X.509 Parser
A X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.
It is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken to ensure security and safety of this crate, including design (recursion limit, defensive programming), tests, and fuzzing. It also aims to be panic-free.
The code is available on Github and is part of the Rusticata project.
The main parsing method is parse_x509_der
, which takes a
DER-encoded certificate as input, and builds a
X509Certificate
object.
For PEM-encoded certificates, use the pem
module.
Examples
Parsing a certificate in DER format:
use parse_x509_der;
static IGCA_DER: &'static = include_bytes!;
let res = parse_x509_der;
match res
See also examples/print-cert.rs
.
Features
- The
verify
feature adds support for (cryptographic) signature verification, based on ring. It adds theverify_signature
toX509Certificate
.
/// Cryptographic signature verification: returns true if certificate was signed by issuer
Compatibility with older rust versions
1.34
There is a build error in arrayvec
with rust 1.34: error[E0658]: use of unstable library feature 'maybe_uninit'
To fix it, force the version of lexical-core
down:
cargo update -p lexical-core --precise 0.6.7
The verify
feature is not compatible with rustc 1.34.
Changes
See CHANGELOG.md
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.