rustls-platform-verifier
rustls-platform-verifier copied to clipboard
rustls
A certificate verification library for rustls that uses the operating system's verifier
~jni v0.19 doesn't work for me.~ ~I use tokio multi threads runtime, and our app is killed by system -~ ``` e.android.debug: java_vm_ext.cc:594] JNI DETECTED ERROR IN APPLICATION: a thread...
Bumps the crates-io group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [rustls](https://github.com/rustls/rustls) | `0.23.5` |...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
I’ve been testing the use of this library and while it’s been working great so far on Mac, iOS and Android for certificates generated from system-trusted CAs, I’ve found that...
Today in the Android verifier, [we only check the end-entity](https://github.com/rustls/rustls-platform-verifier/blob/main/android/rustls-platform-verifier/src/main/java/org/rustls/platformverifier/CertificateVerifier.kt#L206-L213)'s validity against the timestamp provided by `rustls`. The revocation status and intermediate CA's validity uses the system's current timestamp. While...
Currently there is no way to reload the system CA bundle on Linux. This is different to other platforms, which use a system API and can therefor detect certificate changes...
I found https cost more time on rust than java, then I found function verifyCertificateChain cost most time CertificateVerifier.kt ``` Log.d(TAG, "verifyCertificateChain PKIXBuilderParameters start") val parameters = PKIXBuilderParameters(keystore, null) Log.d(TAG,...
The functionality of `new_with_extra_roots` is primarily useful for Linux/WASM/BSD platforms that don't have a consistent source of trusted CA root/anchors available. However, many private/internal applications often use their own private...
After https://github.com/rustls/rustls-platform-verifier/pull/50 lands we should be able to enable the stapled OCSP test in the real world verification test suite: https://github.com/rustls/rustls-platform-verifier/blob/65b2a97aff062585d91c97ae3b7b1d17fbcd7b62/rustls-platform-verifier/src/tests/verification_real_world/mod.rs#L221-L239 As described in [this comment](https://github.com/rustls/rustls-platform-verifier/blob/65b2a97aff062585d91c97ae3b7b1d17fbcd7b62/rustls-platform-verifier/src/tests/verification_real_world/mod.rs#L32-L43) (which should also be...
Chromium allows this OID [in their Android verifier](https://source.chromium.org/chromium/chromium/src/+/main:net/android/java/src/org/chromium/net/X509Util.java;l=111;drc=8d6a246c9be4f6b731dc7f6e680b7d5e13a512b5), so we should investigate if its correct for us to add it addition to the existing server auth EKU. They also [check...
Presently this crate uses [`jni-rs`](https://github.com/jni-rs/jni-rs) v0.19 as an optional dependency for doc generation, and a required dependency for the Android OS target. The latest release stream, 0.21.x, "makes extensive breaking...