webpki
webpki copied to clipboard
rustls
WebPKI X.509 Certificate Validation in Rust
I'm running into a problem getting my CRL to be recognized as authoritative for a certificate. The certificate itself has a "distribution point" listed on it, however the given CRL...
Hello, I'm currently looking into using rustls-webpki for one of my projects to validate a certificate chain. Upon reviewing the documentation, I identified the `webpki::EndEntityCert::verify_for_usage` method to do the job...
It would be good if rustls clients, by default, verified stapled OCSP responses. For that to be feasible, webpki should be able to (at minimum) verify an OCSP response for...
The folks at Trail of Bits have been working on a Rust based certificate path building and validation backend for use in PyCa Cryptography. As part of that work they've...
I'm dealing with a certificate that has critical Certificate Policy (2.5.29.32) with anyPolicy policy. It would be appreciated if rustls-webpki supported this scenario. Also created an issue in https://github.com/briansmith/webpki/issues/268. NSS...
If we supported SCTs here we could enable people wanting to do CT verification of the certificates they see. We could either do this directly by taking a dependency on...
In #42 we adopted some upstream work that included a new `GeneralDnsNameRef` enum that had a `DnsName` variant for a standard `DnsNameRef` (no wildcards, can be used for subject matching)...
SPIFFE uses URI instead of DNS in the SAN. The webpki library currently does not support URI. I propose we add support for it. https://github.com/spiffe/spiffe/blob/main/standards/X509-SVID.md#2-spiffe-id
In https://github.com/rustls/webpki/pull/66 we've staged support for using Certificate Revocation Lists (CRLs) to make revocation decisions during path building. The code in that branch performs CRL signature verification as part of...
Originally filed by @ctz as https://github.com/briansmith/webpki/issues/256, making a clone here since it seems useful. This is a big list of unsorted, unprioritised issues found from x509test cases. I'm not making...
