Expand description
webpki: Web PKI X.509 Certificate Validation.
See EndEntityCert
’s documentation for a description of the certificate
processing steps necessary for a TLS connection.
Features
Feature | Description |
---|---|
alloc | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
std | Enable features that require libstd. Implies alloc . |
ring | Enable use of the ring crate for cryptography. |
Modules
- Encodings of the PKIX AlgorithmIdentifier type:
Structs
- An error indicating that an
IpAddrRef
could not built because the input could not be parsed as an IP address. - Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- A parsed X509 certificate.
- DnsName
alloc
Requires thealloc
feature. A DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate. - A reference to a DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
- An end-entity certificate.
- An error indicating that a
DnsNameRef
could not built because the input is not a syntactically-valid DNS Name. - A detail-less error when a signature is not valid.
- An error indicating that a
SubjectNameRef
could not built because the input is not a syntactically-valid DNS Name or IP address. - The expected key usage of a certificate.
- Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
- OwnedRevokedCert
alloc
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry. - Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
- Builds a RevocationOptions instance to control how revocation checking is performed.
- The time type.
- A trust anchor (a.k.a. root CA).
Enums
- Trailing data was found while parsing DER-encoded input for the named type.
- An enumeration indicating whether a
Cert
is a leaf end-entity cert, or a linked list node from the CACert
to a childCert
it issued. - An error that occurs during certificate validation or name validation.
- IpAddr
alloc
Either a IPv4 or IPv6 address, plus its owned string representation - Either a IPv4 or IPv6 address, plus its borrowed string representation
- Describes how much of a certificate chain is checked for revocation status.
- Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
- A DNS name or IP address, which borrows its text representation.
- Describes how to handle the case where a certificate’s revocation status is unknown.
Statics
- ECDSA signatures using the P-256 curve and SHA-256.
- ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
- ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
- ECDSA signatures using the P-384 curve and SHA-384.
- ED25519
ring
ED25519 signatures according to RFC 8410 - RSA_PKCS1_2048_8192_SHA256
ring
andalloc
RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits. - RSA_PKCS1_2048_8192_SHA384
ring
andalloc
RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits. - RSA_PKCS1_2048_8192_SHA512
ring
andalloc
RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits. - RSA_PKCS1_3072_8192_SHA384
ring
andalloc
RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits. - RSA_PSS_2048_8192_SHA256_LEGACY_KEY
ring
andalloc
RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2. - RSA_PSS_2048_8192_SHA384_LEGACY_KEY
ring
andalloc
RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2. - RSA_PSS_2048_8192_SHA512_LEGACY_KEY
ring
andalloc
RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
Traits
- Operations over a RFC 5280 profile Certificate Revocation List (CRL) required for revocation checking. Implemented by
OwnedCertRevocationList
andBorrowedCertRevocationList
. - An abstract signature verification algorithm.