- Rust 96.6%
- Python 2.8%
- Shell 0.6%
| Filename | Latest commit message | Latest commit date |
|---|---|---|
kade
967b5fa204
Some checks failed
ci / Format (push) Has been cancelled
ci / Clippy (push) Has been cancelled
ci / Cargo Deny (push) Has been cancelled
ci / Check for documentation errors (push) Has been cancelled
ci / Check for documentation errors-1 (push) Has been cancelled
ci / Check for documentation errors-2 (push) Has been cancelled
ci / Cargo Package (push) Has been cancelled
ci / Build+test (push) Has been cancelled
ci / Build+test-1 (push) Has been cancelled
ci / Build+test-2 (push) Has been cancelled
ci / Build+test-3 (push) Has been cancelled
ci / Build+test-4 (push) Has been cancelled
ci / MSRV (push) Has been cancelled
ci / Check cross compilation targets (push) Has been cancelled
ci / Check semver compatibility (push) Has been cancelled
ci / Validate external types appearing in public API (push) Has been cancelled
ci / Measure coverage (push) Has been cancelled
ci / Verify that no-std modes do not rely on libstd (push) Has been cancelled
ci / Verify that no-std modes do not rely on libstd-1 (push) Has been cancelled
ci / Feature Powerset (push) Has been cancelled
Fuzz / Fuzz Testing (push) Has been cancelled
revert Update version to 0.103.9 and use git.sly.so rustls-pki-types |
||
| .github | ||
| benches | ||
| fuzz | ||
| src | ||
| tests | ||
| third-party | ||
| .flake8 | ||
| .gitattributes | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| CONTRIBUTING.md | ||
| deny.toml | ||
| LICENSE | ||
| mypy.ini | ||
| README.md | ||
| requirements.txt | ||
| rustfmt.toml | ||
| SECURITY.md | ||
webpki is a library that validates Web PKI (TLS/SSL) certificates. It's used by Rustls to handle certificate-related tasks required for implementing TLS clients and servers.
webpki is written in Rust. It does not
provide any built-in cryptography providers, but was written to interoperate
with the rustls-aws-lc-rs and
rustls-ring crates, or a custom
implementation of the rustls
CryptoProvider
struct backed by your cryptography library of choice.
This is a fork of the original webpki project
which adds a number of features required by the rustls project. This fork is
released as the rustls-webpki crate, with versions starting 0.100.0 so as to
not confusingly overlap with webpki versions.
Features
-
Representing trust anchors - webpki requires the caller to bootstrap trust by explicitly specifying a set of trust anchors using the
TrustAnchortype. -
Parsing certificates - webpki can convert from the raw encoded form of a certificate into something that can be used for making trust decisions.
-
Path building - webpki can determine if a certificate for an end entity like a website or client identity was issued by a trust anchor, or a series of intermediate certificates the trust anchor has endorsed.
-
Name/usage validation - webpki can determine if a certificate is valid for a given DNS name or IP address by considering the allowed usage of the certificate and additional constraints.
Limitations
webpki offers a minimal feature set tailored to the needs of Rustls. Notably it does not offer:
- Support for self-signed certificates
- Certificate or keypair generation
- Access to arbitrary certificate extensions
- Parsing/representation of certificate subjects, or human-friendly display of these fields
For these tasks you may prefer using webpki in combination with libraries like x509-parser and rcgen.
Changelog
Release history can be found on GitHub.
Demo
See https://github.com/rustls/rustls#example-code for an example of using webpki.
License
See LICENSE. This project happily accepts pull requests without any formal copyright/contributor license agreement.
Bug Reporting
Please refer to the SECURITY policy for security issues. All other bugs should be reported as GitHub issues.