorithm is determined by the certificate’s signature algorithm:
- MD5 or SHA-1 signed certs → use SHA-256
- All others → use the cert’s own hash algorithm
EST uses this for binding enrollment requests to the TLS session, preventing credential forwarding attacks.