mbed TLS v2.23.0
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_X509_CRT_H
25 #define MBEDTLS_X509_CRT_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "mbedtls/config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
32 
33 #include "mbedtls/x509.h"
34 #include "mbedtls/x509_crl.h"
35 #include "mbedtls/bignum.h"
36 
42 #ifdef __cplusplus
43 extern "C" {
44 #endif
45 
54 typedef struct mbedtls_x509_crt
55 {
56  int own_buffer;
61  int version;
84  int ext_types;
85  int ca_istrue;
88  unsigned int key_usage;
92  unsigned char ns_cert_type;
97  void *sig_opts;
100 }
102 
110 {
117  union
118  {
125  struct
126  {
129  }
131  }
133 }
135 
140 {
141  int type;
142  union {
145  }
146  san;
147 }
149 
154 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
155 
162 {
163  uint32_t allowed_mds;
164  uint32_t allowed_pks;
165  uint32_t allowed_curves;
166  uint32_t rsa_min_bitlen;
167 }
169 
170 #define MBEDTLS_X509_CRT_VERSION_1 0
171 #define MBEDTLS_X509_CRT_VERSION_2 1
172 #define MBEDTLS_X509_CRT_VERSION_3 2
173 
174 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
175 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
176 
177 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
178 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
179 #endif
180 
185 {
186  int version;
196 }
198 
202 typedef struct {
204  uint32_t flags;
206 
210 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
211 
215 typedef struct
216 {
218  unsigned len;
219 
220 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
221  /* This stores the list of potential trusted signers obtained from
222  * the CA callback used for the CRT verification, if configured.
223  * We must track it somewhere because the callback passes its
224  * ownership to the caller. */
225  mbedtls_x509_crt *trust_ca_cb_result;
226 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
228 
229 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
230 
234 typedef struct
235 {
236  /* for check_signature() */
238 
239  /* for find_parent_in() */
240  mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
241  mbedtls_x509_crt *fallback_parent;
242  int fallback_signature_is_good;
243 
244  /* for find_parent() */
245  int parent_is_trusted; /* -1 if find_parent is not in progress */
246 
247  /* for verify_chain() */
248  enum {
249  x509_crt_rs_none,
250  x509_crt_rs_find_parent,
251  } in_progress; /* none if no operation is in progress */
252  int self_cnt;
254 
256 
257 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
258 
259 /* Now we can declare functions that take a pointer to that */
261 
262 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
263 
264 #if defined(MBEDTLS_X509_CRT_PARSE_C)
265 
270 
276 
281 
303  const unsigned char *buf,
304  size_t buflen );
305 
336 typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
337  mbedtls_x509_crt const *crt,
338  mbedtls_x509_buf const *oid,
339  int critical,
340  const unsigned char *p,
341  const unsigned char *end );
342 
384  const unsigned char *buf,
385  size_t buflen,
386  int make_copy,
388  void *p_ctx );
389 
418  const unsigned char *buf,
419  size_t buflen );
420 
451 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
452 
453 #if defined(MBEDTLS_FS_IO)
454 
467 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
468 
482 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
483 
484 #endif /* MBEDTLS_FS_IO */
485 
526 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
527  const mbedtls_x509_crt *crt );
528 
541 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
542  uint32_t flags );
543 
608  mbedtls_x509_crt *trust_ca,
609  mbedtls_x509_crl *ca_crl,
610  const char *cn, uint32_t *flags,
611  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
612  void *p_vrfy );
613 
649  mbedtls_x509_crt *trust_ca,
650  mbedtls_x509_crl *ca_crl,
651  const mbedtls_x509_crt_profile *profile,
652  const char *cn, uint32_t *flags,
653  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
654  void *p_vrfy );
655 
683  mbedtls_x509_crt *trust_ca,
684  mbedtls_x509_crl *ca_crl,
685  const mbedtls_x509_crt_profile *profile,
686  const char *cn, uint32_t *flags,
687  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
688  void *p_vrfy,
690 
721 typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
722  mbedtls_x509_crt const *child,
723  mbedtls_x509_crt **candidate_cas );
724 
725 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
726 
748 int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
749  mbedtls_x509_crt_ca_cb_t f_ca_cb,
