Support CRLite and other features from browser cert stores

Open DemiMarie opened this issue 1 month ago • 2 comments

Linux has very poor PKI support. Unlike Windows, Darwin, and Android, Linux does not provide a system API for certificate validation, only a bunch of PEM files. See https://github.com/golang/go/issues/64537#issuecomment-3450983937.

If WebPKI supported all of the features from browsers, it would be possible to reuse the same data as browser trust stores use. It would also be possible to use WebPKI in browsers if they chose to go that route.

Oct 28 '25 00:10 DemiMarie

This is something we're working on -- stay tuned.

Oct 28 '25 08:10 djc

That is awesome! I’ll be watching.

Oct 28 '25 08:10 DemiMarie