PolarSSL v1.3.9
Data Structures | Functions | Variables
X.509 module

The X.509 module provides X.509 support which includes: More...

Data Structures

struct  _x509_time
 Container for date and time (precision in seconds). More...
 
struct  _x509_crl_entry
 Certificate revocation list entry. More...
 
struct  _x509_crl
 Certificate revocation list structure. More...
 
struct  _x509_crt
 Container for an X.509 certificate. More...
 
struct  _x509write_cert
 Container for writing a certificate (CRT) More...
 
struct  _x509_csr
 Certificate Signing Request (CSR) structure. More...
 
struct  _x509write_csr
 Container for writing a CSR. More...
 

Functions

int dhm_parse_dhm (dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
 Parse DHM parameters. More...
 
int dhm_parse_dhmfile (dhm_context *dhm, const char *path)
 Load and parse DHM parameters. More...
 
int x509_dn_gets (char *buf, size_t size, const x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written. More...
 
int x509_serial_gets (char *buf, size_t size, const x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written. More...
 
const char * x509_oid_get_description (x509_buf *oid)
 Give an known OID, return its descriptive string. More...
 
int x509_oid_get_numeric_string (char *buf, size_t size, x509_buf *oid)
 Give an OID, return a string version of its OID number. More...
 
int x509_time_expired (const x509_time *time)
 Check a given x509_time against the system time and check if it is not expired. More...
 
int x509_time_future (const x509_time *time)
 Check a given x509_time against the system time and check if it is not from the future. More...
 
int x509_self_test (int verbose)
 Checkup routine. More...
 
int x509_get_name (unsigned char **p, const unsigned char *end, x509_name *cur)
 
int x509_get_alg_null (unsigned char **p, const unsigned char *end, x509_buf *alg)
 
int x509_get_alg (unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params)
 
int x509_get_rsassa_pss_params (const x509_buf *params, md_type_t *md_alg, md_type_t *mgf_md, int *salt_len)
 
int x509_get_sig (unsigned char **p, const unsigned char *end, x509_buf *sig)
 
int x509_get_sig_alg (const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts)
 
int x509_get_time (unsigned char **p, const unsigned char *end, x509_time *time)
 
int x509_get_serial (unsigned char **p, const unsigned char *end, x509_buf *serial)
 
int x509_get_ext (unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
 
int x509_load_file (const char *path, unsigned char **buf, size_t *n)
 
int x509_sig_alg_gets (char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts)
 
int x509_key_size_helper (char *buf, size_t size, const char *name)
 
int x509_string_to_names (asn1_named_data **head, const char *name)
 
int x509_set_extension (asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 
int x509_write_extensions (unsigned char **p, unsigned char *start, asn1_named_data *first)
 
int x509_write_names (unsigned char **p, unsigned char *start, asn1_named_data *first)
 
int x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
 

Variables

int _x509_time::year
 
int _x509_time::mon
 
int _x509_time::day
 Date. More...
 
int _x509_time::hour
 
int _x509_time::min
 
int _x509_time::sec
 Time. More...
 
x509_buf _x509_crl_entry::raw
 
x509_buf _x509_crl_entry::serial
 
x509_time _x509_crl_entry::revocation_date
 
x509_buf _x509_crl_entry::entry_ext
 
struct _x509_crl_entry_x509_crl_entry::next
 
x509_buf _x509_crl::raw
 The raw certificate data (DER). More...
 
x509_buf _x509_crl::tbs
 The raw certificate body (DER). More...
 
int _x509_crl::version
 CRL version (1=v1, 2=v2) More...
 
x509_buf _x509_crl::sig_oid1
 
x509_buf _x509_crl::issuer_raw
 The raw issuer data (DER). More...
 
x509_name _x509_crl::issuer
 The parsed issuer data (named information object). More...
 
x509_time _x509_crl::this_update
 
x509_time _x509_crl::next_update
 
x509_crl_entry _x509_crl::entry
 The CRL entries containing the certificate revocation times for this CA. More...
 
x509_buf _x509_crl::crl_ext
 
x509_buf _x509_crl::sig_oid2
 
x509_buf _x509_crl::sig
 
md_type_t _x509_crl::sig_md
 Internal representation of the MD algorithm of the signature algorithm, e.g. More...
 
pk_type_t _x509_crl::sig_pk
 Internal representation of the Public Key algorithm of the signature algorithm, e.g. More...
 
void * _x509_crl::sig_opts
 Signature options to be passed to pk_verify_ext(), e.g. More...
 
struct _x509_crl_x509_crl::next
 
x509_buf _x509_crt::raw
 The raw certificate data (DER). More...
 
x509_buf _x509_crt::tbs
 The raw certificate body (DER). More...
 
int _x509_crt::version
 The X.509 version. More...
 
x509_buf _x509_crt::serial
 Unique id for certificate issued by a specific CA. More...
 
x509_buf _x509_crt::sig_oid1
 Signature algorithm, e.g. More...
 
x509_buf _x509_crt::issuer_raw
 The raw issuer data (DER). More...
 
x509_buf _x509_crt::subject_raw
 The raw subject data (DER). More...
 
x509_name _x509_crt::issuer
 The parsed issuer data (named information object). More...
 
x509_name _x509_crt::subject
 The parsed subject data (named information object). More...
 
x509_time _x509_crt::valid_from
 Start time of certificate validity. More...
 
x509_time _x509_crt::valid_to
 End time of certificate validity. More...
 
pk_context _x509_crt::pk
 Container for the public key context. More...
 
x509_buf _x509_crt::issuer_id
 Optional X.509 v2/v3 issuer unique identifier. More...
 
x509_buf _x509_crt::subject_id
 Optional X.509 v2/v3 subject unique identifier. More...
 
x509_buf _x509_crt::v3_ext
 Optional X.509 v3 extensions. More...
 
x509_sequence _x509_crt::subject_alt_names
 Optional list of Subject Alternative Names (Only dNSName supported). More...
 
int _x509_crt::ext_types
 Bit string containing detected and parsed extensions. More...
 
int _x509_crt::ca_istrue
 Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. More...
 
int _x509_crt::max_pathlen
 Optional Basic Constraint extension value: The maximum path length to the root certificate. More...
 
unsigned char _x509_crt::key_usage
 Optional key usage extension value: See the values in x509.h. More...
 
x509_sequence _x509_crt::ext_key_usage
 Optional list of extended key usage OIDs. More...
 
unsigned char _x509_crt::ns_cert_type
 Optional Netscape certificate type extension value: See the values in x509.h. More...
 
x509_buf _x509_crt::sig_oid2
 Signature algorithm. More...
 
x509_buf _x509_crt::sig
 Signature: hash of the tbs part signed with the private key. More...
 
md_type_t _x509_crt::sig_md
 Internal representation of the MD algorithm of the signature algorithm, e.g. More...
 
pk_type_t _x509_crt::sig_pk
 Internal representation of the Public Key algorithm of the signature algorithm, e.g. More...
 
void * _x509_crt::sig_opts
 Signature options to be passed to pk_verify_ext(), e.g. More...
 
struct _x509_crt_x509_crt::next
 Next certificate in the CA-chain. More...
 
int _x509write_cert::version
 
mpi _x509write_cert::serial
 
pk_context_x509write_cert::subject_key
 
pk_context_x509write_cert::issuer_key
 
asn1_named_data_x509write_cert::subject
 
asn1_named_data_x509write_cert::issuer
 
md_type_t _x509write_cert::md_alg
 
char _x509write_cert::not_before [X509_RFC5280_UTC_TIME_LEN+1]
 
char _x509write_cert::not_after [X509_RFC5280_UTC_TIME_LEN+1]
 
asn1_named_data_x509write_cert::extensions
 
x509_buf _x509_csr::raw
 The raw CSR data (DER). More...
 
x509_buf _x509_csr::cri
 The raw CertificateRequestInfo body (DER). More...
 
int _x509_csr::version
 CSR version (1=v1). More...
 
x509_buf _x509_csr::subject_raw
 The raw subject data (DER). More...
 
