Crate webpki

Expand description

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.

Features

Feature	Description
`alloc`	Enable features that require use of the heap. Currently all RSA signature algorithms require this feature.
`std`	Enable features that require libstd. Implies `alloc`.

Structs

AddrParseError
An error indicating that an IpAddrRef could not built because the input could not be parsed as an IP address.
BorrowedCertRevocationList
Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
BorrowedRevokedCert
Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
Cert
A parsed X509 certificate.
DnsNamealloc
Requires the alloc feature. A DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
DnsNameRef
A reference to a DNS Name suitable for use in the TLS Server Name Indication (SNI) extension and/or for use as the reference hostname for which to verify a certificate.
EndEntityCert
An end-entity certificate.
InvalidDnsNameError
An error indicating that a DnsNameRef could not built because the input is not a syntactically-valid DNS Name.
InvalidSubjectNameError
An error indicating that a SubjectNameRef could not built because the input is not a syntactically-valid DNS Name or IP address.
KeyUsage
The expected key usage of a certificate.
OwnedCertRevocationListalloc
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
OwnedRevokedCert
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
SignatureAlgorithm
A signature algorithm.
Time
The time type.
TlsClientTrustAnchorsDeprecated
Trust anchors which may be used for authenticating clients.
TlsServerTrustAnchorsDeprecated
Trust anchors which may be used for authenticating servers.
TrustAnchor
A trust anchor (a.k.a. root CA).

Enums

EndEntityOrCa
An enumeration indicating whether a Cert is a leaf end-entity cert, or a linked list node from the CA Cert to a child Cert it issued.
Error
An error that occurs during certificate validation or name validation.
IpAddralloc
Either a IPv4 or IPv6 address, plus its owned string representation
IpAddrRef
Either a IPv4 or IPv6 address, plus its borrowed string representation
RevocationReason
Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
SubjectNameRef
A DNS name or IP address, which borrows its text representation.

Statics

ECDSA_P256_SHA256
ECDSA signatures using the P-256 curve and SHA-256.
ECDSA_P256_SHA384
ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
ECDSA_P384_SHA256
ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
ECDSA_P384_SHA384
ECDSA signatures using the P-384 curve and SHA-384.
ED25519
ED25519 signatures according to RFC 8410
RSA_PKCS1_2048_8192_SHA256
RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
RSA_PKCS1_2048_8192_SHA384
RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
RSA_PKCS1_2048_8192_SHA512
RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
RSA_PKCS1_3072_8192_SHA384
RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
RSA_PSS_2048_8192_SHA256_LEGACY_KEY
RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
RSA_PSS_2048_8192_SHA384_LEGACY_KEY
RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.
RSA_PSS_2048_8192_SHA512_LEGACY_KEY
RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of type rsaEncryption; see RFC 4055 Section 1.2.

Traits

CertRevocationList
Operations over a RFC 5280 profile Certificate Revocation List (CRL) required for revocation checking. Implemented by OwnedCertRevocationList and BorrowedCertRevocationList.