Container for an X.509 certificate.

The certificate may be chained.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

Public Attributes#

mbedtls_x509_buf
raw

The raw certificate data (DER).

mbedtls_x509_buf
tbs

The raw certificate body (DER).

int
version

The X.509 version.

mbedtls_x509_buf
serial

Unique id for certificate issued by a specific CA.

mbedtls_x509_buf
sig_oid

Signature algorithm, e.g.

mbedtls_x509_buf
issuer_raw

The raw issuer data (DER).

mbedtls_x509_buf
subject_raw

The raw subject data (DER).

mbedtls_x509_name
issuer

The parsed issuer data (named information object).

mbedtls_x509_name
subject

The parsed subject data (named information object).

mbedtls_x509_time
valid_from

Start time of certificate validity.

mbedtls_x509_time
valid_to

End time of certificate validity.

mbedtls_pk_context
pk

Container for the public key context.

mbedtls_x509_buf
issuer_id

Optional X.509 v2/v3 issuer unique identifier.

mbedtls_x509_buf
subject_id

Optional X.509 v2/v3 subject unique identifier.

mbedtls_x509_buf
v3_ext

Optional X.509 v3 extensions.

mbedtls_x509_sequence
subject_alt_names

Optional list of raw entries of Subject Alternative Names extension.

mbedtls_x509_buf
subject_key_id

Optional X.509 v3 extension subject key identifier.

mbedtls_x509_authority
authority_key_id

Optional X.509 v3 extension authority key identifier.

mbedtls_x509_sequence
certificate_policies

Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).

mbedtls_x509_sequence
ext_key_usage

Optional list of extended key usage OIDs.

struct mbedtls_x509_crt *
next

Next certificate in the linked list that constitutes the CA chain.

Public Functions#

int
MBEDTLS_PRIVATE(own_buffer)

Indicates if raw is owned by the structure or not.

int
MBEDTLS_PRIVATE(ext_types)

Bit string containing detected and parsed extensions.

int
MBEDTLS_PRIVATE(ca_istrue)

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

int
MBEDTLS_PRIVATE(max_pathlen)

Optional Basic Constraint extension value: The maximum path length to the root certificate.

unsigned int
MBEDTLS_PRIVATE(key_usage)

Optional key usage extension value: See the values in x509.h.

unsigned char
MBEDTLS_PRIVATE(ns_cert_type)

Optional Netscape certificate type extension value: See the values in x509.h.

mbedtls_x509_buf
MBEDTLS_PRIVATE(sig)

Signature: hash of the tbs part signed with the private key.

mbedtls_md_type_t
MBEDTLS_PRIVATE(sig_md)

Internal representation of the MD algorithm of the signature algorithm, e.g.

mbedtls_pk_type_t
MBEDTLS_PRIVATE(sig_pk)

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

void *
MBEDTLS_PRIVATE(sig_opts)

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

Public Attribute Documentation#

raw#

mbedtls_x509_buf mbedtls_x509_crt::raw

The raw certificate data (DER).


tbs#

mbedtls_x509_buf mbedtls_x509_crt::tbs

The raw certificate body (DER).

The part that is To Be Signed.


version#

int mbedtls_x509_crt::version

The X.509 version.

(1=v1, 2=v2, 3=v3)


serial#

mbedtls_x509_buf mbedtls_x509_crt::serial

Unique id for certificate issued by a specific CA.


sig_oid#

mbedtls_x509_buf mbedtls_x509_crt::sig_oid

Signature algorithm, e.g.

sha1RSA


issuer_raw#

mbedtls_x509_buf mbedtls_x509_crt::issuer_raw

The raw issuer data (DER).

Used for quick comparison.


subject_raw#

mbedtls_x509_buf mbedtls_x509_crt::subject_raw

The raw subject data (DER).