x509_name _x509_csr::subject
 The parsed subject data (named information object). More...
 
pk_context _x509_csr::pk
 Container for the public key context. More...
 
x509_buf _x509_csr::sig_oid
 
x509_buf _x509_csr::sig
 
md_type_t _x509_csr::sig_md
 Internal representation of the MD algorithm of the signature algorithm, e.g. More...
 
pk_type_t _x509_csr::sig_pk
 Internal representation of the Public Key algorithm of the signature algorithm, e.g. More...
 
void * _x509_csr::sig_opts
 Signature options to be passed to pk_verify_ext(), e.g. More...
 
pk_context_x509write_csr::key
 
asn1_named_data_x509write_csr::subject
 
md_type_t _x509write_csr::md_alg
 
asn1_named_data_x509write_csr::extensions
 

Structures for parsing X.509 certificates, CRLs and CSRs

typedef asn1_buf x509_buf
 Type-length-value structure that allows for ASN1 using DER. More...
 
typedef asn1_bitstring x509_bitstring
 Container for ASN1 bit strings. More...
 
typedef asn1_named_data x509_name
 Container for ASN1 named information objects. More...
 
typedef asn1_sequence x509_sequence
 Container for a sequence of ASN.1 items. More...
 
typedef struct _x509_time x509_time
 Container for date and time (precision in seconds). More...
 

Structures and functions for parsing CRLs

typedef struct _x509_crl_entry x509_crl_entry
 Certificate revocation list entry. More...
 
typedef struct _x509_crl x509_crl
 Certificate revocation list structure. More...
 
int x509_crl_parse (x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse one or more CRLs and add them to the chained list. More...
 
int x509_crl_parse_file (x509_crl *chain, const char *path)
 Load one or more CRLs and add them to the chained list. More...
 
int x509_crl_info (char *buf, size_t size, const char *prefix, const x509_crl *crl)
 Returns an informational string about the CRL. More...
 
void x509_crl_init (x509_crl *crl)
 Initialize a CRL (chain) More...
 
void x509_crl_free (x509_crl *crl)
 Unallocate all CRL data. More...
 

Structures and functions for parsing and writing X.509 certificates

typedef struct _x509_crt x509_crt
 Container for an X.509 certificate. More...
 
typedef struct _x509write_cert x509write_cert
 Container for writing a certificate (CRT) More...
 
int x509_crt_parse_der (x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse a single DER formatted certificate and add it to the chained list. More...
 
int x509_crt_parse (x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse one or more certificates and add them to the chained list. More...
 
int x509_crt_parse_file (x509_crt *chain, const char *path)
 Load one or more certificates and add them to the chained list. More...
 
int x509_crt_parse_path (x509_crt *chain, const char *path)
 Load one or more certificate files from a path and add them to the chained list. More...
 
int x509_crt_info (char *buf, size_t size, const char *prefix, const x509_crt *crt)
 Returns an informational string about the certificate. More...
 
int x509_crt_verify (x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
 Verify the certificate signature. More...
 
int x509_crt_check_key_usage (const x509_crt *crt, int usage)
 Check usage of certificate against keyUsage extension. More...
 
int x509_crt_check_extended_key_usage (const x509_crt *crt, const char *usage_oid, size_t usage_len)
 Check usage of certificate against extentedJeyUsage. More...
 
int x509_crt_revoked (const x509_crt *crt, const x509_crl *crl)
 Verify the certificate revocation status. More...
 
void x509_crt_init (x509_crt *crt)
 Initialize a certificate (chain) More...
 
void x509_crt_free (x509_crt *crt)
 Unallocate all certificate data. More...
 
void x509write_crt_init (x509write_cert *ctx)
 Initialize a CRT writing context. More...
 
void x509write_crt_set_version (x509write_cert *ctx, int version)
 Set the verion for a Certificate Default: X509_CRT_VERSION_3. More...
 
int x509write_crt_set_serial (x509write_cert *ctx, const mpi *serial)
 Set the serial number for a Certificate. More...
 
int x509write_crt_set_validity (x509write_cert *ctx, const char *not_before, const char *not_after)
 Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e. More...
 
int x509write_crt_set_issuer_name (x509write_cert *ctx, const char *issuer_name)
 Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g. More...
 
int x509write_crt_set_subject_name (x509write_cert *ctx, const char *subject_name)
 Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g. More...
 
void x509write_crt_set_subject_key (x509write_cert *ctx, pk_context *key)
 Set the subject public key for the certificate. More...
 
void x509write_crt_set_issuer_key (x509write_cert *ctx, pk_context *key)
 Set the issuer key used for signing the certificate. More...
 
void x509write_crt_set_md_alg (x509write_cert *ctx, md_type_t md_alg)
 Set the MD algorithm to use for the signature (e.g. More...
 
int x509write_crt_set_extension (x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 Generic function to add to or replace an extension in the CRT. More...
 
int x509write_crt_set_basic_constraints (x509write_cert *ctx, int is_ca, int max_pathlen)
 Set the basicConstraints extension for a CRT. More...
 
int x509write_crt_set_subject_key_identifier (x509write_cert *ctx)
 Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has been called before. More...
 
int x509write_crt_set_authority_key_identifier (x509write_cert *ctx)
 Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has been called before. More...
 
int x509write_crt_set_key_usage (x509write_cert *ctx, unsigned char key_usage)
 Set the Key Usage Extension flags (e.g. More...
 
int x509write_crt_set_ns_cert_type (x509write_cert *ctx, unsigned char ns_cert_type)
 Set the Netscape Cert Type flags (e.g. More...
 
void x509write_crt_free (x509write_cert *ctx)
 Free the contents of a CRT write context. More...
 
int x509write_crt_der (x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. More...
 
int x509write_crt_pem (x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a built up certificate to a X509 PEM string. More...
 
#define X509_CRT_VERSION_1   0
 
#define X509_CRT_VERSION_2   1
 
#define X509_CRT_VERSION_3   2
 
#define X509_RFC5280_MAX_SERIAL_LEN   32
 
#define X509_RFC5280_UTC_TIME_LEN   15
 

Structures and functions for X.509 Certificate Signing Requests (CSR)

typedef struct _x509_csr x509_csr
 Certificate Signing Request (CSR) structure. More...
 
typedef struct _x509write_csr x509write_csr
 Container for writing a CSR. More...
 
int x509_csr_parse_der (x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR) in DER format. More...
 
int x509_csr_parse (x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR), DER or PEM format. More...
 
int x509_csr_parse_file (x509_csr *csr, const char *path)
 Load a Certificate Signing Request (CSR) More...
 
int x509_csr_info (char *buf, size_t size, const char *prefix, const x509_csr *csr)
 Returns an informational string about the CSR. More...
 
void x509_csr_init (x509_csr *csr)
 Initialize a CSR. More...
 
void x509_csr_free (x509_csr *csr)
 Unallocate all CSR data. More...
 
void x509write_csr_init (x509write_csr *ctx)
 Initialize a CSR context. More...
 
int x509write_csr_set_subject_name (x509write_csr *ctx, const char *subject_name)
 Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. More...
 
void x509write_csr_set_key (x509write_csr *ctx, pk_context *key)
 Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it) More...
 
void x509write_csr_set_md_alg (x509write_csr *ctx, md_type_t md_alg)
 Set the MD algorithm to use for the signature (e.g. More...
 
int x509write_csr_set_key_usage (x509write_csr *ctx, unsigned char key_usage)
 Set the Key Usage Extension flags (e.g. More...
 
int x509write_csr_set_ns_cert_type (x509write_csr *ctx, unsigned char ns_cert_type)
 Set the Netscape Cert Type flags (e.g. More...
 
int x509write_csr_set_extension (x509write_csr *ctx, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len)
 Generic function to add to or replace an extension in the CSR. More...
 
void x509write_csr_free (x509write_csr *ctx)
 Free the contents of a CSR context. More...
 
int x509write_csr_der (x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. More...
 
int x509write_csr_pem (x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a PEM string. More...
 

X509 Error codes

#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 Unavailable feature, e.g. More...
 
