X509_module
Description
Data Structures |
|
| struct | mbedtls_x509_crt |
|
Container for an X.509 certificate.
|
|
| struct | mbedtls_x509_san_other_name |
|
From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }.
|
|
| struct | mbedtls_x509_subject_alternative_name |
|
A structure for holding the parsed Subject Alternative Name, according to type.
|
|
| struct | mbedtls_x509_crt_profile |
|
Security profile for certificate verification.
|
|
| struct | mbedtls_x509write_cert |
|
Container for writing a certificate (CRT)
|
|
| struct | mbedtls_x509_crt_verify_chain_item |
|
Item in a verification chain: cert and flags for it.
|
|
| struct | mbedtls_x509_crt_verify_chain |
Verification chain as built by
mbedtls_crt_verify_chain()
|
|
| struct | mbedtls_x509_csr |
|
Certificate Signing Request (CSR) structure.
|
|
| struct | mbedtls_x509write_csr |
|
Container for writing a CSR.
|
|
| struct | mbedtls_x509_crl_entry |
|
Certificate revocation list entry.
|
|
| struct | mbedtls_x509_crl |
|
Certificate revocation list structure.
|
|
| struct | mbedtls_x509_time |
|
Container for date and time (precision in seconds).
|
|
Functions |
|
| int | mbedtls_x509_crt::MBEDTLS_PRIVATE (own_buffer) |
Indicates if
raw
is owned by the structure or not.
|
|
| int | mbedtls_x509_crt::MBEDTLS_PRIVATE (ext_types) |
|
Bit string containing detected and parsed extensions.
|
|
| int | mbedtls_x509_crt::MBEDTLS_PRIVATE (ca_istrue) |
|
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
|
|
| int | mbedtls_x509_crt::MBEDTLS_PRIVATE (max_pathlen) |
|
Optional Basic Constraint extension value: The maximum path length to the root certificate.
|
|
| unsigned int | mbedtls_x509_crt::MBEDTLS_PRIVATE (key_usage) |
|
Optional key usage extension value: See the values in x509.h.
|
|
| unsigned char | mbedtls_x509_crt::MBEDTLS_PRIVATE (ns_cert_type) |
|
Optional Netscape certificate type extension value: See the values in x509.h.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::MBEDTLS_PRIVATE (sig) |
|
Signature: hash of the tbs part signed with the private key.
|
|
| mbedtls_md_type_t | mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_md) |
|
Internal representation of the MD algorithm of the signature algorithm, e.g.
|
|
| mbedtls_pk_type_t | mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_pk) |
|
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
|
|
| void * | mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_opts) |
|
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
|
|
| int | mbedtls_x509write_cert::MBEDTLS_PRIVATE (version) |
| mbedtls_mpi | mbedtls_x509write_cert::MBEDTLS_PRIVATE (serial) |
| mbedtls_pk_context * | mbedtls_x509write_cert::MBEDTLS_PRIVATE (subject_key) |
| mbedtls_pk_context * | mbedtls_x509write_cert::MBEDTLS_PRIVATE (issuer_key) |
| mbedtls_asn1_named_data * | mbedtls_x509write_cert::MBEDTLS_PRIVATE (subject) |
| mbedtls_asn1_named_data * | mbedtls_x509write_cert::MBEDTLS_PRIVATE (issuer) |
| mbedtls_md_type_t | mbedtls_x509write_cert::MBEDTLS_PRIVATE (md_alg) |
| char | mbedtls_x509write_cert::MBEDTLS_PRIVATE (not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1] |
| char | mbedtls_x509write_cert::MBEDTLS_PRIVATE (not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1] |
| mbedtls_asn1_named_data * | mbedtls_x509write_cert::MBEDTLS_PRIVATE (extensions) |
| mbedtls_x509_crt * | mbedtls_x509_crt_verify_chain_item::MBEDTLS_PRIVATE (crt) |
| uint32_t | mbedtls_x509_crt_verify_chain_item::MBEDTLS_PRIVATE (flags) |
| mbedtls_x509_crt_verify_chain_item | mbedtls_x509_crt_verify_chain::MBEDTLS_PRIVATE (items)[ MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ] |
| unsigned | mbedtls_x509_crt_verify_chain::MBEDTLS_PRIVATE (len) |
| mbedtls_x509_buf | mbedtls_x509_csr::MBEDTLS_PRIVATE (sig) |
| mbedtls_md_type_t | mbedtls_x509_csr::MBEDTLS_PRIVATE (sig_md) |
|
Internal representation of the MD algorithm of the signature algorithm, e.g.
|
|
| mbedtls_pk_type_t | mbedtls_x509_csr::MBEDTLS_PRIVATE (sig_pk) |
|
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
|
|
| void * | mbedtls_x509_csr::MBEDTLS_PRIVATE (sig_opts) |
|
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
|
|
| mbedtls_pk_context * | mbedtls_x509write_csr::MBEDTLS_PRIVATE (key) |
| mbedtls_asn1_named_data * | mbedtls_x509write_csr::MBEDTLS_PRIVATE (subject) |
| mbedtls_md_type_t | mbedtls_x509write_csr::MBEDTLS_PRIVATE (md_alg) |
| mbedtls_asn1_named_data * | mbedtls_x509write_csr::MBEDTLS_PRIVATE (extensions) |
| mbedtls_x509_buf | mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_oid2) |
| mbedtls_x509_buf | mbedtls_x509_crl::MBEDTLS_PRIVATE (sig) |
| mbedtls_md_type_t | mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_md) |
|
Internal representation of the MD algorithm of the signature algorithm, e.g.
