webpki-root-certs
This is a crate containing Mozilla's trusted root certificates in self-signed X.509 certificate format.
If you are using webpki
or rustls
you should prefer webpki-roots
- it is
more space efficient and easier to use.
This crate is inspired by certifi.io and uses the data provided by the Common CA Database (CCADB).
About
The webpki
and rustls
ecosystem represent trust anchors with the
webpki::TrustAnchor
type, containing only the data used as inputs for the RFC
5280 certificate path validation algorithm. In some instances (e.g. when
interacting with native platform certificate verifiers) it may be required to
provide trust anchors as full X.509 self-signed certificates.
Compared to webpki-roots
this crate contains the full self-signed certificate
DER data for each trust anchor is included in webpki_roots
.
License
The underlying data is MPL-licensed, and src/lib.rs
is therefore a derived work.
Regenerating sources
Sources are generated in an integration test, in tests/codegen.rs
. The test
will fail if the sources are out of date relative to upstream, and update
src/lib.rs
if so. The code is generated in deterministic order so changes
to the source should only result from upstream changes.