Crate webpki

source ·
Expand description

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.

Features

FeatureDescription
allocEnable features that require use of the heap. Currently all RSA signature algorithms require this feature.
stdEnable features that require libstd. Implies alloc.
ringEnable use of the ring crate for cryptography.

Modules

  • alg_id
    Encodings of the PKIX AlgorithmIdentifier type:

Structs

  • AddrParseError
    An error indicating that an IpAddrRef could not built because the input could not be parsed as an IP address.
  • BorrowedCertRevocationList
    Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
  • BorrowedRevokedCert
    Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
  • Cert
    A parsed X509 certificate.
  • DnsNamealloc
    Requires the alloc feature. A DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
  • DnsNameRef
    A reference to a DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
  • EndEntityCert
    An end-entity certificate.
  • InvalidDnsNameError
    An error indicating that a DnsNameRef could not built because the input is not a syntactically-valid DNS Name.
  • InvalidSignature
    A detail-less error when a signature is not valid.
  • InvalidSubjectNameError
    An error indicating that a SubjectNameRef could not built because the input is not a syntactically-valid DNS Name or IP address.
  • KeyUsage
    The expected key usage of a certificate.
  • OwnedCertRevocationListalloc
    Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
  • OwnedRevokedCertalloc
    Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
  • RevocationOptions
    Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
  • RevocationOptionsBuilder
    Builds a RevocationOptions instance to control how revocation checking is performed.
  • Time
    The time type.
  • TrustAnchor
    A trust anchor (a.k.a. root CA).

Enums

  • DerTypeId
    Trailing data was found while parsing DER-encoded input for the named type.
  • EndEntityOrCa
    An enumeration indicating whether a Cert is a leaf end-entity cert, or a linked list node from the CA Cert to a child Cert it issued.
  • Error
    An error that occurs during certificate validation or name validation.
  • IpAddralloc
    Either a IPv4 or IPv6 address, plus its owned string representation
  • IpAddrRef
    Either a IPv4 or IPv6 address, plus its borrowed string representation
  • RevocationCheckDepth
    Describes how much of a certificate chain is checked for revocation status.
  • RevocationReason
    Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
  • SubjectNameRef
    A DNS name or IP address, which borrows its text representation.
  • UnknownStatusPolicy
    Describes how to handle the case where a certificate’s revocation status is unknown.

Statics

Traits