|
|
| mbedtls_pk_type_t | mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_pk) |
|
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
|
|
| void * | mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_opts) |
|
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
|
|
| int | mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn) |
|
Store the certificate DN in printable form into buf; no more than size characters will be written.
|
|
| int | mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial) |
|
Store the certificate serial in printable form into buf; no more than size characters will be written.
|
|
| int | mbedtls_x509_time_is_past (const mbedtls_x509_time *to) |
|
Check a given
mbedtls_x509_time
against the system time and tell if it's in the past.
|
|
| int | mbedtls_x509_time_is_future (const mbedtls_x509_time *from) |
|
Check a given
mbedtls_x509_time
against the system time and tell if it's in the future.
|
|
| int | mbedtls_x509_get_name (unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur) |
| int | mbedtls_x509_get_alg_null (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg) |
| int | mbedtls_x509_get_alg (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params) |
| int | mbedtls_x509_get_sig (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig) |
| int | mbedtls_x509_get_sig_alg (const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts) |
| int | mbedtls_x509_get_time (unsigned char **p, const unsigned char *end, mbedtls_x509_time *t) |
| int | mbedtls_x509_get_serial (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial) |
| int | mbedtls_x509_get_ext (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag) |
| int | mbedtls_x509_sig_alg_gets (char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts) |
| int | mbedtls_x509_key_size_helper (char *buf, size_t buf_size, const char *name) |
| int | mbedtls_x509_string_to_names ( mbedtls_asn1_named_data **head, const char *name) |
| int | mbedtls_x509_set_extension ( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len) |
| int | mbedtls_x509_write_extensions (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first) |
| int | mbedtls_x509_write_names (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first) |
| int | mbedtls_x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size) |
Macros |
|
| #define | MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 |
|
Maximum number of intermediate CAs in a verification chain.
|
|
| #define | MBEDTLS_X509_SAFE_SNPRINTF |
Variables |
|
| mbedtls_x509_buf | mbedtls_x509_crt::raw |
|
The raw certificate data (DER).
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::tbs |
|
The raw certificate body (DER).
|
|
| int | mbedtls_x509_crt::version |
|
The X.509 version.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::serial |
|
Unique id for certificate issued by a specific CA.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::sig_oid |
|
Signature algorithm, e.g.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::issuer_raw |
|
The raw issuer data (DER).
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::subject_raw |
|
The raw subject data (DER).
|
|
| mbedtls_x509_name | mbedtls_x509_crt::issuer |
|
The parsed issuer data (named information object).
|
|
| mbedtls_x509_name | mbedtls_x509_crt::subject |
|
The parsed subject data (named information object).
|
|
| mbedtls_x509_time | mbedtls_x509_crt::valid_from |
|
Start time of certificate validity.
|
|
| mbedtls_x509_time | mbedtls_x509_crt::valid_to |
|
End time of certificate validity.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::pk_raw |
| mbedtls_pk_context | mbedtls_x509_crt::pk |
|
Container for the public key context.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::issuer_id |
|
Optional X.509 v2/v3 issuer unique identifier.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::subject_id |
|
Optional X.509 v2/v3 subject unique identifier.
|
|
| mbedtls_x509_buf | mbedtls_x509_crt::v3_ext |
|
Optional X.509 v3 extensions.
|
|
| mbedtls_x509_sequence | mbedtls_x509_crt::subject_alt_names |
|
Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).
|
|
| mbedtls_x509_sequence | mbedtls_x509_crt::certificate_policies |
|
Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
|
|
| mbedtls_x509_sequence | mbedtls_x509_crt::ext_key_usage |
|
Optional list of extended key usage OIDs.
|
|
| struct mbedtls_x509_crt * | mbedtls_x509_crt::next |
|
Next certificate in the linked list that constitutes the CA chain.
|
|
| mbedtls_x509_buf | mbedtls_x509_san_other_name::type_id |
|
The type_id is an OID as deifned in RFC 5280.
|
|
| mbedtls_x509_buf mbedtls_x509_san_other_name::oid | |
|
The object identifier.
|
|
| mbedtls_x509_buf mbedtls_x509_san_other_name::val | |
|
The named value.
|
|
| struct { | |
| mbedtls_x509_buf mbedtls_x509_san_other_name::oid | |
|
The object identifier.
|
|
| mbedtls_x509_buf mbedtls_x509_san_other_name::val | |
|
The named value.
|
|
| } mbedtls_x509_san_other_name::hardware_module_name | |
|
From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.
|
|
| union { | |
| struct { | |
| mbedtls_x509_buf mbedtls_x509_san_other_name::oid | |
|
The object identifier.
|
|
| mbedtls_x509_buf mbedtls_x509_san_other_name::val | |
|
The named value.
|
|
| } mbedtls_x509_san_other_name::hardware_module_name | |
|
From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.
|
|
| } | mbedtls_x509_san_other_name::value |
| int | mbedtls_x509_subject_alternative_name::type |
|
The SAN type, value of MBEDTLS_X509_SAN_XXX.
|
|
| mbedtls_x509_san_other_name mbedtls_x509_subject_alternative_name::other_name | |
|
The otherName supported type.
|
|
| mbedtls_x509_buf mbedtls_x509_subject_alternative_name::unstructured_name | |
|
The buffer for the un constructed types.