#define POLARSSL_ERR_X509_UNKNOWN_OID   -0x2100
 Requested OID is unknown. More...
 
#define POLARSSL_ERR_X509_INVALID_FORMAT   -0x2180
 The CRT/CRL/CSR format is invalid, e.g. More...
 
#define POLARSSL_ERR_X509_INVALID_VERSION   -0x2200
 The CRT/CRL/CSR version element is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_SERIAL   -0x2280
 The serial tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_ALG   -0x2300
 The algorithm tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_NAME   -0x2380
 The name tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_DATE   -0x2400
 The date tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_SIGNATURE   -0x2480
 The signature tag or value invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS   -0x2500
 The extension tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_UNKNOWN_VERSION   -0x2580
 CRT/CRL/CSR has an unsupported version number. More...
 
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 Signature algorithm (oid) is unsupported. More...
 
#define POLARSSL_ERR_X509_SIG_MISMATCH   -0x2680
 Signature algorithms do not match. More...
 
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 Certificate verification failed, e.g. More...
 
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 Format not recognized as DER or PEM. More...
 
#define POLARSSL_ERR_X509_BAD_INPUT_DATA   -0x2800
 Input invalid. More...
 
#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2880
 Allocation of memory failed. More...
 
#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2900
 Read/write of file failed. More...
 

X509 Verify codes

#define BADCERT_EXPIRED   0x01
 The certificate validity has expired. More...
 
#define BADCERT_REVOKED   0x02
 The certificate has been revoked (is on a CRL). More...
 
#define BADCERT_CN_MISMATCH   0x04
 The certificate Common Name (CN) does not match with the expected CN. More...
 
#define BADCERT_NOT_TRUSTED   0x08
 The certificate is not correctly signed by the trusted CA. More...
 
#define BADCRL_NOT_TRUSTED   0x10
 CRL is not correctly signed by the trusted CA. More...
 
#define BADCRL_EXPIRED   0x20
 CRL is expired. More...
 
#define BADCERT_MISSING   0x40
 Certificate was missing. More...
 
#define BADCERT_SKIP_VERIFY   0x80
 Certificate verification was skipped. More...
 
#define BADCERT_OTHER   0x0100
 Other reason (can be used by verify callback) More...
 
#define BADCERT_FUTURE   0x0200
 The certificate validity starts in the future. More...
 
#define BADCRL_FUTURE   0x0400
 The CRL is from the future. More...
 
#define KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
 
#define KU_NON_REPUDIATION   (0x40) /* bit 1 */
 
#define KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
 
#define KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
 
#define KU_KEY_AGREEMENT   (0x08) /* bit 4 */
 
#define KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
 
#define KU_CRL_SIGN   (0x02) /* bit 6 */
 
#define NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
 
#define NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
 
#define NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
 
#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
 
#define NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
 
#define NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
 
#define NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
 
#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
 
#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)
 
#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
 
#define EXT_KEY_USAGE   (1 << 2) /* Parsed but not used */
 
#define EXT_CERTIFICATE_POLICIES   (1 << 3)
 
#define EXT_POLICY_MAPPINGS   (1 << 4)
 
#define EXT_SUBJECT_ALT_NAME   (1 << 5) /* Supported (DNS) */
 
#define EXT_ISSUER_ALT_NAME   (1 << 6)
 
#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)
 
#define EXT_BASIC_CONSTRAINTS   (1 << 8) /* Supported */
 
#define EXT_NAME_CONSTRAINTS   (1 << 9)
 
#define EXT_POLICY_CONSTRAINTS   (1 << 10)
 
#define EXT_EXTENDED_KEY_USAGE   (1 << 11) /* Parsed but not used */
 
#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)
 
#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)
 
#define EXT_FRESHEST_CRL   (1 << 14)
 
#define EXT_NS_CERT_TYPE   (1 << 16) /* Parsed (and then ?) */
 
#define X509_FORMAT_DER   1
 
#define X509_FORMAT_PEM   2
 
#define X509_MAX_DN_NAME_SIZE   256
 Maximum value size of a DN entry. More...
 

Detailed Description

The X.509 module provides X.509 support which includes:

This module can be used to build a certificate authority (CA) chain and verify its signature. It is also used to generate Certificate Signing Requests and X509 certificates just as a CA would do.

Macro Definition Documentation

◆ BADCERT_CN_MISMATCH

#define BADCERT_CN_MISMATCH   0x04

The certificate Common Name (CN) does not match with the expected CN.

Definition at line 78 of file x509.h.

◆ BADCERT_EXPIRED

#define BADCERT_EXPIRED   0x01

The certificate validity has expired.

Definition at line 76 of file x509.h.

◆ BADCERT_FUTURE

#define BADCERT_FUTURE   0x0200

The certificate validity starts in the future.

Definition at line 85 of file x509.h.

◆ BADCERT_MISSING

#define BADCERT_MISSING   0x40

Certificate was missing.

Definition at line 82 of file x509.h.

◆ BADCERT_NOT_TRUSTED

#define BADCERT_NOT_TRUSTED   0x08

The certificate is not correctly signed by the trusted CA.

Definition at line 79 of file x509.h.

◆ BADCERT_OTHER

#define BADCERT_OTHER   0x0100

Other reason (can be used by verify callback)

Definition at line 84 of file x509.h.

◆ BADCERT_REVOKED

#define BADCERT_REVOKED   0x02

The certificate has been revoked (is on a CRL).

Definition at line 77 of file x509.h.

◆ BADCERT_SKIP_VERIFY

#define BADCERT_SKIP_VERIFY   0x80

Certificate verification was skipped.

Definition at line 83 of file x509.h.

◆ BADCRL_EXPIRED

#define BADCRL_EXPIRED   0x20

CRL is expired.

Definition at line 81 of file x509.h.

◆ BADCRL_FUTURE

#define BADCRL_FUTURE   0x0400

The CRL is from the future.

Definition at line 86 of file x509.h.

◆ BADCRL_NOT_TRUSTED

#define BADCRL_NOT_TRUSTED   0x10

CRL is not correctly signed by the trusted CA.

Definition at line 80 of file x509.h.

◆ EXT_AUTHORITY_KEY_IDENTIFIER

#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)

Definition at line 121 of file x509.h.

◆ EXT_BASIC_CONSTRAINTS

#define EXT_BASIC_CONSTRAINTS   (1 << 8) /* Supported */

Definition at line 129 of file x509.h.

◆ EXT_CERTIFICATE_POLICIES

#define EXT_CERTIFICATE_POLICIES   (1 << 3)

Definition at line 124 of file x509.h.

◆ EXT_CRL_DISTRIBUTION_POINTS

#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)

Definition at line 133 of file x509.h.

◆ EXT_EXTENDED_KEY_USAGE

#define EXT_EXTENDED_KEY_USAGE   (1 << 11) /* Parsed but not used */

Definition at line 132 of file x509.h.

◆ EXT_FRESHEST_CRL

#define EXT_FRESHEST_CRL   (1 << 14)

Definition at line 135 of file x509.h.

◆ EXT_INIHIBIT_ANYPOLICY

#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)

Definition at line 134 of file x509.h.

◆ EXT_ISSUER_ALT_NAME

#define EXT_ISSUER_ALT_NAME   (1 << 6)

Definition at line 127 of file x509.h.

◆ EXT_KEY_USAGE

#define EXT_KEY_USAGE   (1 << 2) /* Parsed but not used */

Definition at line 123 of file x509.h.

◆ EXT_NAME_CONSTRAINTS

#define EXT_NAME_CONSTRAINTS   (1 << 9)

Definition at line 130 of file x509.h.

◆ EXT_NS_CERT_TYPE

#define EXT_NS_CERT_TYPE   (1 << 16) /* Parsed (and then ?) */

Definition at line 137 of file x509.h.

◆ EXT_POLICY_CONSTRAINTS

#define EXT_POLICY_CONSTRAINTS   (1 << 10)

Definition at line 131 of file x509.h.

◆ EXT_POLICY_MAPPINGS

#define EXT_POLICY_MAPPINGS   (1 << 4)

Definition at line 125 of file x509.h.

