Expand description
RFC 4158 certification path building for pkix_path.
Accepts an unordered collection of certificates (CertPool) and
constructs a valid ordered chain suitable for pkix_path::validate_path.
§Relationship to pkix-path
pkix-path validates a caller-ordered &[Certificate]. This crate
handles the prior step: discovering and ordering that chain from a bag
of certificates when the caller does not know the chain order in advance.
Cross-certificates and bridge CA topologies are handled here, not in
pkix-path.
§Algorithm
build_path uses iterative-deepening DFS (RFC 4158 §2.5): it tries
increasing maximum path depths from 1 to 10, performing a full DFS at
each depth. This guarantees that the shortest valid path is returned while
bounding memory to O(depth) stack frames per attempt.
§Spec references
- RFC 4158 — Internet X.509 PKI: Certification Path Building
- RFC 5280 §6.1 — the validation algorithm this crate feeds into
§no_std
This crate is no_std but requires the alloc crate. The extern crate alloc
declaration is provided automatically; you do not need to add it yourself, but
your target must supply a global allocator (e.g., #[global_allocator]).
Structs§
- Cert
Pool - An unordered collection of certificates used as input to path building.
Enums§
- Error
- Errors returned by path building.
Functions§
- build_
path - Build a certification path from
targetthrough certificates inpoolto one of the provided trust anchors.
Type Aliases§
- Result
- Result alias for this crate.