49#ifndef MBEDTLS_X509_CRT_H
50#define MBEDTLS_X509_CRT_H
52#if !defined(MBEDTLS_CONFIG_FILE)
55#include MBEDTLS_CONFIG_FILE
126#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
142#define MBEDTLS_X509_CRT_VERSION_1 0
143#define MBEDTLS_X509_CRT_VERSION_2 1
144#define MBEDTLS_X509_CRT_VERSION_3 2
146#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
147#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
149#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
150#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
182#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
193#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
206 int fallback_signature_is_good;
209 int parent_is_trusted;
214 x509_crt_rs_find_parent,
228#if defined(MBEDTLS_X509_CRT_PARSE_C)
300#if defined(MBEDTLS_FS_IO)
493#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
516 unsigned int usage );
519#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
534 const char *usage_oid,
538#if defined(MBEDTLS_X509_CRL_PARSE_C)
565#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
581#if defined(MBEDTLS_X509_CRT_WRITE_C)
624 const char *not_after );
639 const char *issuer_name );
654 const char *subject_name );
695 const char *oid,
size_t oid_len,
697 const unsigned char *
val,
size_t val_len );
711 int is_ca,
int max_pathlen );
713#if defined(MBEDTLS_SHA1_C)
747 unsigned int key_usage );
759 unsigned char ns_cert_type );
789 int (*f_rng)(
void *,
unsigned char *,
size_t),
792#if defined(MBEDTLS_PEM_WRITE_C)
810 int (*f_rng)(
void *,
unsigned char *,
size_t),
static const WCHAR version[]
GLenum GLuint GLenum GLsizei const GLchar * buf
GLsizeiptr const GLvoid GLenum usage
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
mbedtls_x509_time valid_to
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_sequence subject_alt_names
void mbedtls_x509_crt_restart_ctx
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
mbedtls_pk_context * issuer_key
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
mbedtls_x509_buf issuer_id
mbedtls_asn1_named_data * issuer
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
mbedtls_x509_name subject
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
mbedtls_asn1_named_data * subject
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
mbedtls_x509_time valid_from
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
mbedtls_x509_buf subject_raw
mbedtls_pk_context * subject_key
mbedtls_x509_sequence ext_key_usage
struct mbedtls_x509_crt * next
mbedtls_asn1_named_data * extensions
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
mbedtls_x509_buf subject_id
unsigned char ns_cert_type
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature according to profile.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_buf issuer_raw
mbedtls_md_type_t
Supported message digests.
mbedtls_pk_type_t
Public key types.
X.509 generic defines and structures.
X.509 certificate revocation list parsing.