Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crl: make verify_signature crate-internal, use budget
Previously the `verify_signature` fn was part of the `CertRevocationList` trait, and so part of the public API. This meant we couldn't accept an `untrusted::Input` argument, or more importantly, a `Budget` to use to indicate we've consumed a signature validation operation. Now that the `CertRevocationList` type is an enum we can easily make this fn crate-internal. It doesn't seem especially valuable to external users, especially given that it's somewhat nuanced/cumbersome to build the right SPKI representation to use for validation outside of webpki. This commit makes the fn crate internal, adds the `Budget` argument, reworks the SPKI to be an `untrusted::Input` and folds-in the `signed_data` crate-internal fn since it wasn't being used anywhere except in `verify_signature`. The net result is that it's not impossible to verify a CRL signature without providing a budget to use. In the path building context in `verify_cert.rs` we pass through the budget we use for the overall accounting during path building.
- Loading branch information