X509_module

Description

Data Structures

struct  mbedtls_x509_crt
 Container for an X.509 certificate.
 
struct  mbedtls_x509_san_other_name
 From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }.
 
struct  mbedtls_x509_subject_alternative_name
 A structure for holding the parsed Subject Alternative Name, according to type.
 
struct  mbedtls_x509_crt_profile
 Security profile for certificate verification.
 
struct  mbedtls_x509write_cert
 Container for writing a certificate (CRT)
 
struct  mbedtls_x509_crt_verify_chain_item
 Item in a verification chain: cert and flags for it.
 
struct  mbedtls_x509_crt_verify_chain
 Verification chain as built by mbedtls_crt_verify_chain()
 
struct  mbedtls_x509_csr
 Certificate Signing Request (CSR) structure.
 
struct  mbedtls_x509write_csr
 Container for writing a CSR.
 
struct  mbedtls_x509_crl_entry
 Certificate revocation list entry.
 
struct  mbedtls_x509_crl
 Certificate revocation list structure.
 
struct  mbedtls_x509_time
 Container for date and time (precision in seconds).
 

Functions

int mbedtls_x509_crt::MBEDTLS_PRIVATE (own_buffer)
 Indicates if raw is owned by the structure or not.
 
int mbedtls_x509_crt::MBEDTLS_PRIVATE (ext_types)
 Bit string containing detected and parsed extensions.
 
int mbedtls_x509_crt::MBEDTLS_PRIVATE (ca_istrue)
 Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
 
int mbedtls_x509_crt::MBEDTLS_PRIVATE (max_pathlen)
 Optional Basic Constraint extension value: The maximum path length to the root certificate.
 
unsigned int mbedtls_x509_crt::MBEDTLS_PRIVATE (key_usage)
 Optional key usage extension value: See the values in x509.h.
 
unsigned char mbedtls_x509_crt::MBEDTLS_PRIVATE (ns_cert_type)
 Optional Netscape certificate type extension value: See the values in x509.h.
 
mbedtls_x509_buf mbedtls_x509_crt::MBEDTLS_PRIVATE (sig)
 Signature: hash of the tbs part signed with the private key.
 
mbedtls_md_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_md)
 Internal representation of the MD algorithm of the signature algorithm, e.g.
 
mbedtls_pk_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_pk)
 Internal representation of the Public Key algorithm of the signature algorithm, e.g.
 
void * mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_opts)
 Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
 
int mbedtls_x509write_cert::MBEDTLS_PRIVATE (version)
 
mbedtls_mpi mbedtls_x509write_cert::MBEDTLS_PRIVATE (serial)
 
mbedtls_pk_contextmbedtls_x509write_cert::MBEDTLS_PRIVATE (subject_key)
 
mbedtls_pk_contextmbedtls_x509write_cert::MBEDTLS_PRIVATE (issuer_key)
 
mbedtls_asn1_named_datambedtls_x509write_cert::MBEDTLS_PRIVATE (subject)
 
mbedtls_asn1_named_datambedtls_x509write_cert::MBEDTLS_PRIVATE (issuer)
 
mbedtls_md_type_t mbedtls_x509write_cert::MBEDTLS_PRIVATE (md_alg)
 
char mbedtls_x509write_cert::MBEDTLS_PRIVATE (not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
 
char mbedtls_x509write_cert::MBEDTLS_PRIVATE (not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
 
mbedtls_asn1_named_datambedtls_x509write_cert::MBEDTLS_PRIVATE (extensions)
 
mbedtls_x509_crtmbedtls_x509_crt_verify_chain_item::MBEDTLS_PRIVATE (crt)
 
uint32_t mbedtls_x509_crt_verify_chain_item::MBEDTLS_PRIVATE (flags)
 
mbedtls_x509_crt_verify_chain_item mbedtls_x509_crt_verify_chain::MBEDTLS_PRIVATE (items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]
 
unsigned mbedtls_x509_crt_verify_chain::MBEDTLS_PRIVATE (len)
 
mbedtls_x509_buf mbedtls_x509_csr::MBEDTLS_PRIVATE (sig)
 
mbedtls_md_type_t mbedtls_x509_csr::MBEDTLS_PRIVATE (sig_md)
 Internal representation of the MD algorithm of the signature algorithm, e.g.
 
mbedtls_pk_type_t mbedtls_x509_csr::MBEDTLS_PRIVATE (sig_pk)
 Internal representation of the Public Key algorithm of the signature algorithm, e.g.
 
