Expand description
webpki: Web PKI X.509 Certificate Validation.
See EndEntityCert
βs documentation for a description of the certificate
processing steps necessary for a TLS connection.
Β§Features
Feature | Description |
---|---|
alloc | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
std | Enable features that require libstd. Implies alloc . |
Modules§
- calendar π
- cert π
- crl π
- der π
- end_
entity π - error π
- signed_
data π - subject_
name π - time πConversions into the libraryβs time type.
- trust_
anchor π - verify_
cert π - x509 π
Structs§
- An error indicating that an
IpAddrRef
could not built because the input could not be parsed as an IP address. - Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- A parsed X509 certificate.
- Requires the
alloc
feature. A DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate. - A reference to a DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
- An end-entity certificate.
- An error indicating that a
DnsNameRef
could not built because the input is not a syntactically-valid DNS Name. - An error indicating that a
SubjectNameRef
could not built because the input is not a syntactically-valid DNS Name or IP address. - The expected key usage of a certificate.
- Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- A signature algorithm.
- The time type.
- TlsClient
Trust Anchors Deprecated Trust anchors which may be used for authenticating clients. - TlsServer
Trust Anchors Deprecated Trust anchors which may be used for authenticating servers. - A trust anchor (a.k.a. root CA).
Enums§
- An enumeration indicating whether a
Cert
is a leaf end-entity cert, or a linked list node from the CACert
to a childCert
it issued. - An error that occurs during certificate validation or name validation.
- Either a IPv4 or IPv6 address, plus its owned string representation
- Either a IPv4 or IPv6 address, plus its borrowed string representation
- Identifies the reason a certificate was revoked. See RFC 5280 Β§5.3.1[^1]
- A DNS name or IP address, which borrows its text representation.
Statics§
- ECDSA signatures using the P-256 curve and SHA-256.
- ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
- ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
- ECDSA signatures using the P-384 curve and SHA-384.
- ED25519 signatures according to RFC 8410
- RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
- RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
- RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
- RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
- RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
- RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
- RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
Traits§
- Operations over a RFC 5280 profile Certificate Revocation List (CRL) required for revocation checking. Implemented by
OwnedCertRevocationList
andBorrowedCertRevocationList
.
Functions§
- public_
values_ πeq