Crate webpki

Source
Expand description

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.

§Features

FeatureDescription
allocEnable features that require use of the heap. Currently all RSA signature algorithms require this feature.
stdEnable features that require libstd. Implies alloc.
ringEnable use of the ring crate for cryptography.
aws_lc_rsEnable use of the aws-lc-rs crate for cryptography.

Re-exports§

pub use pki_types as types;

Modules§

alg_id
Encodings of the PKIX AlgorithmIdentifier type.
ringring
Signature verification algorithm implementations using the ring crypto library.

Structs§

BorrowedCertRevocationList
Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
BorrowedRevokedCert
Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
Cert
A parsed X509 certificate.
EndEntityCert
An end-entity certificate.
KeyUsage
The expected key usage of a certificate.
OwnedCertRevocationListalloc
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
OwnedRevokedCertalloc
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
RawPublicKeyEntity
A Raw Public Key, used for connections using raw public keys as specified in RFC 7250.
RevocationOptions
Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
RevocationOptionsBuilder
Builds a RevocationOptions instance to control how revocation checking is performed.
VerifiedPath
Path from end-entity certificate to trust anchor that’s been verified.

Enums§

CertRevocationList
A RFC 5280 profile Certificate Revocation List (CRL).
DerTypeId
Trailing data was found while parsing DER-encoded input for the named type.
Error
An error that occurs during certificate validation or name validation.
ExpirationPolicy
Describes how to handle the nextUpdate field of the CRL (i.e. expiration).
RevocationCheckDepth
Describes how much of a certificate chain is checked for revocation status.
RevocationReason
Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
UnknownStatusPolicy
Describes how to handle the case where a certificate’s revocation status is unknown.

Statics§

ALL_VERIFICATION_ALGS
An array of all the verification algorithms exported by this crate.

Functions§

anchor_from_trusted_cert
Interprets the given pre-validated DER-encoded certificate as a TrustAnchor.