void * mbedtls_x509_csr::MBEDTLS_PRIVATE (sig_opts)
 Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
 
mbedtls_pk_contextmbedtls_x509write_csr::MBEDTLS_PRIVATE (key)
 
mbedtls_asn1_named_datambedtls_x509write_csr::MBEDTLS_PRIVATE (subject)
 
mbedtls_md_type_t mbedtls_x509write_csr::MBEDTLS_PRIVATE (md_alg)
 
mbedtls_asn1_named_datambedtls_x509write_csr::MBEDTLS_PRIVATE (extensions)
 
mbedtls_x509_buf mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_oid2)
 
mbedtls_x509_buf mbedtls_x509_crl::MBEDTLS_PRIVATE (sig)
 
mbedtls_md_type_t mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_md)
 Internal representation of the MD algorithm of the signature algorithm, e.g.
 
mbedtls_pk_type_t mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_pk)
 Internal representation of the Public Key algorithm of the signature algorithm, e.g.
 
void * mbedtls_x509_crl::MBEDTLS_PRIVATE (sig_opts)
 Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
 
int mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written.
 
int mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written.
 
int mbedtls_x509_time_is_past (const mbedtls_x509_time *to)
 Check a given mbedtls_x509_time against the system time and tell if it's in the past.
 
int mbedtls_x509_time_is_future (const mbedtls_x509_time *from)
 Check a given mbedtls_x509_time against the system time and tell if it's in the future.
 
int mbedtls_x509_get_name (unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
 
int mbedtls_x509_get_alg_null (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg)
 
int mbedtls_x509_get_alg (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
 
int mbedtls_x509_get_sig (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
 
int mbedtls_x509_get_sig_alg (const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
 
int mbedtls_x509_get_time (unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
 
int mbedtls_x509_get_serial (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
 
int mbedtls_x509_get_ext (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
 
int mbedtls_x509_sig_alg_gets (char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
 
int mbedtls_x509_key_size_helper (char *buf, size_t buf_size, const char *name)
 
int mbedtls_x509_string_to_names (mbedtls_asn1_named_data **head, const char *name)
 
int mbedtls_x509_set_extension (mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 
int mbedtls_x509_write_extensions (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
 
int mbedtls_x509_write_names (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
 
int mbedtls_x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
 

Macros

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
 Maximum number of intermediate CAs in a verification chain.
 
#define MBEDTLS_X509_SAFE_SNPRINTF
 

Variables

mbedtls_x509_buf mbedtls_x509_crt::raw
 The raw certificate data (DER).
 
mbedtls_x509_buf mbedtls_x509_crt::tbs
 The raw certificate body (DER).
 
int mbedtls_x509_crt::version
 The X.509 version.
 
mbedtls_x509_buf mbedtls_x509_crt::serial
 Unique id for certificate issued by a specific CA.
 
mbedtls_x509_buf mbedtls_x509_crt::sig_oid
 Signature algorithm, e.g.
 
mbedtls_x509_buf mbedtls_x509_crt::issuer_raw
 The raw issuer data (DER).
 
mbedtls_x509_buf mbedtls_x509_crt::subject_raw
 The raw subject data (DER).
 
mbedtls_x509_name mbedtls_x509_crt::issuer
 The parsed issuer data (named information object).
 
mbedtls_x509_name mbedtls_x509_crt::subject
 The parsed subject data (named information object).
 
mbedtls_x509_time mbedtls_x509_crt::valid_from
 Start time of certificate validity.
 
mbedtls_x509_time mbedtls_x509_crt::valid_to
 End time of certificate validity.
 
mbedtls_x509_buf mbedtls_x509_crt::pk_raw
 
mbedtls_pk_context mbedtls_x509_crt::pk
 Container for the public key context.
 
mbedtls_x509_buf mbedtls_x509_crt::issuer_id
 Optional X.509 v2/v3 issuer unique identifier.
 
mbedtls_x509_buf mbedtls_x509_crt::subject_id
 Optional X.509 v2/v3 subject unique identifier.
 
mbedtls_x509_buf mbedtls_x509_crt::v3_ext
 Optional X.509 v3 extensions.
 
mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names
 Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).
 
mbedtls_x509_sequence mbedtls_x509_crt::certificate_policies
 Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
 
mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage
 Optional list of extended key usage OIDs.
 
struct mbedtls_x509_crtmbedtls_x509_crt::next
 Next certificate in the linked list that constitutes the CA chain.
 
mbedtls_x509_buf mbedtls_x509_san_other_name::type_id
 The type_id is an OID as deifned in RFC 5280.
 
mbedtls_x509_buf   mbedtls_x509_san_other_name::oid
 The object identifier.
 
mbedtls_x509_buf   mbedtls_x509_san_other_name::val
 The named value.
 
struct {
   mbedtls_x509_buf   mbedtls_x509_san_other_name::oid
 The object identifier.
 
   mbedtls_x509_buf   mbedtls_x509_san_other_name::val
 The named value.
 
}   mbedtls_x509_san_other_name::hardware_module_name
 From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.
 
union {
   struct {
      mbedtls_x509_buf   mbedtls_x509_san_other_name::oid
 The object identifier.
 
      mbedtls_x509_buf   mbedtls_x509_san_other_name::val
 The named value.
 
