A X.509 v3 ([RFC5280]) parser, implemented with the nom parser combinator framework.
It is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken to ensure security and safety of this crate, including design (recursion limit, defensive programming), tests, and fuzzing. It also aims to be panic-free.
The code is available on Github and is part of the Rusticata project.
The main parsing method is parse_x509_der, which takes a
DER-encoded certificate as input, and builds a
X509Certificate object.
For PEM-encoded certificates, use the pem module.
Parsing a certificate in DER format:
```rust use x509parser::parsex509_der;
static IGCADER: &'static [u8] = includebytes!("../assets/IGC_A.der");
let res = parsex509der(IGCADER); match res { Ok((rem, cert)) => { assert!(rem.isempty()); // asserteq!(cert.tbscertificate.version, 2); }, _ => panic!("x509 parsing failed: {:?}", res), } ```
See also examples/print-cert.rs.
verify feature adds support for (cryptographic) signature verification, based on ring.
It adds the verify_signature to X509Certificate.```rust /// Cryptographic signature verification: returns true if certificate was signed by issuer
pub fn checksignature(cert: &X509Certificate<'>, issuer: &X509Certificate<'>) -> bool { let issuerpublickey = &issuer.tbscertificate.subjectpki; cert .verifysignature(Some(issuerpublickey)) .is_ok() } ```
There is a build error in arrayvec with rust 1.34: error[E0658]: use of unstable library feature 'maybe_uninit'
To fix it, force the version of lexical-core down:
cargo update -p lexical-core --precise 0.6.7
The verify feature is not compatible with rustc 1.34.
See CHANGELOG.md
Licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.