◆ EXT_SUBJECT_ALT_NAME

#define EXT_SUBJECT_ALT_NAME   (1 << 5) /* Supported (DNS) */

Definition at line 126 of file x509.h.

◆ EXT_SUBJECT_DIRECTORY_ATTRS

#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)

Definition at line 128 of file x509.h.

◆ EXT_SUBJECT_KEY_IDENTIFIER

#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)

Definition at line 122 of file x509.h.

◆ KU_CRL_SIGN

#define KU_CRL_SIGN   (0x02) /* bit 6 */

Definition at line 99 of file x509.h.

◆ KU_DATA_ENCIPHERMENT

#define KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */

Definition at line 96 of file x509.h.

◆ KU_DIGITAL_SIGNATURE

#define KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */

Definition at line 93 of file x509.h.

◆ KU_KEY_AGREEMENT

#define KU_KEY_AGREEMENT   (0x08) /* bit 4 */

Definition at line 97 of file x509.h.

◆ KU_KEY_CERT_SIGN

#define KU_KEY_CERT_SIGN   (0x04) /* bit 5 */

Definition at line 98 of file x509.h.

◆ KU_KEY_ENCIPHERMENT

#define KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */

Definition at line 95 of file x509.h.

◆ KU_NON_REPUDIATION

#define KU_NON_REPUDIATION   (0x40) /* bit 1 */

Definition at line 94 of file x509.h.

◆ NS_CERT_TYPE_EMAIL

#define NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */

Definition at line 108 of file x509.h.

◆ NS_CERT_TYPE_EMAIL_CA

#define NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */

Definition at line 112 of file x509.h.

◆ NS_CERT_TYPE_OBJECT_SIGNING

#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */

Definition at line 109 of file x509.h.

◆ NS_CERT_TYPE_OBJECT_SIGNING_CA

#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */

Definition at line 113 of file x509.h.

◆ NS_CERT_TYPE_RESERVED

#define NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */

Definition at line 110 of file x509.h.

◆ NS_CERT_TYPE_SSL_CA

#define NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */

Definition at line 111 of file x509.h.

◆ NS_CERT_TYPE_SSL_CLIENT

#define NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */

Definition at line 106 of file x509.h.

◆ NS_CERT_TYPE_SSL_SERVER

#define NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */

Definition at line 107 of file x509.h.

◆ POLARSSL_ERR_X509_BAD_INPUT_DATA

#define POLARSSL_ERR_X509_BAD_INPUT_DATA   -0x2800

Input invalid.

Definition at line 67 of file x509.h.

◆ POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT

#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780

Format not recognized as DER or PEM.

Definition at line 66 of file x509.h.

◆ POLARSSL_ERR_X509_CERT_VERIFY_FAILED

#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2700

Certificate verification failed, e.g.

CRL, CA or signature check failed.

Definition at line 65 of file x509.h.

◆ POLARSSL_ERR_X509_FEATURE_UNAVAILABLE

#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080

Unavailable feature, e.g.

RSA hashing/encryption combination.

Definition at line 52 of file x509.h.

◆ POLARSSL_ERR_X509_FILE_IO_ERROR

#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2900

Read/write of file failed.

Definition at line 69 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_ALG

#define POLARSSL_ERR_X509_INVALID_ALG   -0x2300

The algorithm tag or value is invalid.

Definition at line 57 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_DATE

#define POLARSSL_ERR_X509_INVALID_DATE   -0x2400

The date tag or value is invalid.

Definition at line 59 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_EXTENSIONS

#define POLARSSL_ERR_X509_INVALID_EXTENSIONS   -0x2500

The extension tag or value is invalid.

Definition at line 61 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_FORMAT

#define POLARSSL_ERR_X509_INVALID_FORMAT   -0x2180

The CRT/CRL/CSR format is invalid, e.g.

different type expected.

Definition at line 54 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_NAME

#define POLARSSL_ERR_X509_INVALID_NAME   -0x2380

The name tag or value is invalid.

Definition at line 58 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_SERIAL

#define POLARSSL_ERR_X509_INVALID_SERIAL   -0x2280

The serial tag or value is invalid.

Definition at line 56 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_SIGNATURE

#define POLARSSL_ERR_X509_INVALID_SIGNATURE   -0x2480

The signature tag or value invalid.

Definition at line 60 of file x509.h.

◆ POLARSSL_ERR_X509_INVALID_VERSION

#define POLARSSL_ERR_X509_INVALID_VERSION   -0x2200

The CRT/CRL/CSR version element is invalid.

Definition at line 55 of file x509.h.

◆ POLARSSL_ERR_X509_MALLOC_FAILED

#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2880

Allocation of memory failed.

Definition at line 68 of file x509.h.

◆ POLARSSL_ERR_X509_SIG_MISMATCH

#define POLARSSL_ERR_X509_SIG_MISMATCH   -0x2680

Signature algorithms do not match.

(see x509_crt sig_oid)

Definition at line 64 of file x509.h.

◆ POLARSSL_ERR_X509_UNKNOWN_OID

#define POLARSSL_ERR_X509_UNKNOWN_OID   -0x2100

Requested OID is unknown.

Definition at line 53 of file x509.h.

◆ POLARSSL_ERR_X509_UNKNOWN_SIG_ALG

#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG   -0x2600

Signature algorithm (oid) is unsupported.

Definition at line 63 of file x509.h.

◆ POLARSSL_ERR_X509_UNKNOWN_VERSION

#define POLARSSL_ERR_X509_UNKNOWN_VERSION   -0x2580

CRT/CRL/CSR has an unsupported version number.

Definition at line 62 of file x509.h.

◆ X509_CRT_VERSION_1

#define X509_CRT_VERSION_1   0

Definition at line 102 of file x509_crt.h.

◆ X509_CRT_VERSION_2

#define X509_CRT_VERSION_2   1

Definition at line 103 of file x509_crt.h.

◆ X509_CRT_VERSION_3

#define X509_CRT_VERSION_3   2

Definition at line 104 of file x509_crt.h.

◆ X509_FORMAT_DER

#define X509_FORMAT_DER   1

Definition at line 143 of file x509.h.

◆ X509_FORMAT_PEM

#define X509_FORMAT_PEM   2

Definition at line 144 of file x509.h.

◆ X509_MAX_DN_NAME_SIZE

#define X509_MAX_DN_NAME_SIZE   256

Maximum value size of a DN entry.

Definition at line 146 of file x509.h.

◆ X509_RFC5280_MAX_SERIAL_LEN

#define X509_RFC5280_MAX_SERIAL_LEN   32

Definition at line 106 of file x509_crt.h.

◆ X509_RFC5280_UTC_TIME_LEN

#define X509_RFC5280_UTC_TIME_LEN   15

Definition at line 107 of file x509_crt.h.

Typedef Documentation

◆ x509_bitstring

typedef asn1_bitstring x509_bitstring

Container for ASN1 bit strings.

Definition at line 169 of file x509.h.

◆ x509_buf

typedef asn1_buf x509_buf

Type-length-value structure that allows for ASN1 using DER.

Definition at line 164 of file x509.h.

◆ x509_crl

typedef struct _x509_crl x509_crl

Certificate revocation list structure.

Every CRL may have multiple entries.

◆ x509_crl_entry

typedef struct _x509_crl_entry x509_crl_entry

Certificate revocation list entry.

Contains the CA-specific serial numbers and revocation dates.

◆ x509_crt

typedef struct _x509_crt x509_crt

Container for an X.509 certificate.

The certificate may be chained.

◆ x509_csr

typedef struct _x509_csr x509_csr

Certificate Signing Request (CSR) structure.

◆ x509_name

typedef asn1_named_data x509_name

Container for ASN1 named information objects.

It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).

Definition at line 175 of file x509.h.

◆ x509_sequence

typedef asn1_sequence x509_sequence

Container for a sequence of ASN.1 items.

Definition at line 180 of file x509.h.

◆ x509_time

typedef struct _x509_time x509_time

Container for date and time (precision in seconds).