   }   mbedtls_x509_san_other_name::hardware_module_name
 From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.
 
mbedtls_x509_san_other_name::value
 
int mbedtls_x509_subject_alternative_name::type
 The SAN type, value of MBEDTLS_X509_SAN_XXX.
 
mbedtls_x509_san_other_name   mbedtls_x509_subject_alternative_name::other_name
 The otherName supported type.
 
mbedtls_x509_buf   mbedtls_x509_subject_alternative_name::unstructured_name
 The buffer for the un constructed types.
 
union {
   mbedtls_x509_san_other_name   mbedtls_x509_subject_alternative_name::other_name
 The otherName supported type.
 
   mbedtls_x509_buf   mbedtls_x509_subject_alternative_name::unstructured_name
 The buffer for the un constructed types.
 
mbedtls_x509_subject_alternative_name::san
 A union of the supported SAN types.
 
uint32_t mbedtls_x509_crt_profile::allowed_mds
 MDs for signatures

 
uint32_t mbedtls_x509_crt_profile::allowed_pks
 PK algs for signatures

 
uint32_t mbedtls_x509_crt_profile::allowed_curves
 Elliptic curves for ECDSA

 
uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen
 Minimum size for RSA keys

 
mbedtls_x509_buf mbedtls_x509_csr::raw
 The raw CSR data (DER).
 
mbedtls_x509_buf mbedtls_x509_csr::cri
 The raw CertificateRequestInfo body (DER).
 
int mbedtls_x509_csr::version
 CSR version (1=v1).
 
mbedtls_x509_buf mbedtls_x509_csr::subject_raw
 The raw subject data (DER).
 
mbedtls_x509_name mbedtls_x509_csr::subject
 The parsed subject data (named information object).
 
mbedtls_pk_context mbedtls_x509_csr::pk
 Container for the public key context.
 
mbedtls_x509_buf mbedtls_x509_csr::sig_oid
 
mbedtls_x509_buf mbedtls_x509_crl_entry::raw
 Direct access to the whole entry inside the containing buffer.
 
mbedtls_x509_buf mbedtls_x509_crl_entry::serial
 The serial number of the revoked certificate.
 
mbedtls_x509_time mbedtls_x509_crl_entry::revocation_date
 The revocation date of this entry.
 
mbedtls_x509_buf mbedtls_x509_crl_entry::entry_ext
 Direct access to the list of CRL entry extensions (an ASN.1 constructed sequence).
 
struct mbedtls_x509_crl_entrymbedtls_x509_crl_entry::next
 Next element in the linked list of entries.
 
mbedtls_x509_buf mbedtls_x509_crl::raw
 The raw certificate data (DER).
 
mbedtls_x509_buf mbedtls_x509_crl::tbs
 The raw certificate body (DER).
 
int mbedtls_x509_crl::version
 CRL version (1=v1, 2=v2)
 
mbedtls_x509_buf mbedtls_x509_crl::sig_oid
 CRL signature type identifier.
 
mbedtls_x509_buf mbedtls_x509_crl::issuer_raw
 The raw issuer data (DER).
 
mbedtls_x509_name mbedtls_x509_crl::issuer
 The parsed issuer data (named information object).
 
mbedtls_x509_time mbedtls_x509_crl::this_update
 
mbedtls_x509_time mbedtls_x509_crl::next_update
 
mbedtls_x509_crl_entry mbedtls_x509_crl::entry
 The CRL entries containing the certificate revocation times for this CA.
 
mbedtls_x509_buf mbedtls_x509_crl::crl_ext
 
struct mbedtls_x509_crlmbedtls_x509_crl::next
 Next element in the linked list of CRL.
 
int mbedtls_x509_time::year
 
int mbedtls_x509_time::mon
 
int mbedtls_x509_time::day
 Date.
 
int mbedtls_x509_time::hour
 
int mbedtls_x509_time::min
 
int mbedtls_x509_time::sec
 Time.
 

Structures and functions for parsing and writing X.509 certificates

typedef void mbedtls_x509_crt_restart_ctx
 
#define MBEDTLS_X509_ID_FLAG(id)   ( 1 << ( (id) - 1 ) )
 Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.
 
#define MBEDTLS_X509_CRT_VERSION_1   0
 
#define MBEDTLS_X509_CRT_VERSION_2   1
 
#define MBEDTLS_X509_CRT_VERSION_3   2
 
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN   32
 
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
 
#define MBEDTLS_X509_MAX_FILE_PATH_LEN   512
 
#define MBEDTLS_X509_CRT_ERROR_INFO_LIST
 
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE   ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
 Max size of verification chain: end-entity + intermediates + trusted root.
 

