mbed TLS v3.4.0
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 #ifndef MBEDTLS_X509_CRT_H
23 #define MBEDTLS_X509_CRT_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 #include "mbedtls/legacy_or_psa.h"
28 
29 #include "mbedtls/x509.h"
30 #include "mbedtls/x509_crl.h"
31 #include "mbedtls/bignum.h"
32 
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
54 typedef struct mbedtls_x509_crt {
55  int MBEDTLS_PRIVATE(own_buffer);
60  int version;
83  int MBEDTLS_PRIVATE(ext_types);
84  int MBEDTLS_PRIVATE(ca_istrue);
85  int MBEDTLS_PRIVATE(max_pathlen);
87  unsigned int MBEDTLS_PRIVATE(key_usage);
91  unsigned char MBEDTLS_PRIVATE(ns_cert_type);
96  void *MBEDTLS_PRIVATE(sig_opts);
102 }
104 
109 #define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1))
110 
136 typedef struct mbedtls_x509_crt_profile {
137  uint32_t allowed_mds;
138  uint32_t allowed_pks;
141  uint32_t allowed_curves;
142  uint32_t rsa_min_bitlen;
143 }
145 
146 #define MBEDTLS_X509_CRT_VERSION_1 0
147 #define MBEDTLS_X509_CRT_VERSION_2 1
148 #define MBEDTLS_X509_CRT_VERSION_3 2
149 
150 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20
151 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
152 
153 #if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
154 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
155 #endif
156 
157 /* This macro unfolds to the concatenation of macro invocations
158  * X509_CRT_ERROR_INFO( error code,
159  * error code as string,
160  * human readable description )
161  * where X509_CRT_ERROR_INFO is defined by the user.
162  * See x509_crt.c for an example of how to use this. */
163 #define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
164  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \
165  "MBEDTLS_X509_BADCERT_EXPIRED", \
166  "The certificate validity has expired") \
167  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \
168  "MBEDTLS_X509_BADCERT_REVOKED", \
169  "The certificate has been revoked (is on a CRL)") \
170  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_CN_MISMATCH, \
171  "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
172  "The certificate Common Name (CN) does not match with the expected CN") \
173  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
174  "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
175  "The certificate is not correctly signed by the trusted CA") \
176  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
177  "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
178  "The CRL is not correctly signed by the trusted CA") \
179  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \
180  "MBEDTLS_X509_BADCRL_EXPIRED", \
181  "The CRL is expired") \
182  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \
183  "MBEDTLS_X509_BADCERT_MISSING", \
184  "Certificate was missing") \
185  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
186  "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
187  "Certificate verification was skipped") \
188  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \
189  "MBEDTLS_X509_BADCERT_OTHER", \
190  "Other reason (can be used by verify callback)") \
191  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \
192  "MBEDTLS_X509_BADCERT_FUTURE", \
193  "The certificate validity starts in the future") \
194  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \
195  "MBEDTLS_X509_BADCRL_FUTURE", \
196  "The CRL is from the future") \
197  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \
198  "MBEDTLS_X509_BADCERT_KEY_USAGE", \
199  "Usage does not match the keyUsage extension") \
200  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
201  "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
202  "Usage does not match the extendedKeyUsage extension") \
203  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
204  "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
205  "Usage does not match the nsCertType extension") \
206  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_MD, \
207  "MBEDTLS_X509_BADCERT_BAD_MD", \
208  "The certificate is signed with an unacceptable hash.") \
209  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_PK, \
210  "MBEDTLS_X509_BADCERT_BAD_PK", \
211  "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
212  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_KEY, \
213  "MBEDTLS_X509_BADCERT_BAD_KEY", \
214  "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \
215  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \
216  "MBEDTLS_X509_BADCRL_BAD_MD", \
217  "The CRL is signed with an unacceptable hash.") \
218  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_PK, \
219  "MBEDTLS_X509_BADCRL_BAD_PK", \
220  "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
221  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \
222  "MBEDTLS_X509_BADCRL_BAD_KEY", \
223  "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
224 
228 typedef struct mbedtls_x509write_cert {
229  int MBEDTLS_PRIVATE(version);
231  size_t MBEDTLS_PRIVATE(serial_len);
240 }
242 
246 typedef struct {
248  uint32_t MBEDTLS_PRIVATE(flags);
250 
254 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
255 
259 typedef struct {
261  unsigned MBEDTLS_PRIVATE(len);
262 
263 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
264  /* This stores the list of potential trusted signers obtained from
265  * the CA callback used for the CRT verification, if configured.