◆ x509write_cert

typedef struct _x509write_cert x509write_cert

Container for writing a certificate (CRT)

◆ x509write_csr

typedef struct _x509write_csr x509write_csr

Container for writing a CSR.

Function Documentation

◆ dhm_parse_dhm()

int dhm_parse_dhm ( dhm_context dhm,
const unsigned char *  dhmin,
size_t  dhminlen 
)

Parse DHM parameters.

Parameters
dhmDHM context to be initialized
dhmininput buffer
dhminlensize of the buffer
Returns
0 if successful, or a specific DHM or PEM error code

◆ dhm_parse_dhmfile()

int dhm_parse_dhmfile ( dhm_context dhm,
const char *  path 
)

Load and parse DHM parameters.

Parameters
dhmDHM context to be initialized
pathfilename to read the DHM Parameters from
Returns
0 if successful, or a specific DHM or PEM error code

◆ x509_crl_free()

void x509_crl_free ( x509_crl crl)

Unallocate all CRL data.

Parameters
crlCRL chain to free

◆ x509_crl_info()

int x509_crl_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_crl crl 
)

Returns an informational string about the CRL.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crlThe X509 CRL to represent
Returns
The amount of data written to the buffer, or -1 in case of an error.

Referenced by x509parse_crl_info().

◆ x509_crl_init()

void x509_crl_init ( x509_crl crl)

Initialize a CRL (chain)

Parameters
crlCRL chain to initialize

◆ x509_crl_parse()

int x509_crl_parse ( x509_crl chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse one or more CRLs and add them to the chained list.

Parameters
chainpoints to the start of the chain
bufbuffer holding the CRL data
buflensize of the buffer
Returns
0 if successful, or a specific X509 or PEM error code

Referenced by x509parse_crl().

◆ x509_crl_parse_file()

int x509_crl_parse_file ( x509_crl chain,
const char *  path 
)

Load one or more CRLs and add them to the chained list.

Parameters
chainpoints to the start of the chain
pathfilename to read the CRLs from
Returns
0 if successful, or a specific X509 or PEM error code

Referenced by x509parse_crlfile().

◆ x509_crt_check_extended_key_usage()

int x509_crt_check_extended_key_usage ( const x509_crt crt,
const char *  usage_oid,
size_t  usage_len 
)

Check usage of certificate against extentedJeyUsage.

Parameters
crtLeaf certificate used.
usage_oidIntended usage (eg OID_SERVER_AUTH or OID_CLIENT_AUTH).
usage_lenLength of usage_oid (eg given by OID_SIZE()).
Returns
0 is this use of the certificate is allowed, POLARSSL_ERR_X509_BAD_INPUT_DATA if not.
Note
Usually only makes sense on leaf certificates.

◆ x509_crt_check_key_usage()

int x509_crt_check_key_usage ( const x509_crt crt,
int  usage 
)

Check usage of certificate against keyUsage extension.

Parameters
crtLeaf certificate used.
usageIntended usage(s) (eg KU_KEY_ENCIPHERMENT before using the certificate to perform an RSA key exchange).
Returns
0 is these uses of the certificate are allowed, POLARSSL_ERR_X509_BAD_INPUT_DATA if the keyUsage extension is present but does not contain all the bits set in the usage argument.
Note
You should only call this function on leaf certificates, on (intermediate) CAs the keyUsage extension is automatically checked by x509_crt_verify().

◆ x509_crt_free()

void x509_crt_free ( x509_crt crt)

Unallocate all certificate data.

Parameters
crtCertificate chain to free

Referenced by x509_free().

◆ x509_crt_info()

int x509_crt_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_crt crt 
)

Returns an informational string about the certificate.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crtThe X509 certificate to represent
Returns
The amount of data written to the buffer, or -1 in case of an error.

Referenced by x509parse_cert_info().

◆ x509_crt_init()

void x509_crt_init ( x509_crt crt)

Initialize a certificate (chain)

Parameters
crtCertificate chain to initialize

◆ x509_crt_parse()

int x509_crt_parse ( x509_crt chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse one or more certificates and add them to the chained list.

Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters
chainpoints to the start of the chain
bufbuffer holding the certificate data
buflensize of the buffer
Returns
0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

Referenced by x509parse_crt().

◆ x509_crt_parse_der()

int x509_crt_parse_der ( x509_crt chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse a single DER formatted certificate and add it to the chained list.

Parameters
chainpoints to the start of the chain
bufbuffer holding the certificate DER data
buflensize of the buffer
Returns
0 if successful, or a specific X509 or PEM error code

Referenced by x509parse_crt_der().

◆ x509_crt_parse_file()

int x509_crt_parse_file ( x509_crt chain,
const char *  path 
)

Load one or more certificates and add them to the chained list.

Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters
chainpoints to the start of the chain
pathfilename to read the certificates from
Returns
0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

Referenced by x509parse_crtfile().

◆ x509_crt_parse_path()

int x509_crt_parse_path ( x509_crt chain,
const char *  path 
)

Load one or more certificate files from a path and add them to the chained list.

Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Warning
This function is NOT thread-safe unless POLARSSL_THREADING_PTHREADS is defined. If you're using an alternative threading implementation, you should either use this function only in the main thread, or mutex it.
Parameters
chainpoints to the start of the chain
pathdirectory / folder to read the certificate files from
Returns
0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

Referenced by x509parse_crtpath().

◆ x509_crt_revoked()

int x509_crt_revoked ( const x509_crt crt,
const x509_crl crl 
)

Verify the certificate revocation status.

Parameters
crta certificate to be verified
crlthe CRL to verify against
Returns
1 if the certificate is revoked, 0 otherwise

Referenced by x509parse_revoked().

◆ x509_crt_verify()

int x509_crt_verify ( x509_crt crt,
x509_crt trust_ca,
x509_crl ca_crl,
const char *  cn,
int *  flags,
int(*)(void *, x509_crt *, int, int *)  f_vrfy,
void *  p_vrfy 
)

Verify the certificate signature. 

            The verify callback is a user-supplied callback that
            can clear / modify / add flags for a certificate. If set,
            the verification callback is called for each
            certificate in the chain (from the trust-ca down to the
            presented crt). The parameters for the callback are:
            (void *parameter, x509_crt *crt, int certificate_depth,
            int *flags). With the flags representing current flags for
            that specific certificate and the certificate depth from
            the bottom (Peer cert depth = 0).

            All flags left after returning from the callback
            are also returned to the application. The function should
            return 0 for anything but a fatal error.
Parameters
crta certificate to be verified
trust_cathe trusted CA chain
ca_crlthe CRL chain for trusted CA's
cnexpected Common Name (can be set to NULL if the CN must not be verified)
flagsresult of the verification
f_vrfyverification function
p_vrfyverification parameter
Returns
0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED, in which case *flags will have one or more of the following values set: BADCERT_EXPIRED – BADCERT_REVOKED – BADCERT_CN_MISMATCH – BADCERT_NOT_TRUSTED or another error in case of a fatal error encountered during the verification process.

Referenced by x509parse_verify().

◆ x509_csr_free()

void x509_csr_free ( x509_csr csr)

Unallocate all CSR data.

Parameters
csrCSR to free

◆ x509_csr_info()

int x509_csr_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_csr csr 
)

Returns an informational string about the CSR.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
csrThe X509 CSR to represent
Returns
The length of the string written (exluding the terminating null byte), or a negative value in case of an error.

Referenced by x509parse_csr_info().

◆ x509_csr_init()

void x509_csr_init ( x509_csr csr)

Initialize a CSR.

Parameters
csrCSR to initialize

◆ x509_csr_parse()

int x509_csr_parse ( x509_csr csr,
const unsigned char *  buf,
size_t  buflen 
)

Load a Certificate Signing Request (CSR), DER or PEM format.

Parameters
csrCSR context to fill
bufbuffer holding the CRL data
buflensize of the buffer
Returns
0 if successful, or a specific X509 or PEM error code

Referenced by x509parse_csr().