Structures and functions for parsing CRLs

int mbedtls_x509_crl_parse_der (mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse a DER-encoded CRL and append it to the chained list.
 
int mbedtls_x509_crl_parse (mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse one or more CRLs and append them to the chained list.
 
int mbedtls_x509_crl_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl)
 Returns an informational string about the CRL.
 
void mbedtls_x509_crl_init (mbedtls_x509_crl *crl)
 Initialize a CRL (chain)
 
void mbedtls_x509_crl_free (mbedtls_x509_crl *crl)
 Unallocate all CRL data.
 

X509 Error codes

#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 Unavailable feature, e.g.
 
#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100
 Requested OID is unknown.
 
#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180
 The CRT/CRL/CSR format is invalid, e.g.
 
#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200
 The CRT/CRL/CSR version element is invalid.
 
#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280
 The serial tag or value is invalid.
 
#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300
 The algorithm tag or value is invalid.
 
#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380
 The name tag or value is invalid.
 
#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400
 The date tag or value is invalid.
 
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480
 The signature tag or value invalid.
 
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500
 The extension tag or value is invalid.
 
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580
 CRT/CRL/CSR has an unsupported version number.
 
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 Signature algorithm (oid) is unsupported.
 
#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680
 Signature algorithms do not match.
 
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 Certificate verification failed, e.g.
 
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 Format not recognized as DER or PEM.
 
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800
 Input invalid.
 
#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880
 Allocation of memory failed.
 
#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900
 Read/write of file failed.
 
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980
 Destination buffer is too small.
 
#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000
 A fatal error occurred, eg the chain is too long or the vrfy callback failed.
 

X509 Verify codes

#define MBEDTLS_X509_BADCERT_EXPIRED   0x01
 The certificate validity has expired.
 
#define MBEDTLS_X509_BADCERT_REVOKED   0x02
 The certificate has been revoked (is on a CRL).
 
#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04
 The certificate Common Name (CN) does not match with the expected CN.
 
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08
 The certificate is not correctly signed by the trusted CA.
 
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10
 The CRL is not correctly signed by the trusted CA.
 
#define MBEDTLS_X509_BADCRL_EXPIRED   0x20
 The CRL is expired.
 
#define MBEDTLS_X509_BADCERT_MISSING   0x40
 Certificate was missing.
 
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80
 Certificate verification was skipped.
 
#define MBEDTLS_X509_BADCERT_OTHER   0x0100
 Other reason (can be used by verify callback)
 
#define MBEDTLS_X509_BADCERT_FUTURE   0x0200
 The certificate validity starts in the future.
 
#define MBEDTLS_X509_BADCRL_FUTURE   0x0400
 The CRL is from the future.
 
#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800
 Usage does not match the keyUsage extension.
 
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000
 Usage does not match the extendedKeyUsage extension.
 
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000
 Usage does not match the nsCertType extension.
 
#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000
 The certificate is signed with an unacceptable hash.
 
#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000
 The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).
 
#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000
 The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
 
#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000
 The CRL is signed with an unacceptable hash.
 
#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000
 The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).
 
#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000
 The CRL is signed with an unacceptable key (eg bad curve, RSA too short).
 
#define MBEDTLS_X509_SAN_OTHER_NAME   0
 
#define MBEDTLS_X509_SAN_RFC822_NAME   1
 
#define MBEDTLS_X509_SAN_DNS_NAME   2
 
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME   3
 
#define MBEDTLS_X509_SAN_DIRECTORY_NAME   4
 
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME   5
 
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER   6
 
#define MBEDTLS_X509_SAN_IP_ADDRESS   7
 
#define MBEDTLS_X509_SAN_REGISTERED_ID   8
 
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
 
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
 
#define MBEDTLS_X509_EXT_KEY_USAGE   MBEDTLS_OID_X509_EXT_KEY_USAGE
 
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
 
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
 
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
 
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
 
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
 
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
 
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
 
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
 
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
 
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
 
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
 
#define MBEDTLS_X509_EXT_FRESHEST_CRL   MBEDTLS_OID_X509_EXT_FRESHEST_CRL
 
#define MBEDTLS_X509_EXT_NS_CERT_TYPE   MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
 
#define MBEDTLS_X509_FORMAT_DER   1
 
#define MBEDTLS_X509_FORMAT_PEM   2
 
#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256
 Maximum value size of a DN entry.
 

Structures for parsing X.509 certificates, CRLs and CSRs

typedef mbedtls_asn1_buf mbedtls_x509_buf
 Type-length-value structure that allows for ASN1 using DER.
 
typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring
 Container for ASN1 bit strings.
 
typedef mbedtls_asn1_named_data mbedtls_x509_name
 Container for ASN1 named information objects.
 
typedef mbedtls_asn1_sequence mbedtls_x509_sequence
 Container for a sequence of ASN.1 items.
 

