Crate webpki

Crate webpki 

Source
Expand description

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.

§Features

FeatureDescription
allocEnable features that require use of the heap. Currently all RSA signature algorithms require this feature.
stdEnable features that require libstd. Implies alloc.

Structs§

AddrParseError
An error indicating that an IpAddrRef could not built because the input could not be parsed as an IP address.
BorrowedCertRevocationList
Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
BorrowedRevokedCert
Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
Cert
A parsed X509 certificate.
DnsName
Requires the alloc feature. A DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
DnsNameRef
A reference to a DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
EndEntityCert
An end-entity certificate.
InvalidDnsNameError
An error indicating that a DnsNameRef could not built because the input is not a syntactically-valid DNS Name.
InvalidSubjectNameError
An error indicating that a SubjectNameRef could not built because the input is not a syntactically-valid DNS Name or IP address.
KeyUsage
The expected key usage of a certificate.
OwnedCertRevocationList
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
OwnedRevokedCert
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
SignatureAlgorithm
A signature algorithm.
Time
The time type.
TlsClientTrustAnchorsDeprecated
Trust anchors which may be used for authenticating clients.
TlsServerTrustAnchorsDeprecated
Trust anchors which may be used for authenticating servers.
TrustAnchor
A trust anchor (a.k.a. root CA).

Enums§

EndEntityOrCa
An enumeration indicating whether a Cert is a leaf end-entity cert, or a linked list node from the CA Cert to a child Cert it issued.
Error
An error that occurs during certificate validation or name validation.
IpAddr
Either a IPv4 or IPv6 address, plus its owned string representation
IpAddrRef
Either a IPv4 or IPv6 address, plus its borrowed string representation
RevocationReason
Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1[^1]
SubjectNameRef
A DNS name or IP address, which borrows its text representation.

Statics§

ECDSA_P256_SHA256
ECDSA signatures using the P-256 curve and SHA-256.
ECDSA_P256_SHA384
ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
ECDSA_P384_SHA256
ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
ECDSA_P384_SHA384
ECDSA signatures using the P-384 curve and SHA-384.
ED25519
ED25519 signatures according to RFC 8410
RSA_PKCS1_2048_8192_SHA256
RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
RSA_PKCS1_2048_8192_SHA384
RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
RSA_PKCS1_2048_8192_SHA512
RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
RSA_PKCS1_3072_8192_SHA384
RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
RSA_PSS_2048_8192_SHA256_LEGACY_KEY
RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
RSA_PSS_2048_8192_SHA384_LEGACY_KEY
RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
RSA_PSS_2048_8192_SHA512_LEGACY_KEY
RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.

Traits§

CertRevocationList
Operations over a RFC 5280 profile Certificate Revocation List (CRL) required for revocation checking. Implemented by OwnedCertRevocationList and BorrowedCertRevocationList.