2015-08-11 22:03:43 +00:00
|
|
|
// Copyright 2015 Brian Smith.
|
|
|
|
|
//
|
|
|
|
|
// Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
|
// purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
// copyright notice and this permission notice appear in all copies.
|
|
|
|
|
//
|
|
|
|
|
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
|
|
|
|
|
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
|
|
|
|
|
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
|
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
|
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
2015-08-13 15:34:49 +00:00
|
|
|
|
2016-08-13 01:42:42 +00:00
|
|
|
//! webpki: Web PKI X.509 Certificate Validation.
|
|
|
|
|
//!
|
|
|
|
|
//! See `EndEntityCert`'s documentation for a description of the certificate
|
|
|
|
|
//! processing steps necessary for a TLS connection.
|
2021-01-06 21:44:05 +00:00
|
|
|
//!
|
|
|
|
|
//! # Features
|
|
|
|
|
//!
|
|
|
|
|
//! | Feature | Description |
|
|
|
|
|
//! | ------- | ----------- |
|
2021-01-06 22:49:07 +00:00
|
|
|
//! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
|
2021-01-06 21:44:05 +00:00
|
|
|
//! | `std` | Enable features that require libstd. Implies `alloc`. |
|
2016-08-12 02:15:10 +00:00
|
|
|
|
2019-03-21 23:01:29 +00:00
|
|
|
#![cfg_attr(not(feature = "std"), no_std)]
|
Revert main branch crate contents to the 0.22.0 release contents.
Reset the crate contents (sources, tests, etc.)
to what they were at that commit, while retaining the newer CI
configuration.
The changes since the 0.22.0 release were primarily intended to
accomplish two goals:
* Fix and improve the GitHub Actions configuration.
* Prepare a 0.21.5 release that was backward compatible with 0.21.4
but which also contained the improvements that were in 0.22.0.
0.21.5 was never released and will not be released. Therefore all
of the noise to facilitate the 0.21.5 release can just be deleted,
as long as we leave the CI changes that are necessary for GitHub
Actions to work correctly now.
The exact commands I used were:
```
git checkout \
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 \
-- \
Cargo.toml \
LICENSE \
README.md \
src \
tests \
third-party
git rm src/trust_anchor_util.rs
```
Commit 6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 was the commit from
which 0.22.0 was released. It is confusing because the commit
immediately prior, 0b7cbf2d327d7665d9d06072bf46b2e7ca05f065, has
commit message "0.22.0". It appears that I merged the "0.22.0"
commit, expecting to `cargo publish` from that commit, but then
`cargo publish` failed. Then I added
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 to fix `cargo publish`
and did the `cargo publish` from that commit. That's why I added
the `package` CI step at that time, to prevent this confusing
situation from happening again.
`trust_anchor_utils.rs` was not in 0.22.0; the `git checkout` didn't
delete it, so I had to do it separately.
I left the tests added subsequent to 0.22.0 in `tests/` (e.g.
`name_tests.rs`) since those tests pass with the 0.22.0 sources too.
Unfortunately, this requires disabling a bunch of Clippy lints, to
avoid modifying the contents from 0.22.0.
(I know it is confusing. It took me a while to figure it out myself
today.)
2023-08-30 01:13:07 +00:00
|
|
|
#![allow(
|
|
|
|
|
clippy::doc_markdown,
|
|
|
|
|
clippy::if_not_else,
|
|
|
|
|
clippy::inline_always,
|
|
|
|
|
clippy::items_after_statements,
|
|
|
|
|
clippy::missing_errors_doc,
|
|
|
|
|
clippy::module_name_repetitions,
|
|
|
|
|
clippy::single_match,
|
|
|
|
|
clippy::single_match_else
|
|
|
|
|
)]
|
|
|
|
|
#![deny(clippy::as_conversions)]
|
2020-12-08 00:04:51 +00:00
|
|
|
|
2021-01-06 21:44:05 +00:00
|
|
|
#[cfg(any(test, feature = "alloc"))]
|
2021-02-04 20:26:22 +00:00
|
|
|
#[cfg_attr(test, macro_use)]
|
2021-01-06 21:44:05 +00:00
|
|
|
extern crate alloc;
|
|
|
|
|
|
2023-09-30 01:47:10 +00:00
|
|
|
mod budget;
|
|
|
|
|
|
2015-09-01 18:19:31 +00:00
|
|
|
#[macro_use]
|
|
|
|
|
mod der;
|
|
|
|
|
|
2019-03-29 01:22:01 +00:00
|
|
|
mod calendar;
|
2015-08-26 02:45:48 +00:00
|
|
|
mod cert;
|
2021-01-26 01:41:49 +00:00
|
|
|
mod end_entity;
|
2019-03-29 01:22:01 +00:00
|
|
|
mod error;
|
2015-08-21 18:20:29 +00:00
|
|
|
mod name;
|
2015-08-19 23:24:56 +00:00
|
|
|
mod signed_data;
|
2016-08-22 02:19:15 +00:00
|
|
|
mod time;
|
2021-01-26 01:49:29 +00:00
|
|
|
mod trust_anchor;
|
2016-06-05 23:54:21 +00:00
|
|
|
|
2015-08-19 23:33:04 +00:00
|
|
|
mod verify_cert;
|
2015-08-19 23:24:56 +00:00
|
|
|
|
2021-01-26 02:01:32 +00:00
|
|
|
pub use {
|
2021-01-26 01:41:49 +00:00
|
|
|
end_entity::EndEntityCert,
|
2023-10-07 05:38:57 +00:00
|
|
|
error::{Error, ErrorExt},
|
2021-01-26 02:01:32 +00:00
|
|
|
name::{DnsNameRef, InvalidDnsNameError},
|
|
|
|
|
signed_data::{
|
|
|
|
|
SignatureAlgorithm, ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256,
|
|
|
|
|
ECDSA_P384_SHA384, ED25519,
|
|
|
|
|
},
|
|
|
|
|
time::Time,
|
Revert main branch crate contents to the 0.22.0 release contents.