Function Documentation

◆ MBEDTLS_PRIVATE() [1/16]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( own_buffer  )

Indicates if raw is owned by the structure or not.


◆ MBEDTLS_PRIVATE() [2/16]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( ext_types  )

Bit string containing detected and parsed extensions.

◆ MBEDTLS_PRIVATE() [3/16]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( ca_istrue  )

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

◆ MBEDTLS_PRIVATE() [4/16]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( max_pathlen  )

Optional Basic Constraint extension value: The maximum path length to the root certificate.

Path length is 1 higher than RFC 5280 'meaning', so 1+

◆ MBEDTLS_PRIVATE() [5/16]

unsigned int mbedtls_x509_crt::MBEDTLS_PRIVATE ( key_usage  )

Optional key usage extension value: See the values in x509.h.

◆ MBEDTLS_PRIVATE() [6/16]

unsigned char mbedtls_x509_crt::MBEDTLS_PRIVATE ( ns_cert_type  )

Optional Netscape certificate type extension value: See the values in x509.h.

◆ MBEDTLS_PRIVATE() [7/16]

mbedtls_x509_buf mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig  )

Signature: hash of the tbs part signed with the private key.

◆ MBEDTLS_PRIVATE() [8/16]

mbedtls_md_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig_md  )

Internal representation of the MD algorithm of the signature algorithm, e.g.

MBEDTLS_MD_SHA256

◆ MBEDTLS_PRIVATE() [9/16]

mbedtls_pk_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig_pk  )

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

MBEDTLS_PK_RSA

◆ MBEDTLS_PRIVATE() [10/16]

void* mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig_opts  )

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

for RSASSA-PSS

◆ MBEDTLS_PRIVATE() [11/16]

mbedtls_md_type_t mbedtls_x509_csr::MBEDTLS_PRIVATE ( sig_md  )

Internal representation of the MD algorithm of the signature algorithm, e.g.

MBEDTLS_MD_SHA256

◆ MBEDTLS_PRIVATE() [12/16]

mbedtls_pk_type_t mbedtls_x509_csr::MBEDTLS_PRIVATE ( sig_pk  )

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

MBEDTLS_PK_RSA

◆ MBEDTLS_PRIVATE() [13/16]

void* mbedtls_x509_csr::MBEDTLS_PRIVATE ( sig_opts  )

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

for RSASSA-PSS

◆ MBEDTLS_PRIVATE() [14/16]

mbedtls_md_type_t mbedtls_x509_crl::MBEDTLS_PRIVATE ( sig_md  )

Internal representation of the MD algorithm of the signature algorithm, e.g.

MBEDTLS_MD_SHA256

◆ MBEDTLS_PRIVATE() [15/16]

mbedtls_pk_type_t mbedtls_x509_crl::MBEDTLS_PRIVATE ( sig_pk  )

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

MBEDTLS_PK_RSA

◆ MBEDTLS_PRIVATE() [16/16]

void* mbedtls_x509_crl::MBEDTLS_PRIVATE ( sig_opts  )

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

for RSASSA-PSS

◆ mbedtls_x509_crl_parse_der()

int mbedtls_x509_crl_parse_der ( mbedtls_x509_crl chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse a DER-encoded CRL and append it to the chained list.

Parameters
chainpoints to the start of the chain
bufbuffer holding the CRL data in DER format
buflensize of the buffer (including the terminating null byte for PEM data)
Returns
0 if successful, or a specific X509 or PEM error code

◆ mbedtls_x509_crl_parse()

int mbedtls_x509_crl_parse ( mbedtls_x509_crl chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse one or more CRLs and append them to the chained list.

Note
Multiple CRLs are accepted only if using PEM format
Parameters
chainpoints to the start of the chain
bufbuffer holding the CRL data in PEM or DER format
buflensize of the buffer (including the terminating null byte for PEM data)
Returns
0 if successful, or a specific X509 or PEM error code

◆ mbedtls_x509_crl_info()

int mbedtls_x509_crl_info ( char *  buf,
size_t  size,
const char *  prefix,
const mbedtls_x509_crl crl 
)

Returns an informational string about the CRL.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crlThe X509 CRL to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_crl_init()

void mbedtls_x509_crl_init ( mbedtls_x509_crl crl)

Initialize a CRL (chain)

Parameters
crlCRL chain to initialize

◆ mbedtls_x509_crl_free()

void mbedtls_x509_crl_free ( mbedtls_x509_crl crl)

Unallocate all CRL data.

Parameters
crlCRL chain to free

◆ mbedtls_x509_dn_gets()

int mbedtls_x509_dn_gets ( char *  buf,
size_t  size,
const mbedtls_x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_serial_gets()

int mbedtls_x509_serial_gets ( char *  buf,
size_t  size,
const mbedtls_x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_time_is_past()

int mbedtls_x509_time_is_past ( const mbedtls_x509_time to)

Check a given mbedtls_x509_time against the system time and tell if it's in the past.

