WebPKI X.509 Certificate Validation in Rust (by briansmith)

Webpki Alternatives

Similar projects and alternatives to webpki

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better webpki alternative or higher similarity.

Suggest an alternative to webpki

Reviews and mentions

Posts with mentions or reviews of webpki. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-07-28.
  • Why is SSL such a pain?
    5 projects | reddit.com/r/rust | 28 Jul 2021
    Yes, rustls currently doesn't support certificates without hostnames (only an IP); this is actually an issue with the webpki crate, and work to solve it is ongoing (will hopefully land in a release in a few months or so).
  • Preparing Rustls for Wider Adoption
    9 projects | news.ycombinator.com | 20 Apr 2021
    > Bundling this set with Firefox

    I love that they did that; it was actually my idea (https://bugzilla.mozilla.org/show_bug.cgi?id=657228). I believe the list is pretty large and changes frequently and so they download it dynamically.

    > short cut to a "Yes"

    Do they really do that? That's awesome if so. Then they don't even need to ship the roots.

    > I specifically don't like [...] saying "unknown issuer"


    > If std::fs::File::open() gives me Result with an io:Error that claims "File not found" but the underlying OS file open actually failed due to a permission error, you can see why that's a problem right? Even if this hypothetical OS doesn't expose any specific errors, "File not found" is misleading.

    A more accurate analogy: You ask to open "example.txt" without supplying the path, and there is no "example.txt" in the current working directory. You will get "file not found."

    Regardless, I agree we could have a better name than UnknownIssuer for this error.

    9 projects | news.ycombinator.com | 20 Apr 2021
    > he situation described above just generated an "Invalid certificate" message. More use of anyhow::Context would be helpful. I don't disagree with Rustls disallowing decade-obsolete crypto. It's the "silently ignores" part that's a problem.

    Because of how X.509 certificate validation works, in general it's not possible to tell you why an issuer couldn't be found, because there are many possible reasons.

    Regardless https://github.com/briansmith/webpki/issues/206 tracks improving the situation.


Basic webpki repo stats
about 1 month ago

briansmith/webpki is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.

Less time debugging, more time building
Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Find remote jobs at our new job board 99remotejobs.com. There are 30 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.