266  * We must track it somewhere because the callback passes its
267  * ownership to the caller. */
268  mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
269 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
271 
272 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
273 
277 typedef struct {
278  /* for check_signature() */
280 
281  /* for find_parent_in() */
282  mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
283  mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
284  int MBEDTLS_PRIVATE(fallback_signature_is_good);
285 
286  /* for find_parent() */
287  int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
288 
289  /* for verify_chain() */
290  enum {
291  x509_crt_rs_none,
292  x509_crt_rs_find_parent,
293  } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
294  int MBEDTLS_PRIVATE(self_cnt);
296 
298 
299 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
300 
301 /* Now we can declare functions that take a pointer to that */
303 
304 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
305 
306 #if defined(MBEDTLS_X509_CRT_PARSE_C)
307 
321 
328 
333 
339 
365  const unsigned char *buf,
366  size_t buflen);
367 
398 typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
399  mbedtls_x509_crt const *crt,
400  mbedtls_x509_buf const *oid,
401  int critical,
402  const unsigned char *p,
403  const unsigned char *end);
404 
450  const unsigned char *buf,
451  size_t buflen,
452  int make_copy,
454  void *p_ctx);
455 
488  const unsigned char *buf,
489  size_t buflen);
490 
525 int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen);
526 
527 #if defined(MBEDTLS_FS_IO)
528 
545 int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
546 
560 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
561 
562 #endif /* MBEDTLS_FS_IO */
563 #if !defined(MBEDTLS_X509_REMOVE_INFO)
564 
576 int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
577  const mbedtls_x509_crt *crt);
578 
591 int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
592  uint32_t flags);
593 #endif /* !MBEDTLS_X509_REMOVE_INFO */
594 
662  mbedtls_x509_crt *trust_ca,
663  mbedtls_x509_crl *ca_crl,
664  const char *cn, uint32_t *flags,
665  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
666  void *p_vrfy);
667 
703  mbedtls_x509_crt *trust_ca,
704  mbedtls_x509_crl *ca_crl,
705  const mbedtls_x509_crt_profile *profile,
706  const char *cn, uint32_t *flags,
707  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
708  void *p_vrfy);
709 
737  mbedtls_x509_crt *trust_ca,
738  mbedtls_x509_crl *ca_crl,
739  const mbedtls_x509_crt_profile *profile,
740  const char *cn, uint32_t *flags,
741  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
742  void *p_vrfy,
743  mbedtls_x509_crt_restart_ctx *rs_ctx);
744 
775 typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
776  mbedtls_x509_crt const *child,
777  mbedtls_x509_crt **candidate_cas);
778 
779 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
780 
802 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
803  mbedtls_x509_crt_ca_cb_t f_ca_cb,
804  void *p_ca_cb,
805  const mbedtls_x509_crt_profile *profile,
806  const char *cn, uint32_t *flags,
807  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
808  void *p_vrfy);
809 
810 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
811 
834  unsigned int usage);
835 
850  const char *usage_oid,
851  size_t usage_len);
852 
853 #if defined(MBEDTLS_X509_CRL_PARSE_C)
854 
864 #endif /* MBEDTLS_X509_CRL_PARSE_C */
865 
872 
879 
880 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
881 
884 void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
885 
889 void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
890 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
891 #endif /* MBEDTLS_X509_CRT_PARSE_C */
892 
904 static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx,
905  int ext_type)
906 {
907  return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
908 }
909 
912 #if defined(MBEDTLS_X509_CRT_WRITE_C)
913 
919 
929 
930 #if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
931 
949  mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
950 #endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
951 
966  unsigned char *serial, size_t serial_len);
967 
982 int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before,
983  const char *not_after);
984 
998  const char *issuer_name);
999 
1013  const char *subject_name);
1014 
1022 
1030 
1039 
1054  const char *oid, size_t oid_len,
1055  int critical,
1056  const unsigned char *val, size_t val_len);
1057 
1070  int is_ca, int max_pathlen);
1071 
1072 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
1073 
1083 
1094 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
1095 
1106  unsigned int key_usage);
1107 
1119  const mbedtls_asn1_sequence *exts);
1120 
1131  unsigned char ns_cert_type);
1132 
1139 
1157 int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1158  int (*f_rng)(void *, unsigned char *, size_t),
1159  void *p_rng);
1160 
1161 #if defined(MBEDTLS_PEM_WRITE_C)
1162 
1175 int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1176  int (*f_rng)(void *, unsigned char *, size_t),
1177  void *p_rng);
1178 #endif /* MBEDTLS_PEM_WRITE_C */
1179 #endif /* MBEDTLS_X509_CRT_WRITE_C */
1180 
1183 #ifdef __cplusplus
1184 }
1185 #endif
1186 
1187 #endif /* mbedtls_x509_crt.h */
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates.
Public key container.
Definition: pk.h:233
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates with respect to a configurable security profile.
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:79
int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the version for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:73
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
#define MBEDTLS_PRIVATE(member)
mbedtls_pk_type_t
Public key types.
Definition: pk.h:85
int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)
The type of trusted certificate callbacks.
Definition: x509_crt.h:775
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
mbedtls_x509_sequence certificate_policies
Definition: x509_crt.h:81
struct mbedtls_x509_crt * next
Definition: x509_crt.h:101
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_name issuer
Definition: x509_crt.h:67
mbedtls_x509_buf subject_id
Definition: x509_crt.h:77
struct mbedtls_x509write_cert mbedtls_x509write_cert
mbedtls_x509_buf tbs
Definition: x509_crt.h:58
Multi-precision integer library.
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:65
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:62
void mbedtls_pk_restart_ctx
Definition: pk.h:248
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:64
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_name subject
Definition: x509_crt.h:68
mbedtls_x509_time valid_to
Definition: x509_crt.h:71
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
static int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, int ext_type)
Query certificate for given extension type.
Definition: x509_crt.h:904
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively...
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
mbedtls_x509_buf serial
Definition: x509_crt.h:61
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:302
mbedtls_x509_time valid_from
Definition: x509_crt.h:70
mbedtls_x509_buf raw
Definition: x509_crt.h:57
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
Macro wrapper for struct's members.
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:151
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:254
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
#define MBEDTLS_DEPRECATED
Definition: platform_util.h:53
int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)
The type of certificate extension callbacks.
Definition: x509_crt.h:398
X.509 generic defines and structures.
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
Build-time configuration info.
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:76
MPI structure.
Definition: bignum.h:205
X.509 certificate revocation list parsing.
struct mbedtls_x509_crt mbedtls_x509_crt
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:89
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, unsigned char *serial, size_t serial_len)
Set the serial number for a Certificate.
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
mbedtls_pk_context pk
Definition: x509_crt.h:74
mbedtls_md_type_t
Supported message digests.
Definition: md.h:143
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts)
Set the Extended Key Usage Extension (e.g. MBEDTLS_OID_SERVER_AUTH)
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
Definition: x509_crt.h:150
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:78