Brian Smith

Implement iteration through certificate chain as an iterator.

1

Factor out the boilerplate of navigating through the linked list.

- [ ] Support external SCTs. Prototype this by implementing it in terms of sct.rs. - [ ] Parse SCTs embedded in certificates - [ ] Valid SCTs should be...

Refactor tests to work in `no_std` environments without `alloc`

1

- [x] Get rid of use of `std::io` in tests, similarly to how it is done in *ring*. - [ ] Get rid of memory allocation in tests when practical....

Add proper support for emailAddress name constraints

1

webpki considers email addresses to be an "unsupported" name type and thus we reject any certificate that contains an email address if there are any email address name constraints. But,...

The baseline requirements, for a long time, have forbidden CAs from issuing subscriber certificates directly from the root. A consequence of this is that there must be at least one...

Redesign the trust_anchor_util feature

2

`trust_anchor_util` doesn't need any cryptography so it should be in a crate that doesn't depend on *ring*. When using `trust_anchor_util` in a program that doesn't use *ring*, we shouldn't need...