|
|
| union { | |
| mbedtls_x509_san_other_name mbedtls_x509_subject_alternative_name::other_name | |
|
The otherName supported type.
|
|
| mbedtls_x509_buf mbedtls_x509_subject_alternative_name::unstructured_name | |
|
The buffer for the un constructed types.
|
|
| } | mbedtls_x509_subject_alternative_name::san |
|
A union of the supported SAN types.
|
|
| uint32_t | mbedtls_x509_crt_profile::allowed_mds |
|
MDs for signatures
|
|
| uint32_t | mbedtls_x509_crt_profile::allowed_pks |
|
PK algs for signatures
|
|
| uint32_t | mbedtls_x509_crt_profile::allowed_curves |
|
Elliptic curves for ECDSA
|
|
| uint32_t | mbedtls_x509_crt_profile::rsa_min_bitlen |
|
Minimum size for RSA keys
|
|
| mbedtls_x509_buf | mbedtls_x509_csr::raw |
|
The raw CSR data (DER).
|
|
| mbedtls_x509_buf | mbedtls_x509_csr::cri |
|
The raw CertificateRequestInfo body (DER).
|
|
| int | mbedtls_x509_csr::version |
|
CSR version (1=v1).
|
|
| mbedtls_x509_buf | mbedtls_x509_csr::subject_raw |
|
The raw subject data (DER).
|
|
| mbedtls_x509_name | mbedtls_x509_csr::subject |
|
The parsed subject data (named information object).
|
|
| mbedtls_pk_context | mbedtls_x509_csr::pk |
|
Container for the public key context.
|
|
| mbedtls_x509_buf | mbedtls_x509_csr::sig_oid |
| mbedtls_x509_buf | mbedtls_x509_crl_entry::raw |
|
Direct access to the whole entry inside the containing buffer.
|
|
| mbedtls_x509_buf | mbedtls_x509_crl_entry::serial |
|
The serial number of the revoked certificate.
|
|
| mbedtls_x509_time | mbedtls_x509_crl_entry::revocation_date |
|
The revocation date of this entry.
|
|
| mbedtls_x509_buf | mbedtls_x509_crl_entry::entry_ext |
|
Direct access to the list of CRL entry extensions (an ASN.1 constructed sequence).
|
|
| struct mbedtls_x509_crl_entry * | mbedtls_x509_crl_entry::next |
|
Next element in the linked list of entries.
|
|
| mbedtls_x509_buf | mbedtls_x509_crl::raw |
|
The raw certificate data (DER).
|
|
| mbedtls_x509_buf | mbedtls_x509_crl::tbs |
|
The raw certificate body (DER).
|
|
| int | mbedtls_x509_crl::version |
|
CRL version (1=v1, 2=v2)
|
|
| mbedtls_x509_buf | mbedtls_x509_crl::sig_oid |
|
CRL signature type identifier.
|
|
| mbedtls_x509_buf | mbedtls_x509_crl::issuer_raw |
|
The raw issuer data (DER).
|
|
| mbedtls_x509_name | mbedtls_x509_crl::issuer |
|
The parsed issuer data (named information object).
|
|
| mbedtls_x509_time | mbedtls_x509_crl::this_update |
| mbedtls_x509_time | mbedtls_x509_crl::next_update |
| mbedtls_x509_crl_entry | mbedtls_x509_crl::entry |
|
The CRL entries containing the certificate revocation times for this CA.
|
|
| mbedtls_x509_buf | mbedtls_x509_crl::crl_ext |
| struct mbedtls_x509_crl * | mbedtls_x509_crl::next |
|
Next element in the linked list of CRL.
|
|
| int | mbedtls_x509_time::year |
| int | mbedtls_x509_time::mon |
| int | mbedtls_x509_time::day |
|
Date.
|
|
| int | mbedtls_x509_time::hour |
| int | mbedtls_x509_time::min |
| int | mbedtls_x509_time::sec |
|
Time.
|
|
Structures and functions for parsing and writing X.509 certificates |
|
| typedef void | mbedtls_x509_crt_restart_ctx |
| #define | MBEDTLS_X509_ID_FLAG (id) ( 1 << ( (id) - 1 ) ) |
|
Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.
|
|
| #define | MBEDTLS_X509_CRT_VERSION_1 0 |
| #define | MBEDTLS_X509_CRT_VERSION_2 1 |
| #define | MBEDTLS_X509_CRT_VERSION_3 2 |
| #define | MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 |
| #define | MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 |
| #define | MBEDTLS_X509_MAX_FILE_PATH_LEN 512 |
| #define | MBEDTLS_X509_CRT_ERROR_INFO_LIST |
| #define | MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) |
|
Max size of verification chain: end-entity + intermediates + trusted root.
|
|
Structures and functions for parsing CRLs |
|
| int | mbedtls_x509_crl_parse_der ( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) |
|
Parse a DER-encoded CRL and append it to the chained list.
|
|
| int | mbedtls_x509_crl_parse ( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) |
|
Parse one or more CRLs and append them to the chained list.
|
|
| int | mbedtls_x509_crl_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl) |
|
Returns an informational string about the CRL.
|
|
| void | mbedtls_x509_crl_init ( mbedtls_x509_crl *crl) |
|
Initialize a CRL (chain)
|
|
| void | mbedtls_x509_crl_free ( mbedtls_x509_crl *crl) |
|
Unallocate all CRL data.
