PolarSSL v1.3.9
x509_crt.h
Go to the documentation of this file.
1
27#ifndef POLARSSL_X509_CRT_H
28#define POLARSSL_X509_CRT_H
29
30#if !defined(POLARSSL_CONFIG_FILE)
31#include "config.h"
32#else
33#include POLARSSL_CONFIG_FILE
34#endif
35
36#include "x509.h"
37
38#include "x509_crl.h"
39
45#ifdef __cplusplus
46extern "C" {
47#endif
48
100x509_crt;
101
102#define X509_CRT_VERSION_1 0
103#define X509_CRT_VERSION_2 1
104#define X509_CRT_VERSION_3 2
105
106#define X509_RFC5280_MAX_SERIAL_LEN 32
107#define X509_RFC5280_UTC_TIME_LEN 15
108
125x509write_cert;
126
127#if defined(POLARSSL_X509_CRT_PARSE_C)
138int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
139 size_t buflen );
140
155int x509_crt_parse( x509_crt *chain, const unsigned char *buf, size_t buflen );
156
157#if defined(POLARSSL_FS_IO)
171int x509_crt_parse_file( x509_crt *chain, const char *path );
172
191int x509_crt_parse_path( x509_crt *chain, const char *path );
192#endif /* POLARSSL_FS_IO */
193
206int x509_crt_info( char *buf, size_t size, const char *prefix,
207 const x509_crt *crt );
208
245int x509_crt_verify( x509_crt *crt,
246 x509_crt *trust_ca,
247 x509_crl *ca_crl,
248 const char *cn, int *flags,
249 int (*f_vrfy)(void *, x509_crt *, int, int *),
250 void *p_vrfy );
251
252#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
269int x509_crt_check_key_usage( const x509_crt *crt, int usage );
270#endif /* POLARSSL_X509_CHECK_KEY_USAGE) */
271
272#if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
285int x509_crt_check_extended_key_usage( const x509_crt *crt,
286 const char *usage_oid,
287 size_t usage_len );
288#endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) */
289
290#if defined(POLARSSL_X509_CRL_PARSE_C)
300int x509_crt_revoked( const x509_crt *crt, const x509_crl *crl );
301#endif /* POLARSSL_X509_CRL_PARSE_C */
302
308void x509_crt_init( x509_crt *crt );
309
315void x509_crt_free( x509_crt *crt );
316#endif /* POLARSSL_X509_CRT_PARSE_C */
317
318/* \} name */
319/* \} addtogroup x509_module */
320
321#if defined(POLARSSL_X509_CRT_WRITE_C)
327void x509write_crt_init( x509write_cert *ctx );
328
337void x509write_crt_set_version( x509write_cert *ctx, int version );
338
347int x509write_crt_set_serial( x509write_cert *ctx, const mpi *serial );
348
363int x509write_crt_set_validity( x509write_cert *ctx, const char *not_before,
364 const char *not_after );
365
378int x509write_crt_set_issuer_name( x509write_cert *ctx,
379 const char *issuer_name );
380
393int x509write_crt_set_subject_name( x509write_cert *ctx,
394 const char *subject_name );
395
402void x509write_crt_set_subject_key( x509write_cert *ctx, pk_context *key );
403
410void x509write_crt_set_issuer_key( x509write_cert *ctx, pk_context *key );
411
419void x509write_crt_set_md_alg( x509write_cert *ctx, md_type_t md_alg );
420
434int x509write_crt_set_extension( x509write_cert *ctx,
435 const char *oid, size_t oid_len,
436 int critical,
437 const unsigned char *val, size_t val_len );
438
450int x509write_crt_set_basic_constraints( x509write_cert *ctx,
451 int is_ca, int max_pathlen );
452
453#if defined(POLARSSL_SHA1_C)
463int x509write_crt_set_subject_key_identifier( x509write_cert *ctx );
464
474int x509write_crt_set_authority_key_identifier( x509write_cert *ctx );
475#endif /* POLARSSL_SHA1_C */
476
486int x509write_crt_set_key_usage( x509write_cert *ctx, unsigned char key_usage );
487
497int x509write_crt_set_ns_cert_type( x509write_cert *ctx,
498 unsigned char ns_cert_type );
499
505void x509write_crt_free( x509write_cert *ctx );
506
527int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
528 int (*f_rng)(void *, unsigned char *, size_t),
529 void *p_rng );
530
531#if defined(POLARSSL_PEM_WRITE_C)
548int x509write_crt_pem( x509write_cert *ctx, unsigned char *buf, size_t size,
549 int (*f_rng)(void *, unsigned char *, size_t),
550 void *p_rng );
551#endif /* POLARSSL_PEM_WRITE_C */
552#endif /* POLARSSL_X509_CRT_WRITE_C */
553
554#ifdef __cplusplus
555}
556#endif
557
558#endif /* x509_crt.h */
config.h
Configuration options (set of defines)
x509write_crt_init
void x509write_crt_init(x509write_cert *ctx)
Initialize a CRT writing context.
_x509_crt::subject_id
x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Definition x509_crt.h:78
_x509_crt::valid_to
x509_time valid_to
End time of certificate validity.
Definition x509_crt.h:73
_x509_crt::max_pathlen
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Definition x509_crt.h:84
_x509write_cert::issuer
asn1_named_data * issuer
Definition x509_crt.h:119
_x509_crt::issuer
x509_name issuer
The parsed issuer data (named information object).
Definition x509_crt.h:69
_x509write_cert::issuer_key
pk_context * issuer_key
Definition x509_crt.h:117
_x509_crt::v3_ext
x509_buf v3_ext
Optional X.509 v3 extensions.
Definition x509_crt.h:79
_x509write_cert::extensions
asn1_named_data * extensions
Definition x509_crt.h:123
x509_crt_check_key_usage
int x509_crt_check_key_usage(const x509_crt *crt, int usage)
Check usage of certificate against keyUsage extension.
x509write_crt_set_ns_cert_type
int x509write_crt_set_ns_cert_type(x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g.
_x509write_cert::not_after
char not_after[X509_RFC5280_UTC_TIME_LEN+1]
Definition x509_crt.h:122
_x509_crt::pk
pk_context pk
Container for the public key context.
Definition x509_crt.h:75
x509_crt_init
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
x509write_crt_set_validity
int x509write_crt_set_validity(x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i....
_x509_crt::ext_types
int ext_types
Bit string containing detected and parsed extensions.
Definition x509_crt.h:82
x509_crt_parse_der
int x509_crt_parse_der(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
x509_crt_parse_file
int x509_crt_parse_file(x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list.
x509_crt_parse_path
int x509_crt_parse_path(x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list.
_x509_crt::sig_pk
pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e....
Definition x509_crt.h:95
x509write_crt_set_subject_name
int x509write_crt_set_subject_name(x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
_x509_crt::sig_opts
void * sig_opts
Signature options to be passed to pk_verify_ext(), e.g.
Definition x509_crt.h:96
x509write_crt_set_version
void x509write_crt_set_version(x509write_cert *ctx, int version)
Set the verion for a Certificate Default: X509_CRT_VERSION_3.
_x509_crt::serial
x509_buf serial
Unique id for certificate issued by a specific CA.
Definition x509_crt.h:63
x509_crt_revoked
int x509_crt_revoked(const x509_crt *crt, const x509_crl *crl)
Verify the certificate revocation status.
x509write_crt_set_issuer_name
int x509write_crt_set_issuer_name(x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
_x509_crt::key_usage
unsigned char key_usage
Optional key usage extension value: See the values in x509.h.
Definition x509_crt.h:86
_x509_crt::version
int version
The X.509 version.
Definition x509_crt.h:62
x509write_crt_set_basic_constraints
int x509write_crt_set_basic_constraints(x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
_x509_crt::valid_from
x509_time valid_from
Start time of certificate validity.
Definition x509_crt.h:72
x509_crt_free
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
x509write_crt_pem
int x509write_crt_pem(x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
_x509_crt::ns_cert_type
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values in x509.h.
Definition x509_crt.h:90
_x509_crt::raw
x509_buf raw
The raw certificate data (DER).
Definition x509_crt.h:59
x509write_crt_set_subject_key
void x509write_crt_set_subject_key(x509write_cert *ctx, pk_context *key)
Set the subject public key for the certificate.
x509write_crt_der
int x509write_crt_der(x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer!...
x509write_crt_set_serial
int x509write_crt_set_serial(x509write_cert *ctx, const mpi *serial)
Set the serial number for a Certificate.
