File: README.md

package info (click to toggle)
rust-rustls-webpki 0.103.4-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 10,632 kB
  • sloc: python: 2,278; sh: 61; makefile: 12
file content (74 lines) | stat: -rw-r--r-- 2,483 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
webpki is a library that validates Web PKI (TLS/SSL) certificates. It's
used by [Rustls](https://github.com/rustls/rustls) to handle certificate-related
tasks required for implementing TLS clients and servers.

webpki is written in [Rust](https://www.rust-lang.org/) and uses
[*ring*](https://github.com/briansmith/ring) for cryptographic operations and
low-level parsing.

This is a fork of the [original webpki project](https://github.com/briansmith/webpki)
which adds a number of features required by the rustls project.  This fork is
released as the `rustls-webpki` crate, with versions starting 0.100.0 so as to
not confusingly overlap with `webpki` versions.


Features
===============

* Representing trust anchors - webpki requires the caller to bootstrap trust by 
  explicitly specifying a set of trust anchors using the `TrustAnchor` type.

* Parsing certificates - webpki can convert from the raw encoded form of
  a certificate into something that can be used for making trust decisions.

* Path building - webpki can determine if a certificate for an end entity like
  a website or client identity was issued by a trust anchor, or a series of
  intermediate certificates the trust anchor has endorsed.

* Name/usage validation - webpki can determine if a certificate is valid for
  a given DNS name or IP address by considering the allowed usage of the
  certificate and additional constraints.


Limitations
===============

webpki offers a minimal feature set tailored to the needs of Rustls. Notably it
does not offer:

* Support for self-signed certificates
* Certificate or keypair generation
* Access to arbitrary certificate extensions
* Parsing/representation of certificate subjects, or human-friendly display of
  these fields

For these tasks you may prefer using webpki in combination with libraries like
[x509-parser](https://github.com/rusticata/x509-parser) and
[rcgen](https://github.com/est31/rcgen).


Changelog
=========

Release history can be found [on GitHub](https://github.com/rustls/webpki/releases).


Demo
====

See https://github.com/rustls/rustls#example-code for an example of using
webpki.


License
=======

See [LICENSE](LICENSE). This project happily accepts pull requests without any
formal copyright/contributor license agreement.


Bug Reporting
=============

Please refer to the [SECURITY](SECURITY.md) policy for security issues. All
other bugs should be reported as [GitHub issues](https://github.com/rustls/webpki/issues/new).