|
|
X509 Error codes |
|
| #define | MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 |
|
Unavailable feature, e.g.
|
|
| #define | MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 |
|
Requested OID is unknown.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 |
|
The CRT/CRL/CSR format is invalid, e.g.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 |
|
The CRT/CRL/CSR version element is invalid.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 |
|
The serial tag or value is invalid.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_ALG -0x2300 |
|
The algorithm tag or value is invalid.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_NAME -0x2380 |
|
The name tag or value is invalid.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_DATE -0x2400 |
|
The date tag or value is invalid.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 |
|
The signature tag or value invalid.
|
|
| #define | MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 |
|
The extension tag or value is invalid.
|
|
| #define | MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 |
|
CRT/CRL/CSR has an unsupported version number.
|
|
| #define | MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 |
|
Signature algorithm (oid) is unsupported.
|
|
| #define | MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 |
|
Signature algorithms do not match.
|
|
| #define | MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 |
|
Certificate verification failed, e.g.
|
|
| #define | MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 |
|
Format not recognized as DER or PEM.
|
|
| #define | MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 |
|
Input invalid.
|
|
| #define | MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 |
|
Allocation of memory failed.
|
|
| #define | MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 |
|
Read/write of file failed.
|
|
| #define | MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 |
|
Destination buffer is too small.
|
|
| #define | MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 |
|
A fatal error occurred, eg the chain is too long or the vrfy callback failed.
|
|
X509 Verify codes |
|
| #define | MBEDTLS_X509_BADCERT_EXPIRED 0x01 |
|
The certificate validity has expired.
|
|
| #define | MBEDTLS_X509_BADCERT_REVOKED 0x02 |
|
The certificate has been revoked (is on a CRL).
|
|
| #define | MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 |
|
The certificate Common Name (CN) does not match with the expected CN.
|
|
| #define | MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 |
|
The certificate is not correctly signed by the trusted CA.
|
|
| #define | MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 |
|
The CRL is not correctly signed by the trusted CA.
|
|
| #define | MBEDTLS_X509_BADCRL_EXPIRED 0x20 |
|
The CRL is expired.
|
|
| #define | MBEDTLS_X509_BADCERT_MISSING 0x40 |
|
Certificate was missing.
|
|
| #define | MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 |
|
Certificate verification was skipped.
|
|
| #define | MBEDTLS_X509_BADCERT_OTHER 0x0100 |
|
Other reason (can be used by verify callback)
|
|
| #define | MBEDTLS_X509_BADCERT_FUTURE 0x0200 |
|
The certificate validity starts in the future.
|
|
| #define | MBEDTLS_X509_BADCRL_FUTURE 0x0400 |
|
The CRL is from the future.
|
|
| #define | MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 |
|
Usage does not match the keyUsage extension.
|
|
| #define | MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 |
|
Usage does not match the extendedKeyUsage extension.
|
|
| #define | MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 |
|
Usage does not match the nsCertType extension.
|
|
| #define | MBEDTLS_X509_BADCERT_BAD_MD 0x4000 |
|
The certificate is signed with an unacceptable hash.
|
|
| #define | MBEDTLS_X509_BADCERT_BAD_PK 0x8000 |
|
The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).
|
|
| #define | MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 |
|
The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
|
|
| #define | MBEDTLS_X509_BADCRL_BAD_MD 0x020000 |
|
The CRL is signed with an unacceptable hash.
|
|
| #define | MBEDTLS_X509_BADCRL_BAD_PK 0x040000 |
|
The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).
|
|
| #define | MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 |
|
The CRL is signed with an unacceptable key (eg bad curve, RSA too short).
|
|
| #define | MBEDTLS_X509_SAN_OTHER_NAME 0 |
| #define | MBEDTLS_X509_SAN_RFC822_NAME 1 |
| #define | MBEDTLS_X509_SAN_DNS_NAME 2 |
| #define | MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3 |
| #define | MBEDTLS_X509_SAN_DIRECTORY_NAME 4 |
| #define | MBEDTLS_X509_SAN_EDI_PARTY_NAME 5 |
| #define | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 |
| #define | MBEDTLS_X509_SAN_IP_ADDRESS 7 |
| #define | MBEDTLS_X509_SAN_REGISTERED_ID 8 |
| #define | MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ |
| #define | MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ |
| #define | MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ |
| #define | MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ |
| #define | MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */ |
| #define | MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ |
| #define | MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ |
| #define | MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */ |
| #define | MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ |
| #define | MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ |
| #define | MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER |
| #define | MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER |
| #define | MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE |
| #define | MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES |
| #define | MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS |
| #define | MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ |
| #define | MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME |
| #define | MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS |
| #define | MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ |
| #define | MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS |
| #define | MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS |
| #define | MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE |
| #define | MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS |
| #define | MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY |
| #define | MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL |
| #define | MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE |
| #define | MBEDTLS_X509_FORMAT_DER 1 |
| #define | MBEDTLS_X509_FORMAT_PEM 2 |
| #define | MBEDTLS_X509_MAX_DN_NAME_SIZE 256 |
|
Maximum value size of a DN entry.
|
|
Structures for parsing X.509 certificates, CRLs and CSRs |
|
| typedef mbedtls_asn1_buf | mbedtls_x509_buf |
|
Type-length-value structure that allows for ASN1 using DER.
|
|
| typedef mbedtls_asn1_bitstring | mbedtls_x509_bitstring |
|
Container for ASN1 bit strings.
|
|
| typedef mbedtls_asn1_named_data | mbedtls_x509_name |
|
Container for ASN1 named information objects.
|
|
| typedef mbedtls_asn1_sequence | mbedtls_x509_sequence |
|
Container for a sequence of ASN.1 items.
|
|
Function Documentation
◆ MBEDTLS_PRIVATE() [1/16]
| int mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | own_buffer |
|
) |
Indicates if
raw
is owned by the structure or not.