Reset the crate contents (sources, tests, etc.)
to what they were at that commit, while retaining the newer CI
configuration.
The changes since the 0.22.0 release were primarily intended to
accomplish two goals:
* Fix and improve the GitHub Actions configuration.
* Prepare a 0.21.5 release that was backward compatible with 0.21.4
but which also contained the improvements that were in 0.22.0.
0.21.5 was never released and will not be released. Therefore all
of the noise to facilitate the 0.21.5 release can just be deleted,
as long as we leave the CI changes that are necessary for GitHub
Actions to work correctly now.
The exact commands I used were:
```
git checkout \
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 \
-- \
Cargo.toml \
LICENSE \
README.md \
src \
tests \
third-party
git rm src/trust_anchor_util.rs
```
Commit 6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 was the commit from
which 0.22.0 was released. It is confusing because the commit
immediately prior, 0b7cbf2d327d7665d9d06072bf46b2e7ca05f065, has
commit message "0.22.0". It appears that I merged the "0.22.0"
commit, expecting to `cargo publish` from that commit, but then
`cargo publish` failed. Then I added
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 to fix `cargo publish`
and did the `cargo publish` from that commit. That's why I added
the `package` CI step at that time, to prevent this confusing
situation from happening again.
`trust_anchor_utils.rs` was not in 0.22.0; the `git checkout` didn't
delete it, so I had to do it separately.
I left the tests added subsequent to 0.22.0 in `tests/` (e.g.
`name_tests.rs`) since those tests pass with the 0.22.0 sources too.
Unfortunately, this requires disabling a bunch of Clippy lints, to
avoid modifying the contents from 0.22.0.
(I know it is confusing. It took me a while to figure it out myself
today.)
2023-08-30 01:13:07 +00:00
|
|
|
trust_anchor::{TlsClientTrustAnchors, TlsServerTrustAnchors, TrustAnchor},
|
2021-01-06 22:49:07 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#[cfg(feature = "alloc")]
|
2021-01-26 02:01:32 +00:00
|
|
|
pub use {
|
|
|
|
|
name::DnsName,
|
|
|
|
|
signed_data::{
|
|
|
|
|
RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
|
|
|
|
|
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
|
|
|
|
|
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
|
|
|
|
|
},
|
2015-12-08 17:54:28 +00:00
|
|
|
};
|
2021-04-09 18:47:04 +00:00
|
|
|
|
|
|
|
|
#[cfg(feature = "alloc")]
|
Revert main branch crate contents to the 0.22.0 release contents.
Reset the crate contents (sources, tests, etc.)
to what they were at that commit, while retaining the newer CI
configuration.
The changes since the 0.22.0 release were primarily intended to
accomplish two goals:
* Fix and improve the GitHub Actions configuration.
* Prepare a 0.21.5 release that was backward compatible with 0.21.4
but which also contained the improvements that were in 0.22.0.
0.21.5 was never released and will not be released. Therefore all
of the noise to facilitate the 0.21.5 release can just be deleted,
as long as we leave the CI changes that are necessary for GitHub
Actions to work correctly now.
The exact commands I used were:
```
git checkout \
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 \
-- \
Cargo.toml \
LICENSE \
README.md \
src \
tests \
third-party
git rm src/trust_anchor_util.rs
```
Commit 6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 was the commit from
which 0.22.0 was released. It is confusing because the commit
immediately prior, 0b7cbf2d327d7665d9d06072bf46b2e7ca05f065, has
commit message "0.22.0". It appears that I merged the "0.22.0"
commit, expecting to `cargo publish` from that commit, but then
`cargo publish` failed. Then I added
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 to fix `cargo publish`
and did the `cargo publish` from that commit. That's why I added
the `package` CI step at that time, to prevent this confusing
situation from happening again.
`trust_anchor_utils.rs` was not in 0.22.0; the `git checkout` didn't
delete it, so I had to do it separately.
I left the tests added subsequent to 0.22.0 in `tests/` (e.g.
`name_tests.rs`) since those tests pass with the 0.22.0 sources too.
Unfortunately, this requires disabling a bunch of Clippy lints, to
avoid modifying the contents from 0.22.0.
(I know it is confusing. It took me a while to figure it out myself
today.)