Note
Intended usage is "if( is_past( valid_to ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
tombedtls_x509_time to check
Returns
1 if the given time is in the past or an error occurred, 0 otherwise.

◆ mbedtls_x509_time_is_future()

int mbedtls_x509_time_is_future ( const mbedtls_x509_time from)

Check a given mbedtls_x509_time against the system time and tell if it's in the future.

Note
Intended usage is "if( is_future( valid_from ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
frommbedtls_x509_time to check
Returns
1 if the given time is in the future or an error occurred, 0 otherwise.

Macro Definition Documentation

◆ MBEDTLS_X509_ID_FLAG

#define MBEDTLS_X509_ID_FLAG (   id)    ( 1 << ( (id) - 1 ) )

Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.

◆ MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE

#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE   ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )

Max size of verification chain: end-entity + intermediates + trusted root.

◆ MBEDTLS_X509_MAX_INTERMEDIATE_CA

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8

Maximum number of intermediate CAs in a verification chain.

That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate.

Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.

◆ MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080

Unavailable feature, e.g.

RSA hashing/encryption combination.

◆ MBEDTLS_ERR_X509_UNKNOWN_OID

#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100

Requested OID is unknown.

◆ MBEDTLS_ERR_X509_INVALID_FORMAT

#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180

The CRT/CRL/CSR format is invalid, e.g.

different type expected.

◆ MBEDTLS_ERR_X509_INVALID_VERSION

#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200

The CRT/CRL/CSR version element is invalid.

◆ MBEDTLS_ERR_X509_INVALID_SERIAL

#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280

The serial tag or value is invalid.

◆ MBEDTLS_ERR_X509_INVALID_ALG

#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300

The algorithm tag or value is invalid.

◆ MBEDTLS_ERR_X509_INVALID_NAME

#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380

The name tag or value is invalid.

◆ MBEDTLS_ERR_X509_INVALID_DATE

#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400

The date tag or value is invalid.

◆ MBEDTLS_ERR_X509_INVALID_SIGNATURE

#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480

The signature tag or value invalid.

◆ MBEDTLS_ERR_X509_INVALID_EXTENSIONS

#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500

The extension tag or value is invalid.

◆ MBEDTLS_ERR_X509_UNKNOWN_VERSION

#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580

CRT/CRL/CSR has an unsupported version number.

◆ MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG

#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600

Signature algorithm (oid) is unsupported.

◆ MBEDTLS_ERR_X509_SIG_MISMATCH

#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680

Signature algorithms do not match.

(see mbedtls_x509_crt sig_oid)

◆ MBEDTLS_ERR_X509_CERT_VERIFY_FAILED

#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700

Certificate verification failed, e.g.

CRL, CA or signature check failed.

◆ MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT

#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780

Format not recognized as DER or PEM.

◆ MBEDTLS_ERR_X509_BAD_INPUT_DATA

#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800

Input invalid.

◆ MBEDTLS_ERR_X509_ALLOC_FAILED

#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880

Allocation of memory failed.

◆ MBEDTLS_ERR_X509_FILE_IO_ERROR

#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900

Read/write of file failed.

◆ MBEDTLS_ERR_X509_BUFFER_TOO_SMALL

#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980

Destination buffer is too small.

◆ MBEDTLS_ERR_X509_FATAL_ERROR

#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000

A fatal error occurred, eg the chain is too long or the vrfy callback failed.

◆ MBEDTLS_X509_BADCERT_EXPIRED

#define MBEDTLS_X509_BADCERT_EXPIRED   0x01

The certificate validity has expired.

◆ MBEDTLS_X509_BADCERT_REVOKED

#define MBEDTLS_X509_BADCERT_REVOKED   0x02

The certificate has been revoked (is on a CRL).

◆ MBEDTLS_X509_BADCERT_CN_MISMATCH

#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04

The certificate Common Name (CN) does not match with the expected CN.

◆ MBEDTLS_X509_BADCERT_NOT_TRUSTED

#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08

The certificate is not correctly signed by the trusted CA.

◆ MBEDTLS_X509_BADCRL_NOT_TRUSTED

#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10

The CRL is not correctly signed by the trusted CA.

◆ MBEDTLS_X509_BADCRL_EXPIRED

#define MBEDTLS_X509_BADCRL_EXPIRED   0x20

The CRL is expired.

◆ MBEDTLS_X509_BADCERT_MISSING

#define MBEDTLS_X509_BADCERT_MISSING   0x40

Certificate was missing.

◆ MBEDTLS_X509_BADCERT_SKIP_VERIFY

#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80

Certificate verification was skipped.

◆ MBEDTLS_X509_BADCERT_OTHER

#define MBEDTLS_X509_BADCERT_OTHER   0x0100

Other reason (can be used by verify callback)

◆ MBEDTLS_X509_BADCERT_FUTURE

#define MBEDTLS_X509_BADCERT_FUTURE   0x0200

The certificate validity starts in the future.

◆ MBEDTLS_X509_BADCRL_FUTURE

#define MBEDTLS_X509_BADCRL_FUTURE   0x0400

The CRL is from the future.

◆ MBEDTLS_X509_BADCERT_KEY_USAGE

#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800

Usage does not match the keyUsage extension.

◆ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE

#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000

Usage does not match the extendedKeyUsage extension.

◆ MBEDTLS_X509_BADCERT_NS_CERT_TYPE

#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000

Usage does not match the nsCertType extension.

◆ MBEDTLS_X509_BADCERT_BAD_MD

#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000

The certificate is signed with an unacceptable hash.

◆ MBEDTLS_X509_BADCERT_BAD_PK

#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000

The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).

◆ MBEDTLS_X509_BADCERT_BAD_KEY

#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000

The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

◆ MBEDTLS_X509_BADCRL_BAD_MD

#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000

The CRL is signed with an unacceptable hash.

◆ MBEDTLS_X509_BADCRL_BAD_PK

#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000

The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).

◆ MBEDTLS_X509_BADCRL_BAD_KEY

#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000

The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

◆ MBEDTLS_X509_MAX_DN_NAME_SIZE

#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256

Maximum value size of a DN entry.

◆ MBEDTLS_X509_SAFE_SNPRINTF

#define MBEDTLS_X509_SAFE_SNPRINTF
Value:
do { \
if( ret < 0 || (size_t) ret >= n ) \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while( 0 )

Typedef Documentation

◆ mbedtls_x509_buf

Type-length-value structure that allows for ASN1 using DER.

◆ mbedtls_x509_bitstring

Container for ASN1 bit strings.

◆ mbedtls_x509_name

Container for ASN1 named information objects.

It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).

◆ mbedtls_x509_sequence

Container for a sequence of ASN.1 items.

Variable Documentation

◆ raw [1/4]

mbedtls_x509_buf mbedtls_x509_crt::raw

The raw certificate data (DER).

◆ tbs [1/2]

mbedtls_x509_buf mbedtls_x509_crt::tbs

The raw certificate body (DER).

The part that is To Be Signed.

◆ version [1/3]

int mbedtls_x509_crt::version

The X.509 version.

(1=v1, 2=v2, 3=v3)

◆ serial [1/2]

mbedtls_x509_buf mbedtls_x509_crt::serial

Unique id for certificate issued by a specific CA.

◆ sig_oid [1/2]

mbedtls_x509_buf mbedtls_x509_crt::sig_oid

Signature algorithm, e.g.

sha1RSA

◆ issuer_raw [1/2]

mbedtls_x509_buf mbedtls_x509_crt::issuer_raw

The raw issuer data (DER).

Used for quick comparison.

◆ subject_raw [1/2]

mbedtls_x509_buf mbedtls_x509_crt::subject_raw

The raw subject data (DER).

Used for quick comparison.

◆ issuer [1/2]

mbedtls_x509_name mbedtls_x509_crt::issuer

The parsed issuer data (named information object).

◆ subject [1/2]

mbedtls_x509_name mbedtls_x509_crt::subject

The parsed subject data (named information object).

◆ valid_from

mbedtls_x509_time mbedtls_x509_crt::valid_from

Start time of certificate validity.

◆ valid_to

mbedtls_x509_time mbedtls_x509_crt::valid_to

End time of certificate validity.

◆ pk [1/2]

mbedtls_pk_context mbedtls_x509_crt::pk

Container for the public key context.

◆ issuer_id

mbedtls_x509_buf mbedtls_x509_crt::issuer_id

Optional X.509 v2/v3 issuer unique identifier.

◆ subject_id

mbedtls_x509_buf mbedtls_x509_crt::subject_id

Optional X.509 v2/v3 subject unique identifier.

◆ v3_ext

mbedtls_x509_buf mbedtls_x509_crt::v3_ext

Optional X.509 v3 extensions.


◆ subject_alt_names

mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names

Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).

◆ certificate_policies

mbedtls_x509_sequence mbedtls_x509_crt::certificate_policies

Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).

◆ ext_key_usage

mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage

Optional list of extended key usage OIDs.

◆ next [1/3]

struct mbedtls_x509_crt* mbedtls_x509_crt::next

Next certificate in the linked list that constitutes the CA chain.

NULL indicates the end of the list. Do not modify this field directly.

◆ type_id

mbedtls_x509_buf mbedtls_x509_san_other_name::type_id

The type_id is an OID as deifned in RFC 5280.

