mbedtls_x509_crt Struct Reference

Container for an X.509 certificate.

#include <x509_crt.h>

Public Member Functions

int MBEDTLS_PRIVATE (own_buffer)
Indicates if raw is owned by the structure or not.
int MBEDTLS_PRIVATE (ext_types)
Bit string containing detected and parsed extensions.
int MBEDTLS_PRIVATE (ca_istrue)
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
int MBEDTLS_PRIVATE (max_pathlen)
Optional Basic Constraint extension value: The maximum path length to the root certificate.
unsigned int MBEDTLS_PRIVATE (key_usage)
Optional key usage extension value: See the values in x509.h.
unsigned char MBEDTLS_PRIVATE (ns_cert_type)
Optional Netscape certificate type extension value: See the values in x509.h.
mbedtls_x509_buf MBEDTLS_PRIVATE (sig)
Signature: hash of the tbs part signed with the private key.
mbedtls_md_type_t MBEDTLS_PRIVATE (sig_md)
Internal representation of the MD algorithm of the signature algorithm, e.g.
mbedtls_pk_type_t MBEDTLS_PRIVATE (sig_pk)
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
void * MBEDTLS_PRIVATE (sig_opts)
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

Data Fields

mbedtls_x509_buf raw
The raw certificate data (DER).
mbedtls_x509_buf tbs
The raw certificate body (DER).
int version
The X.509 version.
mbedtls_x509_buf serial
Unique id for certificate issued by a specific CA.
mbedtls_x509_buf sig_oid
Signature algorithm, e.g.
mbedtls_x509_buf issuer_raw
The raw issuer data (DER).
mbedtls_x509_buf subject_raw
The raw subject data (DER).
mbedtls_x509_name issuer
The parsed issuer data (named information object).
mbedtls_x509_name subject
The parsed subject data (named information object).
mbedtls_x509_time valid_from
Start time of certificate validity.
mbedtls_x509_time valid_to
End time of certificate validity.
mbedtls_x509_buf pk_raw
mbedtls_pk_context pk
Container for the public key context.
mbedtls_x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
mbedtls_x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
mbedtls_x509_buf v3_ext
Optional X.509 v3 extensions.
mbedtls_x509_sequence subject_alt_names
Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).
mbedtls_x509_sequence certificate_policies
Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
mbedtls_x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
struct mbedtls_x509_crt * next
Next certificate in the linked list that constitutes the CA chain.

Container for an X.509 certificate.

The certificate may be chained.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

Member Function Documentation

MBEDTLS_PRIVATE() [1/10]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( own_buffer )

Indicates if raw is owned by the structure or not.


MBEDTLS_PRIVATE() [2/10]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( ext_types )

Bit string containing detected and parsed extensions.

MBEDTLS_PRIVATE() [3/10]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( ca_istrue )

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

MBEDTLS_PRIVATE() [4/10]

int mbedtls_x509_crt::MBEDTLS_PRIVATE ( max_pathlen )

Optional Basic Constraint extension value: The maximum path length to the root certificate.

Path length is 1 higher than RFC 5280 'meaning', so 1+

MBEDTLS_PRIVATE() [5/10]

unsigned int mbedtls_x509_crt::MBEDTLS_PRIVATE ( key_usage )

Optional key usage extension value: See the values in x509.h.

MBEDTLS_PRIVATE() [6/10]

unsigned char mbedtls_x509_crt::MBEDTLS_PRIVATE ( ns_cert_type )

Optional Netscape certificate type extension value: See the values in x509.h.

MBEDTLS_PRIVATE() [7/10]

mbedtls_x509_buf mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig )

Signature: hash of the tbs part signed with the private key.

MBEDTLS_PRIVATE() [8/10]

mbedtls_md_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig_md )

Internal representation of the MD algorithm of the signature algorithm, e.g.

MBEDTLS_MD_SHA256

MBEDTLS_PRIVATE() [9/10]

mbedtls_pk_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig_pk )

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

MBEDTLS_PK_RSA

MBEDTLS_PRIVATE() [10/10]

void* mbedtls_x509_crt::MBEDTLS_PRIVATE ( sig_opts )

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

for RSASSA-PSS

Field Documentation

raw

mbedtls_x509_buf mbedtls_x509_crt::raw

The raw certificate data (DER).

tbs

mbedtls_x509_buf mbedtls_x509_crt::tbs

The raw certificate body (DER).

The part that is To Be Signed.

version

int mbedtls_x509_crt::version

The X.509 version.

(1=v1, 2=v2, 3=v3)

serial

mbedtls_x509_buf mbedtls_x509_crt::serial

Unique id for certificate issued by a specific CA.

sig_oid

mbedtls_x509_buf mbedtls_x509_crt::sig_oid

Signature algorithm, e.g.

sha1RSA

issuer_raw

mbedtls_x509_buf mbedtls_x509_crt::issuer_raw

The raw issuer data (DER).

Used for quick comparison.

subject_raw

mbedtls_x509_buf mbedtls_x509_crt::subject_raw

The raw subject data (DER).

Used for quick comparison.

issuer

mbedtls_x509_name mbedtls_x509_crt::issuer

The parsed issuer data (named information object).

subject

mbedtls_x509_name mbedtls_x509_crt::subject

The parsed subject data (named information object).

valid_from

mbedtls_x509_time mbedtls_x509_crt::valid_from

Start time of certificate validity.

valid_to

mbedtls_x509_time mbedtls_x509_crt::valid_to

End time of certificate validity.

pk

mbedtls_pk_context mbedtls_x509_crt::pk

Container for the public key context.

issuer_id

mbedtls_x509_buf mbedtls_x509_crt::issuer_id

Optional X.509 v2/v3 issuer unique identifier.

subject_id

mbedtls_x509_buf mbedtls_x509_crt::subject_id

Optional X.509 v2/v3 subject unique identifier.

v3_ext

mbedtls_x509_buf mbedtls_x509_crt::v3_ext

Optional X.509 v3 extensions.


subject_alt_names

mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names

Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).

certificate_policies

mbedtls_x509_sequence mbedtls_x509_crt::certificate_policies

Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).

ext_key_usage

mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage

Optional list of extended key usage OIDs.

next

struct mbedtls_x509_crt * mbedtls_x509_crt::next

Next certificate in the linked list that constitutes the CA chain.

NULL indicates the end of the list. Do not modify this field directly.