◆ MBEDTLS_PRIVATE() [2/16]
| int mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | ext_types |
|
) |
Bit string containing detected and parsed extensions.
◆ MBEDTLS_PRIVATE() [3/16]
| int mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | ca_istrue |
|
) |
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
◆ MBEDTLS_PRIVATE() [4/16]
| int mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | max_pathlen |
|
) |
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Path length is 1 higher than RFC 5280 'meaning', so 1+
◆ MBEDTLS_PRIVATE() [5/16]
| unsigned int mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | key_usage |
|
) |
Optional key usage extension value: See the values in x509.h.
◆ MBEDTLS_PRIVATE() [6/16]
| unsigned char mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | ns_cert_type |
|
) |
Optional Netscape certificate type extension value: See the values in x509.h.
◆ MBEDTLS_PRIVATE() [7/16]
| mbedtls_x509_buf mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | sig |
|
) |
Signature: hash of the tbs part signed with the private key.
◆ MBEDTLS_PRIVATE() [8/16]
| mbedtls_md_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | sig_md |
|
) |
Internal representation of the MD algorithm of the signature algorithm, e.g.
MBEDTLS_MD_SHA256
◆ MBEDTLS_PRIVATE() [9/16]
| mbedtls_pk_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | sig_pk |
|
) |
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
MBEDTLS_PK_RSA
◆ MBEDTLS_PRIVATE() [10/16]
| void* mbedtls_x509_crt::MBEDTLS_PRIVATE | ( | sig_opts |
|
) |
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
for RSASSA-PSS
◆ MBEDTLS_PRIVATE() [11/16]
| mbedtls_md_type_t mbedtls_x509_csr::MBEDTLS_PRIVATE | ( | sig_md |
|
) |
Internal representation of the MD algorithm of the signature algorithm, e.g.
MBEDTLS_MD_SHA256
◆ MBEDTLS_PRIVATE() [12/16]
| mbedtls_pk_type_t mbedtls_x509_csr::MBEDTLS_PRIVATE | ( | sig_pk |
|
) |
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
MBEDTLS_PK_RSA
◆ MBEDTLS_PRIVATE() [13/16]
| void* mbedtls_x509_csr::MBEDTLS_PRIVATE | ( | sig_opts |
|
) |
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
for RSASSA-PSS
◆ MBEDTLS_PRIVATE() [14/16]
| mbedtls_md_type_t mbedtls_x509_crl::MBEDTLS_PRIVATE | ( | sig_md |
|
) |
Internal representation of the MD algorithm of the signature algorithm, e.g.
MBEDTLS_MD_SHA256
◆ MBEDTLS_PRIVATE() [15/16]
| mbedtls_pk_type_t mbedtls_x509_crl::MBEDTLS_PRIVATE | ( | sig_pk |
|
) |
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
MBEDTLS_PK_RSA
◆ MBEDTLS_PRIVATE() [16/16]
| void* mbedtls_x509_crl::MBEDTLS_PRIVATE | ( | sig_opts |
|
) |
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
for RSASSA-PSS
◆ mbedtls_x509_crl_parse_der()
| int mbedtls_x509_crl_parse_der | ( | mbedtls_x509_crl * |
chain,
|
| const unsigned char * |
buf,
|
||
| size_t |
buflen
|
||
| ) |
Parse a DER-encoded CRL and append it to the chained list.
- Parameters
-
chainpoints to the start of the chain bufbuffer holding the CRL data in DER format buflensize of the buffer (including the terminating null byte for PEM data)
- Returns
- 0 if successful, or a specific X509 or PEM error code
◆ mbedtls_x509_crl_parse()
| int mbedtls_x509_crl_parse | ( | mbedtls_x509_crl * |
chain,
|
| const unsigned char * |
buf,
|
||
| size_t |
buflen
|
||
| ) |
Parse one or more CRLs and append them to the chained list.
- Note
- Multiple CRLs are accepted only if using PEM format
- Parameters
-
chainpoints to the start of the chain bufbuffer holding the CRL data in PEM or DER format buflensize of the buffer (including the terminating null byte for PEM data)
- Returns
- 0 if successful, or a specific X509 or PEM error code
◆ mbedtls_x509_crl_info()
| int mbedtls_x509_crl_info | ( | char * |
buf,
|
| size_t |
size,
|
||
| const char * |
prefix,
|
||
| const mbedtls_x509_crl * |
crl
|
||
| ) |
Returns an informational string about the CRL.
- Parameters
-
bufBuffer to write to sizeMaximum size of buffer prefixA line prefix crlThe X509 CRL to represent
- Returns
- The length of the string written (not including the terminated nul byte), or a negative error code.
◆ mbedtls_x509_crl_init()
| void mbedtls_x509_crl_init | ( | mbedtls_x509_crl * |
crl
|
) |
Initialize a CRL (chain)
- Parameters
-
crlCRL chain to initialize
◆ mbedtls_x509_crl_free()
| void mbedtls_x509_crl_free | ( | mbedtls_x509_crl * |
crl
|
) |
Unallocate all CRL data.