750  void *p_ca_cb,
751  const mbedtls_x509_crt_profile *profile,
752  const char *cn, uint32_t *flags,
753  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
754  void *p_vrfy );
755 
756 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
757 
758 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
759 
781  unsigned int usage );
782 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
783 
784 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
785 
799  const char *usage_oid,
800  size_t usage_len );
801 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
802 
803 #if defined(MBEDTLS_X509_CRL_PARSE_C)
804 
814 #endif /* MBEDTLS_X509_CRL_PARSE_C */
815 
822 
829 
830 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
831 
834 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
835 
839 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
840 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
841 #endif /* MBEDTLS_X509_CRT_PARSE_C */
842 
843 /* \} name */
844 /* \} addtogroup x509_module */
845 
846 #if defined(MBEDTLS_X509_CRT_WRITE_C)
847 
853 
863 
873 
889  const char *not_after );
890 
904  const char *issuer_name );
905 
919  const char *subject_name );
920 
928 
936 
945 
960  const char *oid, size_t oid_len,
961  int critical,
962  const unsigned char *val, size_t val_len );
963 
976  int is_ca, int max_pathlen );
977 
978 #if defined(MBEDTLS_SHA1_C)
979 
989 
1000 #endif /* MBEDTLS_SHA1_C */
1001 
1012  unsigned int key_usage );
1013 
1024  unsigned char ns_cert_type );
1025 
1032 
1053 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1054  int (*f_rng)(void *, unsigned char *, size_t),
1055  void *p_rng );
1056 
1057 #if defined(MBEDTLS_PEM_WRITE_C)
1058 
1074 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1075  int (*f_rng)(void *, unsigned char *, size_t),
1076  void *p_rng );
1077 #endif /* MBEDTLS_PEM_WRITE_C */
1078 #endif /* MBEDTLS_X509_CRT_WRITE_C */
1079 
1080 #ifdef __cplusplus
1081 }
1082 #endif
1083 
1084 #endif /* mbedtls_x509_crt.h */
mbedtls_x509write_cert::extensions
mbedtls_asn1_named_data * extensions
Definition: x509_crt.h:195
mbedtls_x509write_crt_der
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer!...
mbedtls_x509write_crt_set_subject_key_identifier
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
mbedtls_x509_crt_profile::allowed_curves
uint32_t allowed_curves
Definition: x509_crt.h:165
mbedtls_x509write_crt_set_ns_cert_type
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:58
mbedtls_x509_parse_subject_alt_name
int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san)
This function parses an item in the SubjectAlternativeNames extension.
mbedtls_x509write_cert::subject_key
mbedtls_pk_context * subject_key
Definition: x509_crt.h:188
mbedtls_x509_crt_ca_cb_t
int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)
The type of trusted certificate callbacks.
Definition: x509_crt.h:721
mbedtls_x509_crt_parse_der_with_ext_cb
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Parse a single DER formatted certificate and add it to the end of the provided chained list.
mbedtls_x509_crt_profile
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
mbedtls_x509_crt_verify_chain::len
unsigned len
Definition: x509_crt.h:218
mbedtls_mpi
MPI structure.
Definition: bignum.h:187
mbedtls_x509write_cert::md_alg
mbedtls_md_type_t md_alg
Definition: x509_crt.h:192
x509_crl.h
X.509 certificate revocation list parsing.
mbedtls_x509_san_other_name::@1::@2::val
mbedtls_x509_buf val
Definition: x509_crt.h:128
mbedtls_x509_crt::subject_alt_names
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:80
mbedtls_x509_crt::pk_raw
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:74
mbedtls_x509_subject_alternative_name::type
int type
Definition: x509_crt.h:141
mbedtls_x509_san_other_name
Definition: x509_crt.h:110
mbedtls_x509_subject_alternative_name::@3::unstructured_name
mbedtls_x509_buf unstructured_name
Definition: x509_crt.h:144
mbedtls_x509_crt::sig_pk
mbedtls_pk_type_t sig_pk
Definition: x509_crt.h:96
mbedtls_x509_crt::subject
mbedtls_x509_name subject
Definition: x509_crt.h:69
mbedtls_x509_san_other_name::@1::hardware_module_name
struct mbedtls_x509_san_other_name::@1::@2 hardware_module_name
mbedtls_x509write_cert
struct mbedtls_x509write_cert mbedtls_x509write_cert
mbedtls_x509write_crt_set_key_usage
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
mbedtls_asn1_named_data
Definition: asn1.h:184
mbedtls_x509write_crt_set_serial
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
mbedtls_pk_context
Public key container.
