1THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES 2WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 3MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR 4ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 5WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 6ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 7OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 8 9 10 11What is webpki? 12================== 13 14webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki 15is designed to provide a **full** implementation of the client side of the 16**Web PKI** to a diverse range of applications and devices, 17including embedded (IoT) applications, mobile apps, desktop applications, and 18server infrastructure. webpki is intended to not only be the best 19implementation of the Web PKI, but to also *precisely define* what the Web PKI 20is. 21 22webpki is written in [Rust](https://www.rust-lang.org/) and uses 23[*ring*](https://github.com/briansmith/ring) for signature verification. 24 25webpki is strongly influenced by 26[mozilla::pkix](https://github.com/briansmith/mozillapkix). You can read a 27little about the ideas underlying both mozilla::pkix and webpki in 28[insanity::pkix: A New Certificate Path Building & Validation 29Library](https://briansmith.org/insanity-pkix). 30 31The Rust compiler statically guarantees there are no buffer overflows, 32uses-after-free, double-frees, data races, etc. in webpki. webpki takes 33advantage of Rust's borrow checker to ensure that its **zero-copy parsing** 34strategy is safe and efficient. webpki *never* allocates memory on the heap, 35and it maintains a tight bound on the amount of stack memory it uses. webpki 36avoids all superfluous PKIX features in order to keep its object code size 37small. Further reducing the code size of webpki is an important goal. 38 39This release is the very first prototype. Lots of improvements are planned, 40including: 41 42* An extensive automated test suite. 43* Key pinning. 44* Certificate Transparency support. 45* Short-lived certificate, OCSP stapling, and CRLSet support. 46* Customization of the supported algorithms, key sizes, and elliptic curves 47 allowed during a validation. 48* A C language wrapper interface to allow using webpki in non-Rust 49 applications. 50* A specification of precisely what the Web PKI is. 51 52 53 54Demo 55==== 56 57See https://github.com/ctz/rustls#example-code for an example of using 58webpki. 59 60 61 62License 63======= 64 65See [LICENSE](LICENSE). This project happily accepts pull requests without any 66formal copyright/contributor license agreement. Pull requests must explicitly 67indicate who owns the copyright to the code being contributed and that the code 68is being licensed under the same terms as the existing webpki code. 69 70 71 72Bug Reporting 73============= 74 75Please report bugs either as pull requests or as issues in [the issue 76tracker](https://github.com/briansmith/webpki/issues). webpki has a 77**full disclosure** vulnerability policy. **Please do NOT attempt to report 78any security vulnerability in this code privately to anybody.** 79