- Parameters
-
crlCRL chain to free
◆ mbedtls_x509_dn_gets()
| int mbedtls_x509_dn_gets | ( | char * |
buf,
|
| size_t |
size,
|
||
| const mbedtls_x509_name * |
dn
|
||
| ) |
Store the certificate DN in printable form into buf; no more than size characters will be written.
- Parameters
-
bufBuffer to write to sizeMaximum size of buffer dnThe X509 name to represent
- Returns
- The length of the string written (not including the terminated nul byte), or a negative error code.
◆ mbedtls_x509_serial_gets()
| int mbedtls_x509_serial_gets | ( | char * |
buf,
|
| size_t |
size,
|
||
| const mbedtls_x509_buf * |
serial
|
||
| ) |
Store the certificate serial in printable form into buf; no more than size characters will be written.
- Parameters
-
bufBuffer to write to sizeMaximum size of buffer serialThe X509 serial to represent
- Returns
- The length of the string written (not including the terminated nul byte), or a negative error code.
◆ mbedtls_x509_time_is_past()
| int mbedtls_x509_time_is_past | ( | const mbedtls_x509_time * |
to
|
) |
Check a given mbedtls_x509_time against the system time and tell if it's in the past.
- Note
- Intended usage is "if( is_past( valid_to ) ) ERROR". Hence the return value of 1 if on internal errors.
- Parameters
-
tombedtls_x509_time to check
- Returns
- 1 if the given time is in the past or an error occurred, 0 otherwise.
◆ mbedtls_x509_time_is_future()
| int mbedtls_x509_time_is_future | ( | const mbedtls_x509_time * |
from
|
) |
Check a given mbedtls_x509_time against the system time and tell if it's in the future.
- Note
- Intended usage is "if( is_future( valid_from ) ) ERROR". Hence the return value of 1 if on internal errors.
- Parameters
-
frommbedtls_x509_time to check
- Returns
- 1 if the given time is in the future or an error occurred, 0 otherwise.
Macro Definition Documentation
◆ MBEDTLS_X509_ID_FLAG
| #define MBEDTLS_X509_ID_FLAG | ( |
id
|
) | ( 1 << ( (id) - 1 ) ) |
Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.
◆ MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
| #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) |
Max size of verification chain: end-entity + intermediates + trusted root.
◆ MBEDTLS_X509_MAX_INTERMEDIATE_CA
| #define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 |
Maximum number of intermediate CAs in a verification chain.
That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate.
Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.
◆ MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
| #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 |
Unavailable feature, e.g.
RSA hashing/encryption combination.
◆ MBEDTLS_ERR_X509_UNKNOWN_OID
| #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 |
Requested OID is unknown.
◆ MBEDTLS_ERR_X509_INVALID_FORMAT
| #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 |
The CRT/CRL/CSR format is invalid, e.g.
different type expected.
◆ MBEDTLS_ERR_X509_INVALID_VERSION
| #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 |
The CRT/CRL/CSR version element is invalid.
◆ MBEDTLS_ERR_X509_INVALID_SERIAL
| #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 |
The serial tag or value is invalid.
◆ MBEDTLS_ERR_X509_INVALID_ALG
| #define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 |
The algorithm tag or value is invalid.
◆ MBEDTLS_ERR_X509_INVALID_NAME
| #define MBEDTLS_ERR_X509_INVALID_NAME -0x2380 |
The name tag or value is invalid.
◆ MBEDTLS_ERR_X509_INVALID_DATE
| #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 |
The date tag or value is invalid.
◆ MBEDTLS_ERR_X509_INVALID_SIGNATURE
| #define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 |
The signature tag or value invalid.
◆ MBEDTLS_ERR_X509_INVALID_EXTENSIONS
| #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 |
The extension tag or value is invalid.
◆ MBEDTLS_ERR_X509_UNKNOWN_VERSION
| #define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 |
CRT/CRL/CSR has an unsupported version number.
◆ MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
| #define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 |
Signature algorithm (oid) is unsupported.
◆ MBEDTLS_ERR_X509_SIG_MISMATCH
| #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 |
Signature algorithms do not match.
(see
mbedtls_x509_crt
sig_oid)
◆ MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
| #define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 |
Certificate verification failed, e.g.
CRL, CA or signature check failed.
◆ MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
| #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 |
Format not recognized as DER or PEM.
◆ MBEDTLS_ERR_X509_BAD_INPUT_DATA
| #define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 |
Input invalid.
◆ MBEDTLS_ERR_X509_ALLOC_FAILED
| #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 |
Allocation of memory failed.
◆ MBEDTLS_ERR_X509_FILE_IO_ERROR
| #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 |
Read/write of file failed.
◆ MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
| #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 |
Destination buffer is too small.
◆ MBEDTLS_ERR_X509_FATAL_ERROR
| #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 |
A fatal error occurred, eg the chain is too long or the vrfy callback failed.
◆ MBEDTLS_X509_BADCERT_EXPIRED
| #define MBEDTLS_X509_BADCERT_EXPIRED 0x01 |
The certificate validity has expired.
◆ MBEDTLS_X509_BADCERT_REVOKED
| #define MBEDTLS_X509_BADCERT_REVOKED 0x02 |
The certificate has been revoked (is on a CRL).
◆ MBEDTLS_X509_BADCERT_CN_MISMATCH
| #define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 |
The certificate Common Name (CN) does not match with the expected CN.
