Expand description
webpki: Web PKI X.509 Certificate Validation.
See EndEntityCertโs documentation for a description of the certificate
processing steps necessary for a TLS connection.
ยงFeatures
| Feature | Description |
|---|---|
alloc | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
std | Enable features that require libstd. Implies alloc. |
ring | Enable use of the ring crate for cryptography. |
aws-lc-rs | Enable use of the aws-lc-rs crate for cryptography. Previously this feature was named aws_lc_rs. |
Modulesยง
- aws_
lc_ rs - Signature verification algorithm implementations using the aws-lc-rs crypto library.
- aws_
lc_ ๐rs_ algs - cert ๐
- crl ๐
- der ๐
- end_
entity ๐ - error ๐
- rpk_
entity ๐ - signed_
data ๐ - subject_
name ๐ - time ๐
- Conversions into the libraryโs time type.
- trust_
anchor ๐ - verify_
cert ๐ - x509 ๐
Structsยง
- Borrowed
Cert Revocation List - Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Borrowed
Revoked Cert - Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- Cert
- A parsed X509 certificate.
- EndEntity
Cert - An end-entity certificate.
- Invalid
Name Context - Additional context for the
CertNotValidForNameerror variant. - KeyUsage
- The expected key usage of a certificate.
- Owned
Cert Revocation List - Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Owned
Revoked Cert - Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- RawPublic
KeyEntity - A Raw Public Key, used for connections using raw public keys as specified in RFC 7250.
- Required
EkuNot Found Context - Additional context for the
RequiredEkuNotFoundContexterror variant. - Revocation
Options - Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
- Revocation
Options Builder - Builds a RevocationOptions instance to control how revocation checking is performed.
- Unsupported
Signature Algorithm Context - Additional context for the
UnsupportedSignatureAlgorithmerror variant. - Unsupported
Signature Algorithm ForPublic KeyContext - Additional context for the
UnsupportedSignatureAlgorithmForPublicKeyerror variant. - Verified
Path - Path from end-entity certificate to trust anchor thatโs been verified.
Enumsยง
- Cert
Revocation List - A RFC 5280 profile Certificate Revocation List (CRL).
- DerType
Id - Trailing data was found while parsing DER-encoded input for the named type.
- Error
- An error that occurs during certificate validation or name validation.
- Expiration
Policy - Describes how to handle the nextUpdate field of the CRL (i.e. expiration).
- Revocation
Check Depth - Describes how much of a certificate chain is checked for revocation status.
- Revocation
Reason - Identifies the reason a certificate was revoked. See RFC 5280 ยง5.3.1
- Unknown
Status Policy - Describes how to handle the case where a certificateโs revocation status is unknown.
Staticsยง
- ALL_
VERIFICATION_ ALGS - An array of all the verification algorithms exported by this crate.
Functionsยง
- anchor_
from_ trusted_ cert - Interprets the given pre-validated DER-encoded certificate as a
TrustAnchor. - public_
values_ ๐eq