Expand description
webpki: Web PKI X.509 Certificate Validation.
See EndEntityCert
’s documentation for a description of the certificate
processing steps necessary for a TLS connection.
§Features
Feature | Description |
---|---|
alloc | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
std | Enable features that require libstd. Implies alloc . |
ring | Enable use of the ring crate for cryptography. |
aws_lc_rs | Enable use of the aws-lc-rs crate for cryptography. |
Re-exports§
pub use pki_types as types;
Modules§
- alg_id
- Encodings of the PKIX AlgorithmIdentifier type.
- ring
ring
- Signature verification algorithm implementations using the ring crypto library.
Structs§
- Borrowed
Cert Revocation List - Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Borrowed
Revoked Cert - Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- Cert
- A parsed X509 certificate.
- EndEntity
Cert - An end-entity certificate.
- KeyUsage
- The expected key usage of a certificate.
- Owned
Cert Revocation List alloc
- Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Owned
Revoked Cert alloc
- Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- RawPublic
KeyEntity - A Raw Public Key, used for connections using raw public keys as specified in RFC 7250.
- Revocation
Options - Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
- Revocation
Options Builder - Builds a RevocationOptions instance to control how revocation checking is performed.
- Verified
Path - Path from end-entity certificate to trust anchor that’s been verified.
Enums§
- Cert
Revocation List - A RFC 5280 profile Certificate Revocation List (CRL).
- DerType
Id - Trailing data was found while parsing DER-encoded input for the named type.
- Error
- An error that occurs during certificate validation or name validation.
- Expiration
Policy - Describes how to handle the nextUpdate field of the CRL (i.e. expiration).
- Revocation
Check Depth - Describes how much of a certificate chain is checked for revocation status.
- Revocation
Reason - Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
- Unknown
Status Policy - Describes how to handle the case where a certificate’s revocation status is unknown.
Statics§
- ALL_
VERIFICATION_ ALGS - An array of all the verification algorithms exported by this crate.
Functions§
- anchor_
from_ trusted_ cert - Interprets the given pre-validated DER-encoded certificate as a
TrustAnchor
.