Definition: pk.h:188
mbedtls_x509write_crt_set_md_alg
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
mbedtls_x509_crt_parse_file
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively....
mbedtls_x509_crt::key_usage
unsigned int key_usage
Definition: x509_crt.h:88
mbedtls_x509write_crt_set_extension
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
mbedtls_x509_crl
Definition: x509_crl.h:71
mbedtls_x509_subject_alternative_name::@3::other_name
mbedtls_x509_san_other_name other_name
Definition: x509_crt.h:143
mbedtls_x509_time
Definition: x509.h:233
mbedtls_x509write_cert::issuer_key
mbedtls_pk_context * issuer_key
Definition: x509_crt.h:189
mbedtls_x509_san_other_name::@1::@2::oid
mbedtls_x509_buf oid
Definition: x509_crt.h:127
mbedtls_x509_crt_is_revoked
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
mbedtls_x509write_crt_set_subject_key
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
mbedtls_x509write_cert::not_before
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
Definition: x509_crt.h:193
mbedtls_x509_crt_verify_with_profile
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates with respect to a configurable security profile.
mbedtls_x509_crt_parse_der_nocopy
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list....
mbedtls_pk_restart_ctx
void mbedtls_pk_restart_ctx
Definition: pk.h:204
mbedtls_x509_crt_init
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
mbedtls_x509write_crt_set_authority_key_identifier
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
mbedtls_x509_crt
struct mbedtls_x509_crt mbedtls_x509_crt
mbedtls_x509_crt_check_extended_key_usage
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
mbedtls_x509_crt::issuer
mbedtls_x509_name issuer
Definition: x509_crt.h:68
mbedtls_x509write_cert::not_after
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
Definition: x509_crt.h:194
mbedtls_x509_crt::issuer_raw
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:65
mbedtls_x509_crt
Definition: x509_crt.h:55
mbedtls_x509_crt_parse
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
bignum.h
Multi-precision integer library.
mbedtls_x509write_cert::version
int version
Definition: x509_crt.h:186
mbedtls_x509write_crt_pem
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
mbedtls_x509write_cert
Definition: x509_crt.h:185
mbedtls_x509_crt_verify
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates.
mbedtls_x509_crt_verify_chain_item
Definition: x509_crt.h:202
mbedtls_x509_crt_ext_cb_t
int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)
The type of certificate extension callbacks.