To check the value of the type id, you should use MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. The type id.

◆ oid [1/2]

mbedtls_x509_buf mbedtls_x509_san_other_name::oid

The object identifier.

◆ oid [2/2]

mbedtls_x509_buf { ... } ::oid

The object identifier.

◆ val [1/2]

mbedtls_x509_buf mbedtls_x509_san_other_name::val

The named value.

◆ val [2/2]

mbedtls_x509_buf { ... } ::val

The named value.

◆ hardware_module_name [1/2]

struct { ... } mbedtls_x509_san_other_name::hardware_module_name

From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.

◆ hardware_module_name [2/2]

struct { ... } ::hardware_module_name

From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING }.

◆ type

int mbedtls_x509_subject_alternative_name::type

The SAN type, value of MBEDTLS_X509_SAN_XXX.

◆ other_name [1/2]

mbedtls_x509_san_other_name mbedtls_x509_subject_alternative_name::other_name

The otherName supported type.

◆ other_name [2/2]

mbedtls_x509_san_other_name { ... } ::other_name

The otherName supported type.

◆ unstructured_name [1/2]

mbedtls_x509_buf mbedtls_x509_subject_alternative_name::unstructured_name

The buffer for the un constructed types.

Only dnsName currently supported

◆ unstructured_name [2/2]

mbedtls_x509_buf { ... } ::unstructured_name

The buffer for the un constructed types.

Only dnsName currently supported

◆ san

union { ... } mbedtls_x509_subject_alternative_name::san

A union of the supported SAN types.

◆ allowed_mds

uint32_t mbedtls_x509_crt_profile::allowed_mds

MDs for signatures

◆ allowed_pks

uint32_t mbedtls_x509_crt_profile::allowed_pks

PK algs for signatures

◆ allowed_curves

uint32_t mbedtls_x509_crt_profile::allowed_curves

Elliptic curves for ECDSA

◆ rsa_min_bitlen

uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen

Minimum size for RSA keys

◆ raw [2/4]

mbedtls_x509_buf mbedtls_x509_csr::raw

The raw CSR data (DER).

◆ cri

mbedtls_x509_buf mbedtls_x509_csr::cri

The raw CertificateRequestInfo body (DER).

◆ version [2/3]

int mbedtls_x509_csr::version

CSR version (1=v1).

◆ subject_raw [2/2]

mbedtls_x509_buf mbedtls_x509_csr::subject_raw

The raw subject data (DER).

◆ subject [2/2]

mbedtls_x509_name mbedtls_x509_csr::subject

The parsed subject data (named information object).

◆ pk [2/2]

mbedtls_pk_context mbedtls_x509_csr::pk

Container for the public key context.

◆ raw [3/4]

mbedtls_x509_buf mbedtls_x509_crl_entry::raw

Direct access to the whole entry inside the containing buffer.

◆ serial [2/2]

mbedtls_x509_buf mbedtls_x509_crl_entry::serial

The serial number of the revoked certificate.

◆ revocation_date

mbedtls_x509_time mbedtls_x509_crl_entry::revocation_date

The revocation date of this entry.

◆ entry_ext

mbedtls_x509_buf mbedtls_x509_crl_entry::entry_ext

Direct access to the list of CRL entry extensions (an ASN.1 constructed sequence).

If there are no extensions, entry_ext.len == 0 and entry_ext.p == NULL.

◆ next [2/3]

struct mbedtls_x509_crl_entry* mbedtls_x509_crl_entry::next

Next element in the linked list of entries.

NULL indicates the end of the list. Do not modify this field directly.

◆ raw [4/4]

mbedtls_x509_buf mbedtls_x509_crl::raw

The raw certificate data (DER).

◆ tbs [2/2]

mbedtls_x509_buf mbedtls_x509_crl::tbs

The raw certificate body (DER).

The part that is To Be Signed.

◆ version [3/3]

int mbedtls_x509_crl::version

CRL version (1=v1, 2=v2)

◆ sig_oid [2/2]

mbedtls_x509_buf mbedtls_x509_crl::sig_oid

CRL signature type identifier.

◆ issuer_raw [2/2]

mbedtls_x509_buf mbedtls_x509_crl::issuer_raw

The raw issuer data (DER).

◆ issuer [2/2]

mbedtls_x509_name mbedtls_x509_crl::issuer

The parsed issuer data (named information object).

◆ entry

mbedtls_x509_crl_entry mbedtls_x509_crl::entry

The CRL entries containing the certificate revocation times for this CA.

◆ next [3/3]

struct mbedtls_x509_crl* mbedtls_x509_crl::next

Next element in the linked list of CRL.

NULL indicates the end of the list. Do not modify this field directly.

◆ day

int mbedtls_x509_time::day

Date.

◆ sec

int mbedtls_x509_time::sec

Time.