RFE: Stable C API and ABI

[DemiMarie]

Many applications and libraries that do certificate validation are not written in Rust. Providing a C API would not only allow them to use a memory-safe validation implementation, but (once #403 is implemented) it would give them the same features that platform APIs do on Windows, Darwin, and Android.

For various reasons, to be useful this would need to have a stable API and ABI.

[djc]

Can you be more specific about your envisioned use case(s)?

[DemiMarie]

The main one is to give libcurl and any other library or program that wants it access to a browser-grade WebPKI implementation on Linux. This includes features like CRLite, certificate transparency, “not trusted after” dates for root certificates, and (in the future) Merkle tree certificates. The last is necessary to have post-quantum TLS handshakes that aren’t enormous. It might even involve pin lists someday, if that is in scope for WebPKI.

Windows and macOS provide these in their platform APIs, but Linux applications have never had access to them. My hope is that WebPKI could be the way to validate TLS certificates on Linux.

Obviously this is rather ambitious, and I’m not sure if it is in scope, but it would be awesome if it was.

Feel free to say if I am making too many suggestions without contributing code or money.

[djc]

I think we're interested in making this happen, but we're going to require some funding -- let's see how things progress.