MCPcopy Index your code
hub / github.com/RustPython/RustPython / is_ca_certificate

Function is_ca_certificate

crates/stdlib/src/ssl/cert.rs:271–287  ·  view source on GitHub ↗

Check if a certificate is a CA certificate by examining the Basic Constraints extension Returns `true` if the certificate has Basic Constraints with CA=true, `false` otherwise (including parse errors or missing extension). This matches OpenSSL's X509_check_ca() behavior.

(cert_der: &[u8])

Source from the content-addressed store, hash-verified

269/// `false` otherwise (including parse errors or missing extension).
270/// This matches OpenSSL's X509_check_ca() behavior.
271pub fn is_ca_certificate(cert_der: &[u8]) -> bool {
272 // Parse the certificate
273 let Ok((_, cert)) = X509Certificate::from_der(cert_der) else {
274 return false;
275 };
276
277 // Check Basic Constraints extension
278 // If extension exists and CA=true, it's a CA certificate
279 // Otherwise (no extension or CA=false), it's NOT a CA certificate
280 if let Ok(Some(ext)) = cert.basic_constraints() {
281 return ext.value.ca;
282 }
283
284 // No Basic Constraints extension -> NOT a CA certificate
285 // (matches OpenSSL X509_check_ca() behavior)
286 false
287}
288
289/// Convert an X509Name to Python nested tuple format for SSL certificate dicts
290///

Callers 2

add_cert_to_storeMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected