mbed TLS v3.1.0
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 #ifndef MBEDTLS_X509_CRT_H
23 #define MBEDTLS_X509_CRT_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 
28 #include "mbedtls/x509.h"
29 #include "mbedtls/x509_crl.h"
30 #include "mbedtls/bignum.h"
31 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
53 typedef struct mbedtls_x509_crt
54 {
55  int MBEDTLS_PRIVATE(own_buffer);
60  int version;
83  int MBEDTLS_PRIVATE(ext_types);
84  int MBEDTLS_PRIVATE(ca_istrue);
85  int MBEDTLS_PRIVATE(max_pathlen);
87  unsigned int MBEDTLS_PRIVATE(key_usage);
91  unsigned char MBEDTLS_PRIVATE(ns_cert_type);
96  void *MBEDTLS_PRIVATE(sig_opts);
102 }
104 
115 {
122  union
123  {
130  struct
131  {
134  }
136  }
137  value;
138 }
140 
149 {
150  int type;
151  union {
154  }
155  san;
156 }
158 
163 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
164 
191 {
192  uint32_t allowed_mds;
193  uint32_t allowed_pks;
194  uint32_t allowed_curves;
195  uint32_t rsa_min_bitlen;
196 }
198 
199 #define MBEDTLS_X509_CRT_VERSION_1 0
200 #define MBEDTLS_X509_CRT_VERSION_2 1
201 #define MBEDTLS_X509_CRT_VERSION_3 2
202 
203 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
204 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
205 
206 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
207 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
208 #endif
209 
210 /* This macro unfolds to the concatenation of macro invocations
211  * X509_CRT_ERROR_INFO( error code,
212  * error code as string,
213  * human readable description )
214  * where X509_CRT_ERROR_INFO is defined by the user.
215  * See x509_crt.c for an example of how to use this. */
216 #define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
217  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \
218  "MBEDTLS_X509_BADCERT_EXPIRED", \
219  "The certificate validity has expired" ) \
220  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \
221  "MBEDTLS_X509_BADCERT_REVOKED", \
222  "The certificate has been revoked (is on a CRL)" ) \
223  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \
224  "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
225  "The certificate Common Name (CN) does not match with the expected CN" ) \
226  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
227  "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
228  "The certificate is not correctly signed by the trusted CA" ) \
229  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
230  "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
231  "The CRL is not correctly signed by the trusted CA" ) \
232  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \
233  "MBEDTLS_X509_BADCRL_EXPIRED", \
234  "The CRL is expired" ) \
235  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \
236  "MBEDTLS_X509_BADCERT_MISSING", \
237  "Certificate was missing" ) \
238  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
239  "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
240  "Certificate verification was skipped" ) \
241  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \
242  "MBEDTLS_X509_BADCERT_OTHER", \
243  "Other reason (can be used by verify callback)" ) \
244  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \
245  "MBEDTLS_X509_BADCERT_FUTURE", \
246  "The certificate validity starts in the future" ) \
247  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \
248  "MBEDTLS_X509_BADCRL_FUTURE", \
249  "The CRL is from the future" ) \
250  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \
251  "MBEDTLS_X509_BADCERT_KEY_USAGE", \
252  "Usage does not match the keyUsage extension" ) \
253  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
254  "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
255  "Usage does not match the extendedKeyUsage extension" ) \
256  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
257  "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
258  "Usage does not match the nsCertType extension" ) \
259  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \
260  "MBEDTLS_X509_BADCERT_BAD_MD", \
261  "The certificate is signed with an unacceptable hash." ) \
262  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \
263  "MBEDTLS_X509_BADCERT_BAD_PK", \
264  "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
265  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \
266  "MBEDTLS_X509_BADCERT_BAD_KEY", \
267  "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \
268  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \
269  "MBEDTLS_X509_BADCRL_BAD_MD", \
270  "The CRL is signed with an unacceptable hash." ) \
271  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \
272  "MBEDTLS_X509_BADCRL_BAD_PK", \
273  "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
274  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \
275  "MBEDTLS_X509_BADCRL_BAD_KEY", \
276  "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." )
277 
282 {
283  int MBEDTLS_PRIVATE(version);
293 }
295 
299 typedef struct {
301  uint32_t MBEDTLS_PRIVATE(flags);
303 
307 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
308 
312 typedef struct
313 {
315  unsigned MBEDTLS_PRIVATE(len);
316 
317 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
318  /* This stores the list of potential trusted signers obtained from
319  * the CA callback used for the CRT verification, if configured.
320  * We must track it somewhere because the callback passes its
321  * ownership to the caller. */
322  mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
323 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
325 
326 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
327 
331 typedef struct
332 {
333  /* for check_signature() */
335 
336  /* for find_parent_in() */
337  mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
339  int MBEDTLS_PRIVATE(fallback_signature_is_good);
340 
341  /* for find_parent() */
342  int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
343 
344  /* for verify_chain() */
345  enum {
348  } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
349  int MBEDTLS_PRIVATE(self_cnt);
351 
353 
354 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
355 
356 /* Now we can declare functions that take a pointer to that */
357 typedef void mbedtls_x509_crt_restart_ctx;
358 
359 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
360 
361 #if defined(MBEDTLS_X509_CRT_PARSE_C)
362 
376 
383 
388 
394 
416  const unsigned char *buf,
417  size_t buflen );
418 
449 typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
450  mbedtls_x509_crt const *crt,
451  mbedtls_x509_buf const *oid,
452  int critical,
453  const unsigned char *p,
454  const unsigned char *end );
455 
497  const unsigned char *buf,
498  size_t buflen,
499  int make_copy,
501  void *p_ctx );
502 
531  const unsigned char *buf,
532  size_t buflen );
533 
564 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
565 
566 #if defined(MBEDTLS_FS_IO)
567 
580 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
581 
595 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
596 
597 #endif /* MBEDTLS_FS_IO */
598 
627 
628 #if !defined(MBEDTLS_X509_REMOVE_INFO)
629 
641 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
642  const mbedtls_x509_crt *crt );
643 
656 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
657  uint32_t flags );
658 #endif /* !MBEDTLS_X509_REMOVE_INFO */
659 
727  mbedtls_x509_crt *trust_ca,
728  mbedtls_x509_crl *ca_crl,
729  const char *cn, uint32_t *flags,
730  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
731  void *p_vrfy );
732 
768  mbedtls_x509_crt *trust_ca,
769  mbedtls_x509_crl *ca_crl,
770  const mbedtls_x509_crt_profile *profile,
771  const char *cn, uint32_t *flags,
772  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
773  void *p_vrfy );
774 
802  mbedtls_x509_crt *trust_ca,
803  mbedtls_x509_crl *ca_crl,
804  const mbedtls_x509_crt_profile *profile,
805  const char *cn, uint32_t *flags,
806  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
807  void *p_vrfy,
808  mbedtls_x509_crt_restart_ctx *rs_ctx );
809 
840 typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
841  mbedtls_x509_crt const *child,
842  mbedtls_x509_crt **candidate_cas );
843 
844 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
845 
868  mbedtls_x509_crt_ca_cb_t f_ca_cb,
869  void *p_ca_cb,
870  const mbedtls_x509_crt_profile *profile,
871  const char *cn, uint32_t *flags,
872  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
873  void *p_vrfy );
874 
875 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
876 
899  unsigned int usage );
900 
915  const char *usage_oid,
916  size_t usage_len );
917 
918 #if defined(MBEDTLS_X509_CRL_PARSE_C)
919 
929 #endif /* MBEDTLS_X509_CRL_PARSE_C */
930 
937 
944 
945 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
946 
949 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
950 
954 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
955 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
956 #endif /* MBEDTLS_X509_CRT_PARSE_C */
957 
958 /* \} name */
959 /* \} addtogroup x509_module */
960 
961 #if defined(MBEDTLS_X509_CRT_WRITE_C)
962 
968 
978 
988 
1003 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
1004  const char *not_after );
1005 
1019  const char *issuer_name );
1020 
1034  const char *subject_name );
1035 
1043 
1051 
1060 
1075  const char *oid, size_t oid_len,
1076  int critical,
1077  const unsigned char *val, size_t val_len );
1078 
1091  int is_ca, int max_pathlen );
1092 
1093 #if defined(MBEDTLS_SHA1_C)
1094 
1104 
1115 #endif /* MBEDTLS_SHA1_C */
1116 
1127  unsigned int key_usage );
1128 
1139  unsigned char ns_cert_type );
1140 
1147 
1165 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1166  int (*f_rng)(void *, unsigned char *, size_t),
1167  void *p_rng );
1168 
1169 #if defined(MBEDTLS_PEM_WRITE_C)
1170 
1183 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1184  int (*f_rng)(void *, unsigned char *, size_t),
1185  void *p_rng );
1186 #endif /* MBEDTLS_PEM_WRITE_C */
1187 #endif /* MBEDTLS_X509_CRT_WRITE_C */
1188 
1189 #ifdef __cplusplus
1190 }
1191 #endif
1192 
1193 #endif /* mbedtls_x509_crt.h */
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates.
Public key container.
Definition: pk.h:199
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates with respect to a configurable security profile.
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:79
mbedtls_x509_buf oid
Definition: x509_crt.h:132
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
struct mbedtls_x509_san_other_name mbedtls_x509_san_other_name
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:73
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
#define MBEDTLS_PRIVATE(member)
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
mbedtls_pk_type_t
Public key types.
Definition: pk.h:90
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
Free the components of a restart context.
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
mbedtls_x509_sequence certificate_policies
Definition: x509_crt.h:81
struct mbedtls_x509_crt * next
Definition: x509_crt.h:101
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_name issuer
Definition: x509_crt.h:67
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
struct mbedtls_x509_san_other_name::@7::@8 hardware_module_name
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
mbedtls_x509_buf subject_id
Definition: x509_crt.h:77
struct mbedtls_x509write_cert mbedtls_x509write_cert
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
mbedtls_x509_buf tbs
Definition: x509_crt.h:58
Multi-precision integer library.
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:65
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:62
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:64
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_san_other_name other_name
Definition: x509_crt.h:152
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
mbedtls_x509_name subject
Definition: x509_crt.h:68
mbedtls_x509_time valid_to
Definition: x509_crt.h:71
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively...
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
mbedtls_x509_buf serial
Definition: x509_crt.h:61
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
mbedtls_x509_time valid_from
Definition: x509_crt.h:70
mbedtls_x509_buf raw
Definition: x509_crt.h:57
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
Macro wrapper for struct's memebrs.
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:204
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:307
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
mbedtls_x509_buf val
Definition: x509_crt.h:133
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
X.509 generic defines and structures.
int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Version of mbedtls_x509_crt_verify_with_profile() which uses a callback to acquire the list of truste...
Build-time configuration info.
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
Initialize a restart context.
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
union mbedtls_x509_subject_alternative_name::@9 san
int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san)
This function parses an item in the SubjectAlternativeNames extension.
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:76
union mbedtls_x509_san_other_name::@7 value
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
MPI structure.
Definition: bignum.h:189
X.509 certificate revocation list parsing.
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
struct mbedtls_x509_crt mbedtls_x509_crt
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:89
int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)
The type of certificate extension callbacks.
Definition: x509_crt.h:449
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
Context for resuming operations.
Definition: pk.h:209
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
mbedtls_x509_buf type_id
Definition: x509_crt.h:121
mbedtls_pk_context pk
Definition: x509_crt.h:74
Context for resuming X.509 verify operations.
Definition: x509_crt.h:331
mbedtls_md_type_t
Supported message digests.
Definition: md.h:55
struct mbedtls_x509_subject_alternative_name mbedtls_x509_subject_alternative_name
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:78
int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)
The type of trusted certificate callbacks.
Definition: x509_crt.h:840