x509-parser
x509-parser copied to clipboard
rusticata
X.509 parser written in pure Rust. Fast, zero-copy, safe.
This branch adds support for parsing a challenge password attribute in a CSR. Please note: https://github.com/rusticata/oid-registry/pull/10 is a prerequisite, as it adds `OID_PKCS9_CHALLENGE_PASSWORD`. This PR is merged, but not yet...
It seems `time` has been specified to a specific version, however in Suricata I see just the latest time version. This is an issue because of the aggressive MSRV time...
This is to address the cargo audit issues around time and the RustSec advisory https://rustsec.org/advisories/RUSTSEC-2020-0071.html. Migrate from time 0.1 to time 0.3. Due to issues parsing YYMM formatted years with...
I accidentally [1] implemented my own x509 parser as part of implementing RFC 5652 for https://crates.io/crates/cryptographic-message-syntax. When I realized the horrors I had committed, I wanted to switch to using...
This crate parses most standard certificate extensions defined in RFC 5280, but it seems to be missing the following: Certificate Extensions: * Issuer Alternative Name ([§4.2.1.7](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.7)) * Subject Directory Attributes...
This PR adds support for a particular Apple attestation X509 extension: https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server (OID 1.2.840.113635.100.8.2)
The Subject field is a Distinguished Name. `oid-registry` defines the OIDs for expected attributes, and this crate defines additional abbreviations for use when printing them in an `X509Name`. Unfortunately, both...
This is the tracking issue for ideas discussed with @g2p in #35: can the parser expose the raw bytes for all components? Maybe a possibility is to use something like...
`x509_parser::parse_x509_certificate()` fails with `Der(InvalidTag)` when called with the contents of a .p12 file. I'm still just learning about the low-level details of certificates, but my understanding is PKCS#12 is DER-encoded,...
Followup of #69 Ring is a nice library, but it is not sure it is the best for our purpose: `x509-parser` needs to be able to verify all kind of...