Definition: x509_crt.h:336
mbedtls_x509_crt::version
int version
Definition: x509_crt.h:61
mbedtls_x509_crt::valid_to
mbedtls_x509_time valid_to
Definition: x509_crt.h:72
MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:210
mbedtls_x509_crt::max_pathlen
int max_pathlen
Definition: x509_crt.h:86
mbedtls_x509_crt::v3_ext
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:79
mbedtls_x509_subject_alternative_name
struct mbedtls_x509_subject_alternative_name mbedtls_x509_subject_alternative_name
mbedtls_x509_crt::valid_from
mbedtls_x509_time valid_from
Definition: x509_crt.h:71
mbedtls_x509write_crt_set_version
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
mbedtls_asn1_sequence
Definition: asn1.h:174
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:82
mbedtls_x509_crt_check_key_usage
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_crt::sig
mbedtls_x509_buf sig
Definition: x509_crt.h:94
mbedtls_x509_crt_profile::rsa_min_bitlen
uint32_t rsa_min_bitlen
Definition: x509_crt.h:166
mbedtls_x509_crt_profile_default
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
mbedtls_x509_crt::issuer_id
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:77
mbedtls_x509write_crt_set_subject_name
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
mbedtls_x509_crt_profile
Definition: x509_crt.h:162
mbedtls_x509_crt_verify_chain_item::flags
uint32_t flags
Definition: x509_crt.h:204
mbedtls_x509_crt_verify_chain_item::crt
mbedtls_x509_crt * crt
Definition: x509_crt.h:203
mbedtls_x509_crt::sig_oid
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:63
mbedtls_x509_crt::ext_key_usage
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:90
mbedtls_x509_crt_verify_restartable
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
mbedtls_x509_crt_restart_ctx
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:260
mbedtls_x509_san_other_name
struct mbedtls_x509_san_other_name mbedtls_x509_san_other_name
mbedtls_x509_crt::ext_types
int ext_types
Definition: x509_crt.h:84
mbedtls_x509_crt::pk
mbedtls_pk_context pk
Definition: x509_crt.h:75
mbedtls_x509_crt::subject_raw
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:66
mbedtls_x509_crt::subject_id
mbedtls_x509_buf subject_id
Definition: x509_crt.h:78
mbedtls_x509write_crt_set_basic_constraints
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
mbedtls_x509_crt_parse_der
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list.
mbedtls_x509_san_other_name::value
union mbedtls_x509_san_other_name::@1 value
mbedtls_x509_crt_verify_chain
Definition: x509_crt.h:216
mbedtls_x509_crt::sig_opts
void * sig_opts
Definition: x509_crt.h:97
mbedtls_x509write_crt_init
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
mbedtls_x509_san_other_name::type_id
mbedtls_x509_buf type_id
Definition: x509_crt.h:116
mbedtls_x509_crt::certificate_policies
mbedtls_x509_sequence certificate_policies
Definition: x509_crt.h:82
mbedtls_x509_crt_profile_suiteb
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_crt_verify_info
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
config.h
Configuration options (set of defines)
mbedtls_x509_crt_profile::allowed_mds
uint32_t allowed_mds
Definition: x509_crt.h:163
mbedtls_x509_crt_info
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
mbedtls_x509_subject_alternative_name
Definition: x509_crt.h:140
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:175
mbedtls_x509_crt::raw
mbedtls_x509_buf raw
Definition: x509_crt.h:58
mbedtls_x509_crt::next
struct mbedtls_x509_crt * next
Definition: x509_crt.h:99
mbedtls_x509_crt_profile::allowed_pks
uint32_t allowed_pks
Definition: x509_crt.h:164
mbedtls_asn1_buf
Definition: asn1.h:152
mbedtls_x509write_crt_set_validity
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i....
mbedtls_x509_crt::ns_cert_type
unsigned char ns_cert_type
Definition: x509_crt.h:92
mbedtls_x509_crt_profile_next
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
mbedtls_x509_crt::ca_istrue
int ca_istrue
Definition: x509_crt.h:85
mbedtls_x509write_crt_set_issuer_key
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
mbedtls_x509_crt_free
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509write_cert::subject
mbedtls_asn1_named_data * subject
Definition: x509_crt.h:190
mbedtls_x509_crt::own_buffer
int own_buffer
Definition: x509_crt.h:56
mbedtls_x509_subject_alternative_name::san
union mbedtls_x509_subject_alternative_name::@3 san
mbedtls_x509_crt_parse_path
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively....
mbedtls_x509write_crt_free
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
mbedtls_x509_crt::tbs
mbedtls_x509_buf tbs
Definition: x509_crt.h:59
mbedtls_x509_crt::sig_md
mbedtls_md_type_t sig_md
Definition: x509_crt.h:95
mbedtls_x509write_crt_set_issuer_name
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
mbedtls_x509_crt::serial
mbedtls_x509_buf serial
Definition: x509_crt.h:62
mbedtls_x509write_cert::serial
mbedtls_mpi serial
Definition: x509_crt.h:187
mbedtls_x509write_cert::issuer
mbedtls_asn1_named_data * issuer
Definition: x509_crt.h:191
x509.h
X.509 generic defines and structures.