◆ x509_csr_parse_der()

int x509_csr_parse_der ( x509_csr csr,
const unsigned char *  buf,
size_t  buflen 
)

Load a Certificate Signing Request (CSR) in DER format.

Parameters
csrCSR context to fill
bufbuffer holding the CRL data
buflensize of the buffer
Returns
0 if successful, or a specific X509 error code

◆ x509_csr_parse_file()

int x509_csr_parse_file ( x509_csr csr,
const char *  path 
)

Load a Certificate Signing Request (CSR)

Parameters
csrCSR context to fill
pathfilename to read the CSR from
Returns
0 if successful, or a specific X509 or PEM error code

Referenced by x509parse_csrfile().

◆ x509_dn_gets()

int x509_dn_gets ( char *  buf,
size_t  size,
const x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns
The amount of data written to the buffer, or -1 in case of an error.

Referenced by x509parse_dn_gets().

◆ x509_get_alg()

int x509_get_alg ( unsigned char **  p,
const unsigned char *  end,
x509_buf alg,
x509_buf params 
)

◆ x509_get_alg_null()

int x509_get_alg_null ( unsigned char **  p,
const unsigned char *  end,
x509_buf alg 
)

◆ x509_get_ext()

int x509_get_ext ( unsigned char **  p,
const unsigned char *  end,
x509_buf ext,
int  tag 
)

◆ x509_get_name()

int x509_get_name ( unsigned char **  p,
const unsigned char *  end,
x509_name cur 
)

◆ x509_get_rsassa_pss_params()

int x509_get_rsassa_pss_params ( const x509_buf params,
md_type_t md_alg,
md_type_t mgf_md,
int *  salt_len 
)

◆ x509_get_serial()

int x509_get_serial ( unsigned char **  p,
const unsigned char *  end,
x509_buf serial 
)

◆ x509_get_sig()

int x509_get_sig ( unsigned char **  p,
const unsigned char *  end,
x509_buf sig 
)

◆ x509_get_sig_alg()

int x509_get_sig_alg ( const x509_buf sig_oid,
const x509_buf sig_params,
md_type_t md_alg,
pk_type_t pk_alg,
void **  sig_opts 
)

◆ x509_get_time()

int x509_get_time ( unsigned char **  p,
const unsigned char *  end,
x509_time time 
)

◆ x509_key_size_helper()

int x509_key_size_helper ( char *  buf,
size_t  size,
const char *  name 
)

◆ x509_load_file()

int x509_load_file ( const char *  path,
unsigned char **  buf,
size_t *  n 
)

◆ x509_oid_get_description()

const char * x509_oid_get_description ( x509_buf oid)

Give an known OID, return its descriptive string.

(Deprecated. Use oid_get_extended_key_usage() instead.) Warning: only works for extended_key_usage OIDs!

Parameters
oidbuffer containing the oid
Returns
Return a string if the OID is known, or NULL otherwise.

◆ x509_oid_get_numeric_string()

int x509_oid_get_numeric_string ( char *  buf,
size_t  size,
x509_buf oid 
)

Give an OID, return a string version of its OID number.

(Deprecated. Use oid_get_numeric_string() instead)

Parameters
bufBuffer to write to
sizeMaximum size of buffer
oidBuffer containing the OID
Returns
Length of the string written (excluding final NULL) or POLARSSL_ERR_OID_BUF_TO_SMALL in case of error

◆ x509_self_test()

int x509_self_test ( int  verbose)

Checkup routine.

Returns
0 if successful, or 1 if the test failed

◆ x509_serial_gets()

int x509_serial_gets ( char *  buf,
size_t  size,
const x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns
The amount of data written to the buffer, or -1 in case of an error.

Referenced by x509parse_serial_gets().

◆ x509_set_extension()

int x509_set_extension ( asn1_named_data **  head,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)

◆ x509_sig_alg_gets()

int x509_sig_alg_gets ( char *  buf,
size_t  size,
const x509_buf sig_oid,
pk_type_t  pk_alg,
md_type_t  md_alg,
const void *  sig_opts 
)

◆ x509_string_to_names()

int x509_string_to_names ( asn1_named_data **  head,
const char *  name 
)

◆ x509_time_expired()

int x509_time_expired ( const x509_time time)

Check a given x509_time against the system time and check if it is not expired.

Parameters
timex509_time to check
Returns
0 if the x509_time is still valid, 1 otherwise.

Referenced by x509parse_time_expired().

◆ x509_time_future()

int x509_time_future ( const x509_time time)

Check a given x509_time against the system time and check if it is not from the future.

Parameters
timex509_time to check
Returns
0 if the x509_time is already valid, 1 otherwise.

◆ x509_write_extensions()

int x509_write_extensions ( unsigned char **  p,
unsigned char *  start,
asn1_named_data first 
)

◆ x509_write_names()

int x509_write_names ( unsigned char **  p,
unsigned char *  start,
asn1_named_data first 
)

◆ x509_write_sig()

int x509_write_sig ( unsigned char **  p,
unsigned char *  start,
const char *  oid,
size_t  oid_len,
unsigned char *  sig,
size_t  size 
)

◆ x509write_crt_der()

int x509write_crt_der ( x509write_cert ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters
ctxcertificate to write away
bufbuffer to write to
sizesize of the buffer
f_rngRNG function (for signature, see note)
p_rngRNG parameter
Returns
length of data written if successful, or a specific error code
Note
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

◆ x509write_crt_free()

void x509write_crt_free ( x509write_cert ctx)

Free the contents of a CRT write context.

Parameters
ctxCRT context to free

◆ x509write_crt_init()

void x509write_crt_init ( x509write_cert ctx)

Initialize a CRT writing context.

Parameters
ctxCRT context to initialize

◆ x509write_crt_pem()

int x509write_crt_pem ( x509write_cert ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a built up certificate to a X509 PEM string.

Parameters
ctxcertificate to write away
bufbuffer to write to
sizesize of the buffer
f_rngRNG function (for signature, see note)
p_rngRNG parameter
Returns
0 successful, or a specific error code
Note
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

◆ x509write_crt_set_authority_key_identifier()

int x509write_crt_set_authority_key_identifier ( x509write_cert ctx)

Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has been called before.

Parameters
ctxCRT context to use
Returns
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_crt_set_basic_constraints()

int x509write_crt_set_basic_constraints ( x509write_cert ctx,
int  is_ca,
int  max_pathlen 
)

Set the basicConstraints extension for a CRT.

Parameters
ctxCRT context to use
is_cais this a CA certificate
max_pathlenmaximum length of certificate chains below this certificate (only for CA certificates, -1 is inlimited)
Returns
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_crt_set_extension()

int x509write_crt_set_extension ( x509write_cert ctx,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)

Generic function to add to or replace an extension in the CRT.

Parameters
ctxCRT context to use
oidOID of the extension
oid_lenlength of the OID
criticalif the extension is critical (per the RFC's definition)
valvalue of the extension OCTET STRING
val_lenlength of the value data
Returns
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_crt_set_issuer_key()

void x509write_crt_set_issuer_key ( x509write_cert ctx,
pk_context key 
)

Set the issuer key used for signing the certificate.

Parameters
ctxCRT context to use
keyprivate key to sign with

◆ x509write_crt_set_issuer_name()

int x509write_crt_set_issuer_name ( x509write_cert ctx,
const char *  issuer_name 
)

Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL CA"

Parameters
ctxCRT context to use
issuer_nameissuer name to set
Returns
0 if issuer name was parsed successfully, or a specific error code

◆ x509write_crt_set_key_usage()

int x509write_crt_set_key_usage ( x509write_cert ctx,
unsigned char  key_usage 
)

Set the Key Usage Extension flags (e.g.

KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)

Parameters
ctxCRT context to use
key_usagekey usage flags to set
Returns
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_crt_set_md_alg()

void x509write_crt_set_md_alg ( x509write_cert ctx,
md_type_t  md_alg 
)

Set the MD algorithm to use for the signature (e.g.

