Check if a certificate is self-signed by comparing issuer and subject. Returns true if the certificate is self-signed (issuer == subject).
(cert_der: &CertificateDer<'_>)
| 1625 | /// Check if a certificate is self-signed by comparing issuer and subject. |
| 1626 | /// Returns true if the certificate is self-signed (issuer == subject). |
| 1627 | fn is_self_signed(cert_der: &CertificateDer<'_>) -> bool { |
| 1628 | use x509_parser::prelude::*; |
| 1629 | |
| 1630 | // Parse the certificate |
| 1631 | let Ok((_, cert)) = X509Certificate::from_der(cert_der.as_ref()) else { |
| 1632 | // If we can't parse it, assume it's not self-signed (conservative approach) |
| 1633 | return false; |
| 1634 | }; |
| 1635 | |
| 1636 | // Compare issuer and subject |
| 1637 | // A certificate is self-signed if issuer == subject |
| 1638 | cert.issuer() == cert.subject() |
| 1639 | } |
| 1640 | |
| 1641 | /// Verify that a certificate is valid for the given hostname/IP address. |
| 1642 | /// This function checks Subject Alternative Names (SAN) and Common Name (CN). |
no test coverage detected