Used for quick comparison.


issuer#

mbedtls_x509_name mbedtls_x509_crt::issuer

The parsed issuer data (named information object).


subject#

mbedtls_x509_name mbedtls_x509_crt::subject

The parsed subject data (named information object).


valid_from#

mbedtls_x509_time mbedtls_x509_crt::valid_from

Start time of certificate validity.


valid_to#

mbedtls_x509_time mbedtls_x509_crt::valid_to

End time of certificate validity.


pk_raw#

mbedtls_x509_buf mbedtls_x509_crt::pk_raw

pk#

mbedtls_pk_context mbedtls_x509_crt::pk

Container for the public key context.


issuer_id#

mbedtls_x509_buf mbedtls_x509_crt::issuer_id

Optional X.509 v2/v3 issuer unique identifier.


subject_id#

mbedtls_x509_buf mbedtls_x509_crt::subject_id

Optional X.509 v2/v3 subject unique identifier.


v3_ext#

mbedtls_x509_buf mbedtls_x509_crt::v3_ext

Optional X.509 v3 extensions.


subject_alt_names#

mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names

Optional list of raw entries of Subject Alternative Names extension.

These can be later parsed by mbedtls_x509_parse_subject_alt_name.


subject_key_id#

mbedtls_x509_buf mbedtls_x509_crt::subject_key_id

Optional X.509 v3 extension subject key identifier.


authority_key_id#

mbedtls_x509_authority mbedtls_x509_crt::authority_key_id

Optional X.509 v3 extension authority key identifier.


certificate_policies#

mbedtls_x509_sequence mbedtls_x509_crt::certificate_policies

Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).


ext_key_usage#

mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage

Optional list of extended key usage OIDs.


next#

struct mbedtls_x509_crt* mbedtls_x509_crt::next

Next certificate in the linked list that constitutes the CA chain.

NULL indicates the end of the list. Do not modify this field directly.


Public Function Documentation#

MBEDTLS_PRIVATE#

int mbedtls_x509_crt::MBEDTLS_PRIVATE (own_buffer )

Indicates if raw is owned by the structure or not.

Parameters
TypeDirectionArgument NameDescription
own_bufferN/A

MBEDTLS_PRIVATE#

int mbedtls_x509_crt::MBEDTLS_PRIVATE (ext_types )

Bit string containing detected and parsed extensions.

Parameters
TypeDirectionArgument NameDescription
ext_typesN/A

MBEDTLS_PRIVATE#

int mbedtls_x509_crt::MBEDTLS_PRIVATE (ca_istrue )

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

Parameters
TypeDirectionArgument NameDescription
ca_istrueN/A

MBEDTLS_PRIVATE#

int mbedtls_x509_crt::MBEDTLS_PRIVATE (max_pathlen )

Optional Basic Constraint extension value: The maximum path length to the root certificate.

Parameters
TypeDirectionArgument NameDescription
max_pathlenN/A

Path length is 1 higher than RFC 5280 'meaning', so 1+


MBEDTLS_PRIVATE#

unsigned int mbedtls_x509_crt::MBEDTLS_PRIVATE (key_usage )

Optional key usage extension value: See the values in x509.h.

Parameters
TypeDirectionArgument NameDescription
key_usageN/A

MBEDTLS_PRIVATE#

unsigned char mbedtls_x509_crt::MBEDTLS_PRIVATE (ns_cert_type )

Optional Netscape certificate type extension value: See the values in x509.h.

Parameters
TypeDirectionArgument NameDescription
ns_cert_typeN/A

MBEDTLS_PRIVATE#

mbedtls_x509_buf mbedtls_x509_crt::MBEDTLS_PRIVATE (sig )

Signature: hash of the tbs part signed with the private key.

Parameters
TypeDirectionArgument NameDescription
sigN/A

MBEDTLS_PRIVATE#

mbedtls_md_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_md )

Internal representation of the MD algorithm of the signature algorithm, e.g.

Parameters
TypeDirectionArgument NameDescription
sig_mdN/A

MBEDTLS_MD_SHA256


MBEDTLS_PRIVATE#

mbedtls_pk_type_t mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_pk )

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

Parameters
TypeDirectionArgument NameDescription
sig_pkN/A

MBEDTLS_PK_RSA


MBEDTLS_PRIVATE#

void * mbedtls_x509_crt::MBEDTLS_PRIVATE (sig_opts )

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

Parameters
TypeDirectionArgument NameDescription
sig_optsN/A

for RSASSA-PSS