Expand description
Deprecated compatibility shim for X.509 policy helpers.
Prefer uselesskey-x509; the canonical implementation now lives there.
Structs§
- Chain
Spec - Specification for generating a three-level X.509 certificate chain (root CA -> intermediate CA -> leaf).
- KeyUsage
- Key usage flags for X.509 certificates.
- X509
Spec - Specification for generating an X.509 certificate.
Enums§
- Chain
Negative - Types of invalid certificate chains for negative testing.
- NotBefore
Offset - Offset for the not_before field.
- X509
Negative - Types of invalid X.509 certificates for negative testing.
Constants§
- BASE_
TIME_ EPOCH_ UNIX - 2025-01-01T00:00:00Z used as the deterministic X.509 epoch.
- BASE_
TIME_ WINDOW_ DAYS - Number of days in the deterministic base-time window.
- SERIAL_
NUMBER_ BYTES - Fixed serial-number byte length for deterministic certificate/CRL serials.
Functions§
- deterministic_
base_ time - Deterministic base time from a pre-configured BLAKE3 hasher.
- deterministic_
base_ time_ from_ parts - Compute deterministic base time from length-prefixed identity parts.
- deterministic_
serial_ number - Deterministic serial number derived from seed material.
- write_
len_ prefixed - Write a length-prefixed byte slice into a BLAKE3 hasher.