Skip to content

codemonger-io/webpki

 
 

Repository files navigation

Build Status Coverage Status (codecov.io) Documentation Chat

webpki is a library that validates Web PKI (TLS/SSL) certificates. It's used by Rustls to handle certificate-related tasks required for implementing TLS clients and servers.

webpki is written in Rust and uses ring for cryptographic operations and low-level parsing.

This is a fork of the original webpki project which adds a number of features required by the rustls project. This fork is released as the rustls-webpki crate, with versions starting 0.100.0 so as to not confusingly overlap with webpki versions.

Features

  • Representing trust anchors - webpki requires the caller to bootstrap trust by explicitly specifying a set of trust anchors using the TrustAnchor type.

  • Parsing certificates - webpki can convert from the raw encoded form of a certificate into something that can be used for making trust decisions.

  • Path building - webpki can determine if a certificate for an end entity like a website or client identity was issued by a trust anchor, or a series of intermediate certificates the trust anchor has endorsed.

  • Name/usage validation - webpki can determine if a certificate is valid for a given DNS name or IP address by considering the allowed usage of the certificate and additional constraints.

Limitations

webpki offers a minimal feature set tailored to the needs of Rustls. Notably it does not offer:

  • Certificate or keypair generation
  • Access to arbitrary certificate extensions
  • Parsing/representation of certificate subjects, or human-friendly display of these fields

For these tasks you may prefer using webpki in combination with libraries like x509-parser and rcgen.

Changelog

Release history can be found on GitHub.

Demo

See https://github.com/rustls/rustls#example-code for an example of using webpki.

License

See LICENSE. This project happily accepts pull requests without any formal copyright/contributor license agreement.

Bug Reporting

Please refer to the SECURITY policy for security issues. All other bugs should be reported as GitHub issues.

About

WebPKI X.509 Certificate Validation in Rust

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Rust 87.2%
  • Python 12.8%