_x509_crt::sig_md
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition x509_crt.h:94
_x509write_cert::version
int version
Definition x509_crt.h:114
_x509write_cert::serial
mpi serial
Definition x509_crt.h:115
x509_crt_info
int x509_crt_info(char *buf, size_t size, const char *prefix, const x509_crt *crt)
Returns an informational string about the certificate.
x509write_crt_set_extension
int x509write_crt_set_extension(x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
x509write_crt_set_subject_key_identifier
int x509write_crt_set_subject_key_identifier(x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has be...
x509write_crt_set_key_usage
int x509write_crt_set_key_usage(x509write_cert *ctx, unsigned char key_usage)
Set the Key Usage Extension flags (e.g.
_x509_crt::subject_raw
x509_buf subject_raw
The raw subject data (DER).
Definition x509_crt.h:67
_x509_crt::tbs
x509_buf tbs
The raw certificate body (DER).
Definition x509_crt.h:60
_x509_crt::subject
x509_name subject
The parsed subject data (named information object).
Definition x509_crt.h:70
_x509_crt::ca_istrue
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
Definition x509_crt.h:83
X509_RFC5280_UTC_TIME_LEN
#define X509_RFC5280_UTC_TIME_LEN
Definition x509_crt.h:107
_x509write_cert::md_alg
md_type_t md_alg
Definition x509_crt.h:120
x509write_crt_free
void x509write_crt_free(x509write_cert *ctx)
Free the contents of a CRT write context.
_x509_crt::sig
x509_buf sig
Signature: hash of the tbs part signed with the private key.
Definition x509_crt.h:93
x509_crt_verify
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
x509write_crt_set_md_alg
void x509write_crt_set_md_alg(x509write_cert *ctx, md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g.
x509_crt_check_extended_key_usage
int x509_crt_check_extended_key_usage(const x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extentedJeyUsage.
x509write_cert
struct _x509write_cert x509write_cert
Container for writing a certificate (CRT)
x509write_crt_set_authority_key_identifier
int x509write_crt_set_authority_key_identifier(x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has b...
_x509write_cert::not_before
char not_before[X509_RFC5280_UTC_TIME_LEN+1]
Definition x509_crt.h:121
_x509_crt::sig_oid2
x509_buf sig_oid2
Signature algorithm.
Definition x509_crt.h:92
x509write_crt_set_issuer_key
void x509write_crt_set_issuer_key(x509write_cert *ctx, pk_context *key)
Set the issuer key used for signing the certificate.
_x509_crt::ext_key_usage
x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Definition x509_crt.h:88
_x509write_cert::subject_key
pk_context * subject_key
Definition x509_crt.h:116
_x509_crt::issuer_id
x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
Definition x509_crt.h:77
_x509_crt::issuer_raw
x509_buf issuer_raw
The raw issuer data (DER).
Definition x509_crt.h:66
_x509write_cert::subject
asn1_named_data * subject
Definition x509_crt.h:118
x509_crt
struct _x509_crt x509_crt
Container for an X.509 certificate.
_x509_crt::next
struct _x509_crt * next
Next certificate in the CA-chain.
Definition x509_crt.h:98
_x509_crt::subject_alt_names
x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
Definition x509_crt.h:80
x509_crt_parse
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
_x509_crt::sig_oid1
x509_buf sig_oid1
Signature algorithm, e.g.
Definition x509_crt.h:64
md_type_t
md_type_t
Definition md.h:51
pk_type_t
pk_type_t
Public key types.
Definition pk.h:95
_asn1_buf
Type-length-value structure that allows for ASN1 using DER.
Definition asn1.h:125
_asn1_named_data
Container for a sequence or list of 'named' ASN.1 data items.
Definition asn1.h:157
_asn1_sequence
Container for a sequence of ASN.1 items.
Definition asn1.h:147
_x509_crl
Certificate revocation list structure.
Definition x509_crl.h:74
_x509_crt
Container for an X.509 certificate.
Definition x509_crt.h:58
_x509_time
Container for date and time (precision in seconds).
Definition x509.h:184
_x509write_cert
Container for writing a certificate (CRT)
Definition x509_crt.h:113
mpi
MPI structure.
Definition bignum.h:183
pk_context
Public key container.
Definition pk.h:195
x509.h
X.509 generic defines and structures.
x509_crl.h
X.509 certificate revocation list parsing.
Generated on Tue Feb 18 2025 20:02:19 for PolarSSL v1.3.9 by doxygen 1.12.0