9 releases (1 stable)
| new 1.0.0 | May 6, 2025 |
|---|---|
| 0.26.11 | May 6, 2025 |
| 0.26.10 | Apr 30, 2025 |
| 0.26.8 | Jan 31, 2025 |
| 0.26.5 | Aug 30, 2024 |
#2262 in Cryptography
433,547 downloads per month
Used in 184 crates
(6 directly)
620KB
155 lines
webpki-root-certs
This is a crate containing Mozilla's trusted root certificates in self-signed X.509 certificate format.
If you are using webpki or rustls you should prefer webpki-roots - it is
more space efficient and easier to use.
This crate is inspired by certifi.io and uses the data provided by the Common CA Database (CCADB).
About
The webpki and rustls ecosystem represent trust anchors with the
webpki::TrustAnchor type, containing only the data used as inputs for the RFC
5280 certificate path validation algorithm. In some instances (e.g. when
interacting with native platform certificate verifiers) it may be required to
provide trust anchors as full X.509 self-signed certificates.
Compared to webpki-roots this crate contains the full self-signed certificate
DER data for each trust anchor is included in webpki_roots.
License
The underlying data is used via the CCADB Data Usage Terms (see LICENSE).
The data in this crate is a derived work of the CCADB data.
Regenerating sources
Sources are generated in an integration test, in tests/codegen.rs. The test
will fail if the sources are out of date relative to upstream, and update
src/lib.rs if so. The code is generated in deterministic order so changes
to the source should only result from upstream changes.