◆ MBEDTLS_X509_BADCERT_NOT_TRUSTED
| #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 |
The certificate is not correctly signed by the trusted CA.
◆ MBEDTLS_X509_BADCRL_NOT_TRUSTED
| #define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 |
The CRL is not correctly signed by the trusted CA.
◆ MBEDTLS_X509_BADCRL_EXPIRED
| #define MBEDTLS_X509_BADCRL_EXPIRED 0x20 |
The CRL is expired.
◆ MBEDTLS_X509_BADCERT_MISSING
| #define MBEDTLS_X509_BADCERT_MISSING 0x40 |
Certificate was missing.
◆ MBEDTLS_X509_BADCERT_SKIP_VERIFY
| #define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 |
Certificate verification was skipped.
◆ MBEDTLS_X509_BADCERT_OTHER
| #define MBEDTLS_X509_BADCERT_OTHER 0x0100 |
Other reason (can be used by verify callback)
◆ MBEDTLS_X509_BADCERT_FUTURE
| #define MBEDTLS_X509_BADCERT_FUTURE 0x0200 |
The certificate validity starts in the future.
◆ MBEDTLS_X509_BADCRL_FUTURE
| #define MBEDTLS_X509_BADCRL_FUTURE 0x0400 |
The CRL is from the future.
◆ MBEDTLS_X509_BADCERT_KEY_USAGE
| #define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 |
Usage does not match the keyUsage extension.
◆ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
| #define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 |
Usage does not match the extendedKeyUsage extension.
◆ MBEDTLS_X509_BADCERT_NS_CERT_TYPE
| #define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 |
Usage does not match the nsCertType extension.
◆ MBEDTLS_X509_BADCERT_BAD_MD
| #define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 |
The certificate is signed with an unacceptable hash.
◆ MBEDTLS_X509_BADCERT_BAD_PK
| #define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 |
The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).
◆ MBEDTLS_X509_BADCERT_BAD_KEY
| #define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 |
The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
◆ MBEDTLS_X509_BADCRL_BAD_MD
| #define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 |
The CRL is signed with an unacceptable hash.
◆ MBEDTLS_X509_BADCRL_BAD_PK
| #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 |
The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).
◆ MBEDTLS_X509_BADCRL_BAD_KEY
| #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 |
The CRL is signed with an unacceptable key (eg bad curve, RSA too short).
◆ MBEDTLS_X509_MAX_DN_NAME_SIZE
| #define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 |
Maximum value size of a DN entry.
◆ MBEDTLS_X509_SAFE_SNPRINTF
| #define MBEDTLS_X509_SAFE_SNPRINTF |
Typedef Documentation
◆ mbedtls_x509_buf
| typedef mbedtls_asn1_buf mbedtls_x509_buf |
Type-length-value structure that allows for ASN1 using DER.
◆ mbedtls_x509_bitstring
Container for ASN1 bit strings.
◆ mbedtls_x509_name
Container for ASN1 named information objects.
It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
◆ mbedtls_x509_sequence
Container for a sequence of ASN.1 items.
Variable Documentation
◆ raw [1/4]
| mbedtls_x509_buf mbedtls_x509_crt::raw |
The raw certificate data (DER).
◆ tbs [1/2]
| mbedtls_x509_buf mbedtls_x509_crt::tbs |
The raw certificate body (DER).
The part that is To Be Signed.
◆ version [1/3]
| int mbedtls_x509_crt::version |
The X.509 version.
(1=v1, 2=v2, 3=v3)
◆ serial [1/2]
| mbedtls_x509_buf mbedtls_x509_crt::serial |
Unique id for certificate issued by a specific CA.
◆ sig_oid [1/2]
| mbedtls_x509_buf mbedtls_x509_crt::sig_oid |
Signature algorithm, e.g.
sha1RSA
◆ issuer_raw [1/2]
| mbedtls_x509_buf mbedtls_x509_crt::issuer_raw |
The raw issuer data (DER).
Used for quick comparison.
◆ subject_raw [1/2]
| mbedtls_x509_buf mbedtls_x509_crt::subject_raw |
The raw subject data (DER).
Used for quick comparison.
◆ issuer [1/2]
| mbedtls_x509_name mbedtls_x509_crt::issuer |
The parsed issuer data (named information object).
◆ subject [1/2]
| mbedtls_x509_name mbedtls_x509_crt::subject |
The parsed subject data (named information object).
◆ valid_from
| mbedtls_x509_time mbedtls_x509_crt::valid_from |
Start time of certificate validity.
◆ valid_to
| mbedtls_x509_time mbedtls_x509_crt::valid_to |
End time of certificate validity.
◆ pk [1/2]
| mbedtls_pk_context mbedtls_x509_crt::pk |
Container for the public key context.
◆ issuer_id
| mbedtls_x509_buf mbedtls_x509_crt::issuer_id |
Optional X.509 v2/v3 issuer unique identifier.
◆ subject_id
| mbedtls_x509_buf mbedtls_x509_crt::subject_id |
Optional X.509 v2/v3 subject unique identifier.
◆ v3_ext
| mbedtls_x509_buf mbedtls_x509_crt::v3_ext |
Optional X.509 v3 extensions.
◆ subject_alt_names
| mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names |
Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).
◆ certificate_policies
| mbedtls_x509_sequence mbedtls_x509_crt::certificate_policies |
Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
◆ ext_key_usage
| mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage |
Optional list of extended key usage OIDs.
