Crate webpki

Expand description

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.

Features

Feature	Description
`alloc`	Enable features that require use of the heap. Currently all RSA signature algorithms require this feature.
`std`	Enable features that require libstd. Implies `alloc`.

Structs

AddrParseError

An error indicating that an IpAddrRef could not built because the input could not be parsed as an IP address.

BorrowedCertRevocationList

Borrowed representation of a RFC 5280¹ profile Certificate Revocation List (CRL).

BorrowedRevokedCert

Borrowed representation of a RFC 5280¹ profile Certificate Revocation List (CRL) revoked certificate entry.

Cert

A parsed X509 certificate.

DnsName

A DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.

DnsNameRef

A reference to a DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.

EndEntityCert

An end-entity certificate.

InvalidDnsNameError

An error indicating that a DnsNameRef could not built because the input is not a syntactically-valid DNS Name.

InvalidSubjectNameError

An error indicating that a SubjectNameRef could not built because the input is not a syntactically-valid DNS Name or IP address.

OwnedCertRevocationList

Owned representation of a RFC 5280¹ profile Certificate Revocation List (CRL).

OwnedRevokedCert

Owned representation of a RFC 5280¹ profile Certificate Revocation List (CRL) revoked certificate entry.

SignatureAlgorithm

A signature algorithm.

Time

The time type.

TlsClientTrustAnchors

Trust anchors which may be used for authenticating clients.

TlsServerTrustAnchors

Trust anchors which may be used for authenticating servers.

TrustAnchor

A trust anchor (a.k.a. root CA).

Enums

EndEntityOrCa

An enumeration indicating whether a Cert is a leaf end-entity cert, or a linked list node from the CA Cert to a child Cert it issued.

Error

An error that occurs during certificate validation or name validation.

IpAddr

Either a IPv4 or IPv6 address, plus its owned string representation

IpAddrRef

Either a IPv4 or IPv6 address, plus its borrowed string representation

RevocationReason

Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1¹

SubjectNameRef

A DNS name or IP address, which borrows its text representation.

Statics

ECDSA_P256_SHA256

ECDSA signatures using the P-256 curve and SHA-256.

ECDSA_P256_SHA384

ECDSA signatures using the P-256 curve and SHA-384. Deprecated.

ECDSA_P384_SHA256

ECDSA signatures using the P-384 curve and SHA-256. Deprecated.

ECDSA_P384_SHA384

ECDSA signatures using the P-384 curve and SHA-384.

ED25519

ED25519 signatures according to RFC 8410

RSA_PKCS1_2048_8192_SHA256

RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.

RSA_PKCS1_2048_8192_SHA384

RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.

RSA_PKCS1_2048_8192_SHA512

RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.

RSA_PKCS1_3072_8192_SHA384

RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.

RSA_PSS_2048_8192_SHA256_LEGACY_KEY

RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.

RSA_PSS_2048_8192_SHA384_LEGACY_KEY

RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.

RSA_PSS_2048_8192_SHA512_LEGACY_KEY

RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.

Traits

CertRevocationList

Operations over a RFC 5280¹ profile Certificate Revocation List (CRL) required for revocation checking. Implemented by OwnedCertRevocationList and BorrowedCertRevocationList.