{"id":13484756,"url":"https://github.com/rusticata/x509-parser","last_synced_at":"2025-05-14T09:12:18.892Z","repository":{"id":38375229,"uuid":"84115448","full_name":"rusticata/x509-parser","owner":"rusticata","description":"X.509 parser written in pure Rust. Fast, zero-copy, safe.","archived":false,"fork":false,"pushed_at":"2025-04-10T14:07:39.000Z","size":772,"stargazers_count":231,"open_issues_count":13,"forks_count":69,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-10T15:47:30.757Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rusticata.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-06T20:03:54.000Z","updated_at":"2025-04-04T19:58:52.000Z","dependencies_parsed_at":"2023-12-19T17:16:07.390Z","dependency_job_id":"595723fd-c43c-4099-a60b-901f6b3b6bdc","html_url":"https://github.com/rusticata/x509-parser","commit_stats":{"total_commits":492,"total_committers":35,"mean_commits":"14.057142857142857","dds":"0.25813008130081305","last_synced_commit":"7b919a821341246883b9f41724727b8c413079f0"},"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fx509-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fx509-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fx509-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rusticata%2Fx509-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rusticata","download_url":"https://codeload.github.com/rusticata/x509-parser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248624831,"owners_count":21135507,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:01:32.620Z","updated_at":"2025-05-14T09:12:18.882Z","avatar_url":"https://github.com/rusticata.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"\u003c!-- cargo-sync-readme start --\u003e\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE-MIT)\n[![Apache License 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](./LICENSE-APACHE)\n[![docs.rs](https://docs.rs/x509-parser/badge.svg)](https://docs.rs/x509-parser)\n[![crates.io](https://img.shields.io/crates/v/x509-parser.svg)](https://crates.io/crates/x509-parser)\n[![Download numbers](https://img.shields.io/crates/d/x509-parser.svg)](https://crates.io/crates/x509-parser)\n[![Github CI](https://github.com/rusticata/x509-parser/workflows/Continuous%20integration/badge.svg)](https://github.com/rusticata/x509-parser/actions)\n[![Minimum rustc version](https://img.shields.io/badge/rustc-1.67.1+-lightgray.svg)](#rust-version-requirements)\n\n# X.509 Parser\n\nA X.509 v3 ([RFC5280]) parser, implemented with the [nom](https://github.com/Geal/nom)\nparser combinator framework.\n\nIt is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken\nto ensure security and safety of this crate, including design (recursion limit, defensive\nprogramming), tests, and fuzzing. It also aims to be panic-free.\n\nThe code is available on [Github](https://github.com/rusticata/x509-parser)\nand is part of the [Rusticata](https://github.com/rusticata) project.\n\nCertificates are usually encoded in two main formats: PEM (usually the most common format) or\nDER.  A PEM-encoded certificate is a container, storing a DER object. See the\n[`pem`](https://docs.rs/x509-parser/latest/x509_parser/pem/index.html) module for more documentation.\n\nTo decode a DER-encoded certificate, the main parsing method is\n`X509Certificate::from_der` (\npart of the [`FromDer`](https://docs.rs/x509-parser/latest/x509_parser/prelude/trait.FromDer.html) trait\n), which builds a\n[`X509Certificate`](https://docs.rs/x509-parser/latest/x509_parser/certificate/struct.X509Certificate.html) object.\n\nAn alternative method is to use [`X509CertificateParser`](https://docs.rs/x509-parser/latest/x509_parser/certificate/struct.X509CertificateParser.html),\nwhich allows specifying parsing options (for example, not automatically parsing option contents).\n\nThe returned objects for parsers follow the definitions of the RFC. This means that accessing\nfields is done by accessing struct members recursively. Some helper functions are provided, for\nexample [`X509Certificate::issuer()`](https://docs.rs/x509-parser/latest/x509_parser/certificate/struct.X509Certificate.html#method.issuer) returns the\nsame as accessing `\u003cobject\u003e.tbs_certificate.issuer`.\n\nFor PEM-encoded certificates, use the [`pem`](https://docs.rs/x509-parser/latest/x509_parser/pem/index.html) module.\n\nThis crate also provides visitor traits: [`X509CertificateVisitor`](crate::visitor::X509CertificateVisitor).\n\n# Examples\n\nParsing a certificate in DER format:\n\n```rust\nuse x509_parser::prelude::*;\n\nstatic IGCA_DER: \u0026[u8] = include_bytes!(\"../assets/IGC_A.der\");\n\nlet res = X509Certificate::from_der(IGCA_DER);\nmatch res {\n    Ok((rem, cert)) =\u003e {\n        assert!(rem.is_empty());\n        //\n        assert_eq!(cert.version(), X509Version::V3);\n    },\n    _ =\u003e panic!(\"x509 parsing failed: {:?}\", res),\n}\n```\n\nTo parse a CRL and print information about revoked certificates:\n\n```rust\n#\n#\nlet res = CertificateRevocationList::from_der(DER);\nmatch res {\n    Ok((_rem, crl)) =\u003e {\n        for revoked in crl.iter_revoked_certificates() {\n            println!(\"Revoked certificate serial: {}\", revoked.raw_serial_as_string());\n            println!(\"  Reason: {}\", revoked.reason_code().unwrap_or_default().1);\n        }\n    },\n    _ =\u003e panic!(\"CRL parsing failed: {:?}\", res),\n}\n```\n\nSee also `examples/print-cert.rs`.\n\n# Features\n\n- The `verify` feature adds support for (cryptographic) signature verification, based on `ring`.\n  It adds the\n  [`X509Certificate::verify_signature()`](https://docs.rs/x509-parser/latest/x509_parser/certificate/struct.X509Certificate.html#method.verify_signature)\n  to `X509Certificate`.\n\n```rust\n/// Cryptographic signature verification: returns true if certificate was signed by issuer\n#[cfg(feature = \"verify\")]\npub fn check_signature(cert: \u0026X509Certificate\u003c'_\u003e, issuer: \u0026X509Certificate\u003c'_\u003e) -\u003e bool {\n    let issuer_public_key = issuer.public_key();\n    cert\n        .verify_signature(Some(issuer_public_key))\n        .is_ok()\n}\n```\n\n- The `validate` features add methods to run more validation functions on the certificate structure\n  and values using the [`Validate`](https://docs.rs/x509-parser/latest/x509_parser/validate/trait.Validate.html) trait.\n  It does not validate any cryptographic parameter (see `verify` above).\n\n## Rust version requirements\n\n`x509-parser` requires **Rustc version 1.67.1 or greater**, based on der-parser\ndependencies and for proc-macro attributes support.\n\n[RFC5280]: https://tools.ietf.org/html/rfc5280\n\u003c!-- cargo-sync-readme end --\u003e\n\n## Changes\n\nSee [CHANGELOG.md](CHANGELOG.md) and [`UPGRADING.md`](UPGRADING.md) for instructions for upgrading major versions.\n\n# License\n\nLicensed under either of\n\n * Apache License, Version 2.0\n   ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)\n * MIT license\n   ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)\n\nat your option.\n\n## Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall be\ndual licensed as above, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frusticata%2Fx509-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frusticata%2Fx509-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frusticata%2Fx509-parser/lists"}