Crate webpki

source ·
Expand description

webpki: Web PKI X.509 Certificate Validation.

See EndEntityCert’s documentation for a description of the certificate processing steps necessary for a TLS connection.


allocEnable features that require use of the heap. Currently all RSA signature algorithms require this feature.
stdEnable features that require libstd. Implies alloc.
ringEnable use of the ring crate for cryptography.
aws_lc_rsEnable use of the aws-lc-rs crate for cryptography.



  • Encodings of the PKIX AlgorithmIdentifier type.
  • Signature verification algorithm implementations using the ring crypto library.



  • A RFC 5280 profile Certificate Revocation List (CRL).
  • Trailing data was found while parsing DER-encoded input for the named type.
  • An error that occurs during certificate validation or name validation.
  • Describes how to handle the nextUpdate field of the CRL (i.e. expiration).
  • Describes how much of a certificate chain is checked for revocation status.
  • Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
  • Describes how to handle the case where a certificate’s revocation status is unknown.