Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rustls/webpki

WebPKI X.509 Certificate Validation in Rust
https://github.com/rustls/webpki

Last synced: 6 days ago
JSON representation

WebPKI X.509 Certificate Validation in Rust

Host: GitHub
URL: https://github.com/rustls/webpki
Owner: rustls
License: other
Created: 2022-08-24T08:56:46.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-28T20:03:21.000Z (3 months ago)
Last Synced: 2024-10-29T16:56:34.111Z (3 months ago)
Language: Rust
Homepage: https://docs.rs/rustls-webpki/latest/webpki/
Size: 8.19 MB
Stars: 95
Watchers: 9
Forks: 51
Open Issues: 12
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

        [![Build Status](https://github.com/rustls/webpki/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/rustls/webpki/actions/workflows/ci.yml?query=branch%3Amain)

[![Coverage Status (codecov.io)](https://codecov.io/gh/rustls/webpki/branch/main/graph/badge.svg)](https://codecov.io/gh/rustls/webpki/)

[![Documentation](https://docs.rs/rustls-webpki/badge.svg)](https://docs.rs/rustls-webpki/)

[![Chat](https://img.shields.io/discord/976380008299917365?logo=discord)](https://discord.gg/MCSB76RU96)

webpki is a library that validates Web PKI (TLS/SSL) certificates. It's

used by [Rustls](https://github.com/rustls/rustls) to handle certificate-related

tasks required for implementing TLS clients and servers.

webpki is written in [Rust](https://www.rust-lang.org/) and uses

[*ring*](https://github.com/briansmith/ring) for cryptographic operations and

low-level parsing.

This is a fork of the [original webpki project](https://github.com/briansmith/webpki)

which adds a number of features required by the rustls project.  This fork is

released as the `rustls-webpki` crate, with versions starting 0.100.0 so as to

not confusingly overlap with `webpki` versions.

Features

===============

* Representing trust anchors - webpki requires the caller to bootstrap trust by 

  explicitly specifying a set of trust anchors using the `TrustAnchor` type.

* Parsing certificates - webpki can convert from the raw encoded form of

  a certificate into something that can be used for making trust decisions.

* Path building - webpki can determine if a certificate for an end entity like

  a website or client identity was issued by a trust anchor, or a series of

  intermediate certificates the trust anchor has endorsed.

* Name/usage validation - webpki can determine if a certificate is valid for

  a given DNS name or IP address by considering the allowed usage of the

  certificate and additional constraints.

Limitations

===============

webpki offers a minimal feature set tailored to the needs of Rustls. Notably it

does not offer:

* Support for self-signed certificates

* Certificate or keypair generation

* Access to arbitrary certificate extensions

* Parsing/representation of certificate subjects, or human-friendly display of

  these fields

For these tasks you may prefer using webpki in combination with libraries like

[x509-parser](https://github.com/rusticata/x509-parser) and

[rcgen](https://github.com/est31/rcgen).

Changelog

=========

Release history can be found [on GitHub](https://github.com/rustls/webpki/releases).

Demo

====

See https://github.com/rustls/rustls#example-code for an example of using

webpki.

License

=======

See [LICENSE](LICENSE). This project happily accepts pull requests without any

formal copyright/contributor license agreement.

Bug Reporting

=============

Please refer to the [SECURITY](SECURITY.md) policy for security issues. All

other bugs should be reported as [GitHub issues](https://github.com/rustls/webpki/issues/new).