rustls-webpki
| Crates.io | rustls-webpki |
| lib.rs | rustls-webpki |
| version | |
| source | src |
| created_at | 2023-01-09 16:48:34.685301+00 |
| updated_at | 2025-03-25 14:53:20.44822+00 |
| description | Web PKI X.509 Certificate Verification. |
| homepage | |
| repository | https://github.com/rustls/webpki |
| max_upload_size | |
| id | 754695 |
| Cargo.toml error: | TOML parse error at line 48, column 1 | 48 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
| size | 0 |
publishers (github:rustls:publishers)
documentation
README
webpki is a library that validates Web PKI (TLS/SSL) certificates. It's used by Rustls to handle certificate-related tasks required for implementing TLS clients and servers.
webpki is written in Rust and uses ring for cryptographic operations and low-level parsing.
This is a fork of the original webpki project
which adds a number of features required by the rustls project. This fork is
released as the rustls-webpki crate, with versions starting 0.100.0 so as to
not confusingly overlap with webpki versions.
Features
-
Representing trust anchors - webpki requires the caller to bootstrap trust by explicitly specifying a set of trust anchors using the
TrustAnchortype. -
Parsing certificates - webpki can convert from the raw encoded form of a certificate into something that can be used for making trust decisions.
-
Path building - webpki can determine if a certificate for an end entity like a website or client identity was issued by a trust anchor, or a series of intermediate certificates the trust anchor has endorsed.
-
Name/usage validation - webpki can determine if a certificate is valid for a given DNS name or IP address by considering the allowed usage of the certificate and additional constraints.
Limitations
webpki offers a minimal feature set tailored to the needs of Rustls. Notably it does not offer:
- Support for self-signed certificates
- Certificate or keypair generation
- Access to arbitrary certificate extensions
- Parsing/representation of certificate subjects, or human-friendly display of these fields
For these tasks you may prefer using webpki in combination with libraries like x509-parser and rcgen.
Changelog
Release history can be found on GitHub.
Demo
See https://github.com/rustls/rustls#example-code for an example of using webpki.
License
See LICENSE. This project happily accepts pull requests without any formal copyright/contributor license agreement.
Bug Reporting
Please refer to the SECURITY policy for security issues. All other bugs should be reported as GitHub issues.