POLARSSL_MD_SHA1)

Parameters
ctxCRT context to use
md_algMD algorithm to use

◆ x509write_crt_set_ns_cert_type()

int x509write_crt_set_ns_cert_type ( x509write_cert ctx,
unsigned char  ns_cert_type 
)

Set the Netscape Cert Type flags (e.g.

NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)

Parameters
ctxCRT context to use
ns_cert_typeNetscape Cert Type flags to set
Returns
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_crt_set_serial()

int x509write_crt_set_serial ( x509write_cert ctx,
const mpi serial 
)

Set the serial number for a Certificate.

Parameters
ctxCRT context to use
serialserial number to set
Returns
0 if successful

◆ x509write_crt_set_subject_key()

void x509write_crt_set_subject_key ( x509write_cert ctx,
pk_context key 
)

Set the subject public key for the certificate.

Parameters
ctxCRT context to use
keypublic key to include

◆ x509write_crt_set_subject_key_identifier()

int x509write_crt_set_subject_key_identifier ( x509write_cert ctx)

Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has been called before.

Parameters
ctxCRT context to use
Returns
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_crt_set_subject_name()

int x509write_crt_set_subject_name ( x509write_cert ctx,
const char *  subject_name 
)

Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL Server 1"

Parameters
ctxCRT context to use
subject_namesubject name to set
Returns
0 if subject name was parsed successfully, or a specific error code

◆ x509write_crt_set_validity()

int x509write_crt_set_validity ( x509write_cert ctx,
const char *  not_before,
const char *  not_after 
)

Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e.

"YYYYMMDDhhmmss" e.g. "20131231235959" for December 31st 2013 at 23:59:59

Parameters
ctxCRT context to use
not_beforenot_before timestamp
not_afternot_after timestamp
Returns
0 if timestamp was parsed successfully, or a specific error code

◆ x509write_crt_set_version()

void x509write_crt_set_version ( x509write_cert ctx,
int  version 
)

Set the verion for a Certificate Default: X509_CRT_VERSION_3.

Parameters
ctxCRT context to use
versionversion to set (X509_CRT_VERSION_1, X509_CRT_VERSION_2 or X509_CRT_VERSION_3)

◆ x509write_csr_der()

int x509write_csr_der ( x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters
ctxCSR to write away
bufbuffer to write to
sizesize of the buffer
f_rngRNG function (for signature, see note)
p_rngRNG parameter
Returns
length of data written if successful, or a specific error code
Note
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

◆ x509write_csr_free()

void x509write_csr_free ( x509write_csr ctx)

Free the contents of a CSR context.

Parameters
ctxCSR context to free

◆ x509write_csr_init()

void x509write_csr_init ( x509write_csr ctx)

Initialize a CSR context.

Parameters
ctxCSR context to initialize

◆ x509write_csr_pem()

int x509write_csr_pem ( x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a PEM string.

Parameters
ctxCSR to write away
bufbuffer to write to
sizesize of the buffer
f_rngRNG function (for signature, see note)
p_rngRNG parameter
Returns
0 successful, or a specific error code
Note
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for couermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

◆ x509write_csr_set_extension()

int x509write_csr_set_extension ( x509write_csr ctx,
const char *  oid,
size_t  oid_len,
const unsigned char *  val,
size_t  val_len 
)

Generic function to add to or replace an extension in the CSR.

Parameters
ctxCSR context to use
oidOID of the extension
oid_lenlength of the OID
valvalue of the extension OCTET STRING
val_lenlength of the value data
Returns
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_csr_set_key()

void x509write_csr_set_key ( x509write_csr ctx,
pk_context key 
)

Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it)

Parameters
ctxCSR context to use
keyAsymetric key to include

◆ x509write_csr_set_key_usage()

int x509write_csr_set_key_usage ( x509write_csr ctx,
unsigned char  key_usage 
)

Set the Key Usage Extension flags (e.g.

KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)

Parameters
ctxCSR context to use
key_usagekey usage flags to set
Returns
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_csr_set_md_alg()

void x509write_csr_set_md_alg ( x509write_csr ctx,
md_type_t  md_alg 
)

Set the MD algorithm to use for the signature (e.g.

POLARSSL_MD_SHA1)

Parameters
ctxCSR context to use
md_algMD algorithm to use

◆ x509write_csr_set_ns_cert_type()

int x509write_csr_set_ns_cert_type ( x509write_csr ctx,
unsigned char  ns_cert_type 
)

Set the Netscape Cert Type flags (e.g.

NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)

Parameters
ctxCSR context to use
ns_cert_typeNetscape Cert Type flags to set
Returns
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

◆ x509write_csr_set_subject_name()

int x509write_csr_set_subject_name ( x509write_csr ctx,
const char *  subject_name 
)

Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL Server 1"

Parameters
ctxCSR context to use
subject_namesubject name to set
Returns
0 if subject name was parsed successfully, or a specific error code

Variable Documentation

◆ ca_istrue

int _x509_crt::ca_istrue

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

Definition at line 83 of file x509_crt.h.

◆ cri

x509_buf _x509_csr::cri

The raw CertificateRequestInfo body (DER).

Definition at line 57 of file x509_csr.h.

◆ crl_ext

x509_buf _x509_crl::crl_ext

Definition at line 90 of file x509_crl.h.

◆ day

int _x509_time::day

Date.

Definition at line 185 of file x509.h.

◆ entry

x509_crl_entry _x509_crl::entry

The CRL entries containing the certificate revocation times for this CA.

Definition at line 88 of file x509_crl.h.

◆ entry_ext

x509_buf _x509_crl_entry::entry_ext

Definition at line 63 of file x509_crl.h.

◆ ext_key_usage

x509_sequence _x509_crt::ext_key_usage

Optional list of extended key usage OIDs.

Definition at line 88 of file x509_crt.h.

◆ ext_types

int _x509_crt::ext_types

Bit string containing detected and parsed extensions.

Definition at line 82 of file x509_crt.h.

◆ extensions [1/2]

asn1_named_data* _x509write_cert::extensions

Definition at line 123 of file x509_crt.h.

◆ extensions [2/2]

asn1_named_data* _x509write_csr::extensions

Definition at line 82 of file x509_csr.h.

◆ hour

int _x509_time::hour

Definition at line 186 of file x509.h.

◆ issuer [1/3]

x509_name _x509_crl::issuer

The parsed issuer data (named information object).

Definition at line 83 of file x509_crl.h.

◆ issuer [2/3]

x509_name _x509_crt::issuer

The parsed issuer data (named information object).

Definition at line 69 of file x509_crt.h.

◆ issuer [3/3]

asn1_named_data* _x509write_cert::issuer

Definition at line 119 of file x509_crt.h.

◆ issuer_id

x509_buf _x509_crt::issuer_id

Optional X.509 v2/v3 issuer unique identifier.

Definition at line 77 of file x509_crt.h.

◆ issuer_key

pk_context* _x509write_cert::issuer_key

Definition at line 117 of file x509_crt.h.

◆ issuer_raw [1/2]

x509_buf _x509_crl::issuer_raw

The raw issuer data (DER).

Definition at line 81 of file x509_crl.h.

◆ issuer_raw [2/2]

x509_buf _x509_crt::issuer_raw

The raw issuer data (DER).

Used for quick comparison.

Definition at line 66 of file x509_crt.h.

◆ key

pk_context* _x509write_csr::key

Definition at line 79 of file x509_csr.h.

◆ key_usage

unsigned char _x509_crt::key_usage

Optional key usage extension value: See the values in x509.h.

Definition at line 86 of file x509_crt.h.

◆ max_pathlen

int _x509_crt::max_pathlen

Optional Basic Constraint extension value: The maximum path length to the root certificate.

Path length is 1 higher than RFC 5280 'meaning', so 1+

Definition at line 84 of file x509_crt.h.

◆ md_alg [1/2]

md_type_t _x509write_cert::md_alg

Definition at line 120 of file x509_crt.h.

◆ md_alg [2/2]

md_type_t _x509write_csr::md_alg

Definition at line 81 of file x509_csr.h.

◆ min

int _x509_time::min

Definition at line 186 of file x509.h.

◆ mon

int _x509_time::mon

Definition at line 185 of file x509.h.

