Expand description
webpki: Web PKI X.509 Certificate Validation.
See EndEntityCert
’s documentation for a description of the certificate
processing steps necessary for a TLS connection.
§Features
Feature | Description |
---|---|
alloc | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
std | Enable features that require libstd. Implies alloc . |
ring | Enable use of the ring crate for cryptography. |
aws_lc_rs | Enable use of the aws-lc-rs crate for cryptography. |
Re-exports§
pub use pki_types as types;
Modules§
- Encodings of the PKIX AlgorithmIdentifier type.
- aws_
lc_ rs aws_lc_rs
Signature verification algorithm implementations using the aws-lc-rs crypto library. - ring
ring
Signature verification algorithm implementations using the ring crypto library.
Structs§
- Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Borrowed representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry.
- A parsed X509 certificate.
- An end-entity certificate.
- The expected key usage of a certificate.
- Owned representation of a RFC 5280 profile Certificate Revocation List (CRL).
- Owned
Revoked Cert alloc
Owned representation of a RFC 5280 profile Certificate Revocation List (CRL) revoked certificate entry. - A Raw Public Key, used for connections using raw public keys as specified in RFC 7250.
- Describes how revocation checking is performed, if at all. Can be constructed with a RevocationOptionsBuilder instance.
- Builds a RevocationOptions instance to control how revocation checking is performed.
- Path from end-entity certificate to trust anchor that’s been verified.
Enums§
- A RFC 5280 profile Certificate Revocation List (CRL).
- Trailing data was found while parsing DER-encoded input for the named type.
- An error that occurs during certificate validation or name validation.
- Describes how to handle the nextUpdate field of the CRL (i.e. expiration).
- Describes how much of a certificate chain is checked for revocation status.
- Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
- Describes how to handle the case where a certificate’s revocation status is unknown.
Statics§
- An array of all the verification algorithms exported by this crate.
Functions§
- Interprets the given pre-validated DER-encoded certificate as a
TrustAnchor
.