◆ next [1/3]
| struct mbedtls_x509_crt * mbedtls_x509_crt::next |
Next certificate in the linked list that constitutes the CA chain.
NULL
indicates the end of the list. Do not modify this field directly.
◆ type_id
| mbedtls_x509_buf mbedtls_x509_san_other_name::type_id |
The type_id is an OID as deifned in RFC 5280.
To check the value of the type id, you should use
MBEDTLS_OID_CMP
with a known OID mbedtls_x509_buf. The type id.
◆ oid [1/2]
| mbedtls_x509_buf mbedtls_x509_san_other_name::oid |
The object identifier.
◆ oid [2/2]
| mbedtls_x509_buf { ... } ::oid |
The object identifier.
◆ val [1/2]
| mbedtls_x509_buf mbedtls_x509_san_other_name::val |
The named value.
◆ val [2/2]
| mbedtls_x509_buf { ... } ::val |
The named value.
◆ hardware_module_name [1/2]
| struct { ... } mbedtls_x509_san_other_name::hardware_module_name |
From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.
◆ hardware_module_name [2/2]
| struct { ... } ::hardware_module_name |
From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.
◆ type
| int mbedtls_x509_subject_alternative_name::type |
The SAN type, value of MBEDTLS_X509_SAN_XXX.
◆ other_name [1/2]
| mbedtls_x509_san_other_name mbedtls_x509_subject_alternative_name::other_name |
The otherName supported type.
◆ other_name [2/2]
| mbedtls_x509_san_other_name { ... } ::other_name |
The otherName supported type.
◆ unstructured_name [1/2]
| mbedtls_x509_buf mbedtls_x509_subject_alternative_name::unstructured_name |
The buffer for the un constructed types.
Only dnsName currently supported
◆ unstructured_name [2/2]
| mbedtls_x509_buf { ... } ::unstructured_name |
The buffer for the un constructed types.
Only dnsName currently supported
◆ san
| union { ... } mbedtls_x509_subject_alternative_name::san |
A union of the supported SAN types.
◆ allowed_mds
| uint32_t mbedtls_x509_crt_profile::allowed_mds |
MDs for signatures
◆ allowed_pks
| uint32_t mbedtls_x509_crt_profile::allowed_pks |
PK algs for signatures
◆ allowed_curves
| uint32_t mbedtls_x509_crt_profile::allowed_curves |
Elliptic curves for ECDSA
◆ rsa_min_bitlen
| uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen |
Minimum size for RSA keys
◆ raw [2/4]
| mbedtls_x509_buf mbedtls_x509_csr::raw |
The raw CSR data (DER).
◆ cri
| mbedtls_x509_buf mbedtls_x509_csr::cri |
The raw CertificateRequestInfo body (DER).
◆ version [2/3]
| int mbedtls_x509_csr::version |
CSR version (1=v1).
◆ subject_raw [2/2]
| mbedtls_x509_buf mbedtls_x509_csr::subject_raw |
The raw subject data (DER).
◆ subject [2/2]
| mbedtls_x509_name mbedtls_x509_csr::subject |
The parsed subject data (named information object).
◆ pk [2/2]
| mbedtls_pk_context mbedtls_x509_csr::pk |
Container for the public key context.
◆ raw [3/4]
| mbedtls_x509_buf mbedtls_x509_crl_entry::raw |
Direct access to the whole entry inside the containing buffer.
◆ serial [2/2]
| mbedtls_x509_buf mbedtls_x509_crl_entry::serial |
The serial number of the revoked certificate.
◆ revocation_date
| mbedtls_x509_time mbedtls_x509_crl_entry::revocation_date |
The revocation date of this entry.
◆ entry_ext
| mbedtls_x509_buf mbedtls_x509_crl_entry::entry_ext |
Direct access to the list of CRL entry extensions (an ASN.1 constructed sequence).
If there are no extensions,
entry_ext.len == 0
and
entry_ext.p == NULL
.
◆ next [2/3]
| struct mbedtls_x509_crl_entry * mbedtls_x509_crl_entry::next |
Next element in the linked list of entries.
NULL
indicates the end of the list. Do not modify this field directly.
◆ raw [4/4]
| mbedtls_x509_buf mbedtls_x509_crl::raw |
The raw certificate data (DER).
◆ tbs [2/2]
| mbedtls_x509_buf mbedtls_x509_crl::tbs |
The raw certificate body (DER).
The part that is To Be Signed.
◆ version [3/3]
| int mbedtls_x509_crl::version |
CRL version (1=v1, 2=v2)
◆ sig_oid [2/2]
| mbedtls_x509_buf mbedtls_x509_crl::sig_oid |
CRL signature type identifier.
◆ issuer_raw [2/2]
| mbedtls_x509_buf mbedtls_x509_crl::issuer_raw |
The raw issuer data (DER).
◆ issuer [2/2]
| mbedtls_x509_name mbedtls_x509_crl::issuer |
The parsed issuer data (named information object).
◆ entry
| mbedtls_x509_crl_entry mbedtls_x509_crl::entry |
The CRL entries containing the certificate revocation times for this CA.
◆ next [3/3]
| struct mbedtls_x509_crl * mbedtls_x509_crl::next |
Next element in the linked list of CRL.
NULL
indicates the end of the list. Do not modify this field directly.
◆ day
| int mbedtls_x509_time::day |
Date.
◆ sec
| int mbedtls_x509_time::sec |
Time.