Expand description
Lexe TLS configs, certs, and utilities.
Modules§
- attest_
client - mTLS clients for verifying SGX remote attestations.
- ed25519_
ext - ed25519 key pair extension trait (PEM ser/de).
Extension traits and types on
lexe_crypto::ed25519, so it can integrate with TLS libraries likerustlsandrcgenwithout adding a dependency on an entire TLS stack in a foundational crate likelexe_crypto. - lexe_ca
- Certs and utilities related to Lexe’s CA. Certs and utilities related to Lexe’s CA.
- p256
- ECDSA P-256 key pairs for webpki TLS certs. ECDSA P-256 key pairs, used for webpki TLS certificates.
- rustls
- Re-export all of
lexe_tls_core. - shared_
seed - mTLS based on a shared
RootSeed. mTLS based on a sharedRootSeed. We’ll call this “shared seed” mTLS. - types
- TLS newtypes, namely DER-encoded certs and cert keys. TLS newtypes.
Statics§
- DEFAULT_
SUBJECT_ ALT_ NAMES - A safe default for
rcgen::CertificateParams::subject_alt_nameswhen there isn’t a specific value that makes sense. Used for client / CA certs. - LEXE_
ALPN_ PROTOCOLS - Re-export all of
lexe_tls_core. Lexe default value forClientConfig::alpn_protocolsandServerConfig::alpn_protocols: HTTP/1.1 and HTTP/2 - LEXE_
CRYPTO_ PROVIDER - Re-export all of
lexe_tls_core. Ourrustls::crypto::CryptoProvider. Use this instead ofrustls::crypto::ring::default_provider. - LEXE_
SIGNATURE_ ALGORITHMS - Re-export all of
lexe_tls_core. Lexe signature algorithms: Only Ed25519. Pass this torustls::crypto::verify_tls13_signature. - LEXE_
SUPPORTED_ VERIFY_ SCHEMES - Re-export all of
lexe_tls_core. The value to pass toServerCertVerifier::supported_verify_schemes - LEXE_
TLS_ PROTOCOL_ VERSIONS - Re-export all of
lexe_tls_core. Lexe TLS protocol version: TLSv1.3
Functions§
- build_
rcgen_ cert_ params - Build an
rcgen::CertificateParamswith Lexe presets and optional overrides. - cert_
contains_ dns - Whether the given DER-encoded cert is bound to the given DNS names.
- cert_
is_ valid_ for_ at_ least - Whether the given DER-encoded cert is currently valid and will be valid for
at least
buffer_daysmore days.buffer_days=0can be used if you only wish to check whether the cert is currently valid. Does not validate anything other than expiry. Returnsfalseif the cert failed to parse. - client_
config_ builder - Re-export all of
lexe_tls_core. Helper to get a builder for aClientConfigwith Lexe’s presets. NOTE: Remember: Setalpn_protocolstoLEXE_ALPN_PROTOCOLSafterwards! - lexe_
distinguished_ name - Build a Lexe Distinguished Name given a Common Name.
- server_
config_ builder - Re-export all of
lexe_tls_core. Helper to get a builder for aServerConfigwith Lexe’s presets. NOTE: Remember: Setalpn_protocolstoLEXE_ALPN_PROTOCOLSafterwards!