This workspace contains the crates webpki-roots and webpki-ccadb.
The webpki-roots crate contains Mozilla's root certificates for use with the webpki or rustls crates.
The webpki-ccadb crate populates the root certificates for the webpki-roots crate using the data provided by the Common CA Database (CCADB). Inspired by certifi.io.
This library is suitable for use in applications that can always be recompiled and instantly deployed. For applications that are deployed to end-users and cannot be recompiled, or which need certification before deployment, consider a library that uses the platform native certificate verifier such as rustls-platform-verifier. This has the additional benefit of supporting OS provided CA constraints and revocation data.
The underlying data is MPL-licensed, and webpki-roots/src/lib.rs
is therefore a derived work.
Sources are generated in an integration test, in webpki-roots/tests/codegen.rs. The test
will fail if the sources are out of date relative to upstream, and update
webpki-roots/src/lib.rs if so. The code is generated in deterministic order so changes
to the source should only result from upstream changes.
![dependabot[bot]](https://avatars.githubusercontent.com/u/49699333?size=120)
![dependabot-preview[bot]](https://avatars.githubusercontent.com/u/27856297?size=120)