◆ next [1/3]

struct _x509_crl_entry* _x509_crl_entry::next

Definition at line 65 of file x509_crl.h.

◆ next [2/3]

struct _x509_crl* _x509_crl::next

Definition at line 98 of file x509_crl.h.

◆ next [3/3]

struct _x509_crt* _x509_crt::next

Next certificate in the CA-chain.

Definition at line 98 of file x509_crt.h.

◆ next_update

x509_time _x509_crl::next_update

Definition at line 86 of file x509_crl.h.

◆ not_after

char _x509write_cert::not_after[X509_RFC5280_UTC_TIME_LEN+1]

Definition at line 122 of file x509_crt.h.

◆ not_before

char _x509write_cert::not_before[X509_RFC5280_UTC_TIME_LEN+1]

Definition at line 121 of file x509_crt.h.

◆ ns_cert_type

unsigned char _x509_crt::ns_cert_type

Optional Netscape certificate type extension value: See the values in x509.h.

Definition at line 90 of file x509_crt.h.

◆ pk [1/2]

pk_context _x509_crt::pk

Container for the public key context.

Definition at line 75 of file x509_crt.h.

◆ pk [2/2]

pk_context _x509_csr::pk

Container for the public key context.

Definition at line 64 of file x509_csr.h.

◆ raw [1/4]

x509_buf _x509_crl_entry::raw

Definition at line 57 of file x509_crl.h.

◆ raw [2/4]

x509_buf _x509_crl::raw

The raw certificate data (DER).

Definition at line 75 of file x509_crl.h.

◆ raw [3/4]

x509_buf _x509_crt::raw

The raw certificate data (DER).

Definition at line 59 of file x509_crt.h.

◆ raw [4/4]

x509_buf _x509_csr::raw

The raw CSR data (DER).

Definition at line 56 of file x509_csr.h.

◆ revocation_date

x509_time _x509_crl_entry::revocation_date

Definition at line 61 of file x509_crl.h.

◆ sec

int _x509_time::sec

Time.

Definition at line 186 of file x509.h.

◆ serial [1/3]

x509_buf _x509_crl_entry::serial

Definition at line 59 of file x509_crl.h.

◆ serial [2/3]

x509_buf _x509_crt::serial

Unique id for certificate issued by a specific CA.

Definition at line 63 of file x509_crt.h.

◆ serial [3/3]

mpi _x509write_cert::serial

Definition at line 115 of file x509_crt.h.

◆ sig [1/3]

x509_buf _x509_crl::sig

Definition at line 93 of file x509_crl.h.

◆ sig [2/3]

x509_buf _x509_crt::sig

Signature: hash of the tbs part signed with the private key.

Definition at line 93 of file x509_crt.h.

◆ sig [3/3]

x509_buf _x509_csr::sig

Definition at line 67 of file x509_csr.h.

◆ sig_md [1/3]

md_type_t _x509_crl::sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g.

POLARSSL_MD_SHA256

Definition at line 94 of file x509_crl.h.

◆ sig_md [2/3]

md_type_t _x509_crt::sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g.

POLARSSL_MD_SHA256

Definition at line 94 of file x509_crt.h.

◆ sig_md [3/3]

md_type_t _x509_csr::sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g.

POLARSSL_MD_SHA256

Definition at line 68 of file x509_csr.h.

◆ sig_oid

x509_buf _x509_csr::sig_oid

Definition at line 66 of file x509_csr.h.

◆ sig_oid1 [1/2]

x509_buf _x509_crl::sig_oid1

Definition at line 79 of file x509_crl.h.

◆ sig_oid1 [2/2]

x509_buf _x509_crt::sig_oid1

Signature algorithm, e.g.

sha1RSA

Definition at line 64 of file x509_crt.h.

◆ sig_oid2 [1/2]

x509_buf _x509_crl::sig_oid2

Definition at line 92 of file x509_crl.h.

◆ sig_oid2 [2/2]

x509_buf _x509_crt::sig_oid2

Signature algorithm.

Must match sig_oid1.

Definition at line 92 of file x509_crt.h.

◆ sig_opts [1/3]

void* _x509_crl::sig_opts

Signature options to be passed to pk_verify_ext(), e.g.

for RSASSA-PSS

Definition at line 96 of file x509_crl.h.

◆ sig_opts [2/3]

void* _x509_crt::sig_opts

Signature options to be passed to pk_verify_ext(), e.g.

for RSASSA-PSS

Definition at line 96 of file x509_crt.h.

◆ sig_opts [3/3]

void* _x509_csr::sig_opts

Signature options to be passed to pk_verify_ext(), e.g.

for RSASSA-PSS

Definition at line 70 of file x509_csr.h.

◆ sig_pk [1/3]

pk_type_t _x509_crl::sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

POLARSSL_PK_RSA

Definition at line 95 of file x509_crl.h.

◆ sig_pk [2/3]

pk_type_t _x509_crt::sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

POLARSSL_PK_RSA

Definition at line 95 of file x509_crt.h.

◆ sig_pk [3/3]

pk_type_t _x509_csr::sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

POLARSSL_PK_RSA

Definition at line 69 of file x509_csr.h.

◆ subject [1/4]

x509_name _x509_crt::subject

The parsed subject data (named information object).

Definition at line 70 of file x509_crt.h.

◆ subject [2/4]

asn1_named_data* _x509write_cert::subject

Definition at line 118 of file x509_crt.h.

◆ subject [3/4]

x509_name _x509_csr::subject

The parsed subject data (named information object).

Definition at line 62 of file x509_csr.h.

◆ subject [4/4]

asn1_named_data* _x509write_csr::subject

Definition at line 80 of file x509_csr.h.

◆ subject_alt_names

x509_sequence _x509_crt::subject_alt_names

Optional list of Subject Alternative Names (Only dNSName supported).

Definition at line 80 of file x509_crt.h.

◆ subject_id

x509_buf _x509_crt::subject_id

Optional X.509 v2/v3 subject unique identifier.

Definition at line 78 of file x509_crt.h.

◆ subject_key

pk_context* _x509write_cert::subject_key

Definition at line 116 of file x509_crt.h.

◆ subject_raw [1/2]

x509_buf _x509_crt::subject_raw

The raw subject data (DER).

Used for quick comparison.

Definition at line 67 of file x509_crt.h.

◆ subject_raw [2/2]

x509_buf _x509_csr::subject_raw

The raw subject data (DER).

Definition at line 61 of file x509_csr.h.

◆ tbs [1/2]

x509_buf _x509_crl::tbs

The raw certificate body (DER).

The part that is To Be Signed.

Definition at line 76 of file x509_crl.h.

◆ tbs [2/2]

x509_buf _x509_crt::tbs

The raw certificate body (DER).

The part that is To Be Signed.

Definition at line 60 of file x509_crt.h.

◆ this_update

x509_time _x509_crl::this_update

Definition at line 85 of file x509_crl.h.

◆ v3_ext

x509_buf _x509_crt::v3_ext

Optional X.509 v3 extensions.


Definition at line 79 of file x509_crt.h.

◆ valid_from

x509_time _x509_crt::valid_from

Start time of certificate validity.

Definition at line 72 of file x509_crt.h.

◆ valid_to

x509_time _x509_crt::valid_to

End time of certificate validity.

Definition at line 73 of file x509_crt.h.

◆ version [1/4]

int _x509_crl::version

CRL version (1=v1, 2=v2)

Definition at line 78 of file x509_crl.h.

◆ version [2/4]

int _x509_crt::version

The X.509 version.

(1=v1, 2=v2, 3=v3)

Definition at line 62 of file x509_crt.h.

◆ version [3/4]

int _x509write_cert::version

Definition at line 114 of file x509_crt.h.

◆ version [4/4]

int _x509_csr::version

CSR version (1=v1).

Definition at line 59 of file x509_csr.h.

◆ year

int _x509_time::year

Definition at line 185 of file x509.h.

Generated on Sat Jul 2 2022 03:36:48 for PolarSSL v1.3.9 by doxygen 1.9.3