2023-08-30 01:13:07 +00:00
|
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
2021-04-09 18:47:04 +00:00
|
|
|
#[deprecated(note = "Use DnsName")]
|
|
|
|
|
pub type DNSName = DnsName;
|
|
|
|
|
|
|
|
|
|
#[deprecated(note = "use DnsNameRef")]
|
Revert main branch crate contents to the 0.22.0 release contents.
Reset the crate contents (sources, tests, etc.)
to what they were at that commit, while retaining the newer CI
configuration.
The changes since the 0.22.0 release were primarily intended to
accomplish two goals:
* Fix and improve the GitHub Actions configuration.
* Prepare a 0.21.5 release that was backward compatible with 0.21.4
but which also contained the improvements that were in 0.22.0.
0.21.5 was never released and will not be released. Therefore all
of the noise to facilitate the 0.21.5 release can just be deleted,
as long as we leave the CI changes that are necessary for GitHub
Actions to work correctly now.
The exact commands I used were:
```
git checkout \
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 \
-- \
Cargo.toml \
LICENSE \
README.md \
src \
tests \
third-party
git rm src/trust_anchor_util.rs
```
Commit 6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 was the commit from
which 0.22.0 was released. It is confusing because the commit
immediately prior, 0b7cbf2d327d7665d9d06072bf46b2e7ca05f065, has
commit message "0.22.0". It appears that I merged the "0.22.0"
commit, expecting to `cargo publish` from that commit, but then
`cargo publish` failed. Then I added
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 to fix `cargo publish`
and did the `cargo publish` from that commit. That's why I added
the `package` CI step at that time, to prevent this confusing
situation from happening again.
`trust_anchor_utils.rs` was not in 0.22.0; the `git checkout` didn't
delete it, so I had to do it separately.
I left the tests added subsequent to 0.22.0 in `tests/` (e.g.
`name_tests.rs`) since those tests pass with the 0.22.0 sources too.
Unfortunately, this requires disabling a bunch of Clippy lints, to
avoid modifying the contents from 0.22.0.
(I know it is confusing. It took me a while to figure it out myself
today.)
2023-08-30 01:13:07 +00:00
|
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
2021-04-09 18:47:04 +00:00
|
|
|
pub type DNSNameRef<'a> = DnsNameRef<'a>;
|
|
|
|
|
|
Revert main branch crate contents to the 0.22.0 release contents.
Reset the crate contents (sources, tests, etc.)
to what they were at that commit, while retaining the newer CI
configuration.
The changes since the 0.22.0 release were primarily intended to
accomplish two goals:
* Fix and improve the GitHub Actions configuration.
* Prepare a 0.21.5 release that was backward compatible with 0.21.4
but which also contained the improvements that were in 0.22.0.
0.21.5 was never released and will not be released. Therefore all
of the noise to facilitate the 0.21.5 release can just be deleted,
as long as we leave the CI changes that are necessary for GitHub
Actions to work correctly now.
The exact commands I used were:
```
git checkout \
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 \
-- \
Cargo.toml \
LICENSE \
README.md \
src \
tests \
third-party
git rm src/trust_anchor_util.rs
```
Commit 6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 was the commit from
which 0.22.0 was released. It is confusing because the commit
immediately prior, 0b7cbf2d327d7665d9d06072bf46b2e7ca05f065, has
commit message "0.22.0". It appears that I merged the "0.22.0"
commit, expecting to `cargo publish` from that commit, but then
`cargo publish` failed. Then I added
6c334a2cf5853fb0aa93b5eb0318c031fc2f6f98 to fix `cargo publish`
and did the `cargo publish` from that commit. That's why I added
the `package` CI step at that time, to prevent this confusing
situation from happening again.
`trust_anchor_utils.rs` was not in 0.22.0; the `git checkout` didn't
delete it, so I had to do it separately.
I left the tests added subsequent to 0.22.0 in `tests/` (e.g.
`name_tests.rs`) since those tests pass with the 0.22.0 sources too.
Unfortunately, this requires disabling a bunch of Clippy lints, to
avoid modifying the contents from 0.22.0.
(I know it is confusing. It took me a while to figure it out myself
today.)
2023-08-30 01:13:07 +00:00
|
|
|
#[deprecated(note = "use TlsServerTrustAnchors")]
|
|
|
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
|
|
|
|
pub type TLSServerTrustAnchors<'a> = TlsServerTrustAnchors<'a>;
|
|
|
|
|
|
|
|
|
|
#[deprecated(note = "use TlsClientTrustAnchors")]
|
|
|
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
|
|
|
|
pub type TLSClientTrustAnchors<'a> = TlsClientTrustAnchors<'a>;
|
2023-09-30 03:53:57 +00:00
|
|
|
|
|
|
|
|
// We don't operate on secret data so a convenient comparison function is warranted.
|
|
|
|
|
#[must_use]
|
|
|
|
|
fn equal(a: untrusted::Input, b: untrusted::Input) -> bool {
|
|
|
|
|
a.as_slice_less_safe() == b.as_slice_less_safe()
|
|
|
|
|
}
|