Skip to content
/ x509-parser Public
forked from rusticata/x509-parser

X.509 parser written in pure Rust. Fast, zero-copy, safe.

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
0 stars 67 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spd-mfa/x509-parser

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

199 Commits

.github

.github

 
 

assets

assets

 
 

examples

examples

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Cargo.toml

Cargo.toml

 
 

LICENSE-APACHE

LICENSE-APACHE

 
 

LICENSE-MIT

LICENSE-MIT

 
 

README.md

README.md

 
 

Repository files navigation

License: MIT Apache License 2.0 docs.rs crates.io Download numbers Travis CI Github CI Minimum rustc version

X.509 Parser

A X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.

It is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken to ensure security and safety of this crate, including design (recursion limit, defensive programming), tests, and fuzzing. It also aims to be panic-free.

The code is available on Github and is part of the Rusticata project.

The main parsing method is parse_x509_der, which takes a DER-encoded certificate as input, and builds a X509Certificate object.

For PEM-encoded certificates, use the pem module.

Examples

Parsing a certificate in DER format:

use x509_parser::parse_x509_der;

static IGCA_DER: &'static [u8] = include_bytes!("../assets/IGC_A.der");

let res = parse_x509_der(IGCA_DER);
match res {
    Ok((rem, cert)) => {
        assert!(rem.is_empty());
        //
        assert_eq!(cert.tbs_certificate.version, 2);
    },
    _ => panic!("x509 parsing failed: {:?}", res),
}

See also examples/print-cert.rs.

Features

  • The verify feature adds support for (cryptographic) signature verification, based on ring. It adds the verify_signature to X509Certificate.
/// Cryptographic signature verification: returns true if certificate was signed by issuer
#[cfg(feature = "verify")]
pub fn check_signature(cert: &X509Certificate<'_>, issuer: &X509Certificate<'_>) -> bool {
    let issuer_public_key = &issuer.tbs_certificate.subject_pki;
    cert
        .verify_signature(Some(issuer_public_key))
        .is_ok()
}

Rust version requirements

The 5.0 series of der-parser requires Rustc version 1.44 or greater, based on nom 6 dependencies.

Compatibility with older rust versions

1.34

There is a build error in arrayvec with rust 1.34: error[E0658]: use of unstable library feature 'maybe_uninit'

To fix it, force the version of lexical-core down:

cargo update -p lexical-core --precise 0.6.7

The verify feature is not compatible with rustc 1.34.

Changes

See CHANGELOG.md

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

X.509 parser written in pure Rust. Fast, zero-copy, safe.

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

26 tags

Packages

No packages published

Languages

  • Rust 99.1%
  • Python 0.9%