Crate webpki

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.

Features

Feature	Description
alloc	Enable features that require use of the heap. Currently all RSA signature algorithms require this feature.
std	Enable features that require libstd. Implies alloc.
ring	Enable use of the ring crate for cryptography.
aws-lc-rs	Enable use of the aws-lc-rs crate for cryptography. Previously this feature was named aws_lc_rs.

Modules

• aws_lc_rs
  Signature verification algorithm implementations using the aws-lc-rs crypto library.
• aws_lc_rs_algs 🔒
• cert 🔒
• crl 🔒
• der 🔒
• end_entity 🔒
• error 🔒
• rpk_entity 🔒
• signed_data 🔒
• subject_name 🔒
• time 🔒
  Conversions into the library’s time type.
• trust_anchor 🔒
• verify_cert 🔒
• x509 🔒

Structs

• BorrowedCertRevocationList
  Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
• BorrowedRevokedCert
  Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
• Cert
  A parsed X509 certificate.
• EndEntityCert
  An end-entity certificate.
• InvalidNameContext
  Additional context for the CertNotValidForName error variant.
• KeyUsage
  The expected key usage of a certificate.
• OwnedCertRevocationList
  Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
• OwnedRevokedCert
  Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
• RawPublicKeyEntity
  A Raw Public Key, used for connections using raw public keys as specified in RFC 7250.
• RevocationOptions
  Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
• RevocationOptionsBuilder
  Builds a RevocationOptions instance to control how revocation checking is performed.
• VerifiedPath
  Path from end-entity certificate to trust anchor that’s been verified.

Enums

• CertRevocationList
  A RFC 5280 profile Certificate Revocation List (CRL).
• DerTypeId
  Trailing data was found while parsing DER-encoded input for the named type.
• Error
  An error that occurs during certificate validation or name validation.
• ExpirationPolicy
  Describes how to handle the nextUpdate field of the CRL (i.e. expiration).
• RevocationCheckDepth
  Describes how much of a certificate chain is checked for revocation status.
• RevocationReason
  Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
• UnknownStatusPolicy
  Describes how to handle the case where a certificate’s revocation status is unknown.

Statics

• ALL_VERIFICATION_ALGS
  An array of all the verification algorithms exported by this crate.

Functions

• anchor_from_trusted_cert
  Interprets the given pre-validated DER-encoded certificate as a TrustAnchor.
• public_values_eq 🔒