ReactOS 0.4.15-dev-7924-g5949c20
X509_module

Classes

struct  mbedtls_x509_time
 
struct  mbedtls_x509_crl_entry
 
struct  mbedtls_x509_crl
 
struct  mbedtls_x509_crt
 
struct  mbedtls_x509_crt_profile
 
struct  mbedtls_x509write_cert
 
struct  mbedtls_x509_crt_verify_chain_item
 
struct  mbedtls_x509_crt_verify_chain
 
struct  mbedtls_x509_csr
 
struct  mbedtls_x509write_csr
 

Macros

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
 
#define MBEDTLS_X509_SAFE_SNPRINTF
 

Functions

int mbedtls_dhm_parse_dhm (mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
 This function parses DHM parameters in PEM or DER format.
 
int mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written.
 
int mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written.
 
int mbedtls_x509_time_is_past (const mbedtls_x509_time *to)
 Check a given mbedtls_x509_time against the system time and tell if it's in the past.
 
int mbedtls_x509_time_is_future (const mbedtls_x509_time *from)
 Check a given mbedtls_x509_time against the system time and tell if it's in the future.
 
int mbedtls_x509_get_name (unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
 
int mbedtls_x509_get_alg_null (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg)
 
int mbedtls_x509_get_alg (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
 
int mbedtls_x509_get_rsassa_pss_params (const mbedtls_x509_buf *params, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, int *salt_len)
 
int mbedtls_x509_get_sig (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
 
int mbedtls_x509_get_sig_alg (const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
 
int mbedtls_x509_get_time (unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
 
int mbedtls_x509_get_serial (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
 
int mbedtls_x509_get_ext (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
 
int mbedtls_x509_sig_alg_gets (char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
 
int mbedtls_x509_key_size_helper (char *buf, size_t buf_size, const char *name)
 
int mbedtls_x509_string_to_names (mbedtls_asn1_named_data **head, const char *name)
 
int mbedtls_x509_set_extension (mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 
int mbedtls_x509_write_extensions (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
 
int mbedtls_x509_write_names (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
 
int mbedtls_x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
 

Variables

int mbedtls_x509_time::year
 
int mbedtls_x509_time::mon
 
int mbedtls_x509_time::day
 
int mbedtls_x509_time::hour
 
int mbedtls_x509_time::min
 
int mbedtls_x509_time::sec
 
mbedtls_x509_buf mbedtls_x509_crl_entry::raw
 
mbedtls_x509_buf mbedtls_x509_crl_entry::serial
 
mbedtls_x509_time mbedtls_x509_crl_entry::revocation_date
 
mbedtls_x509_buf mbedtls_x509_crl_entry::entry_ext
 
struct mbedtls_x509_crl_entrymbedtls_x509_crl_entry::next
 
mbedtls_x509_buf mbedtls_x509_crl::raw
 
mbedtls_x509_buf mbedtls_x509_crl::tbs
 
int mbedtls_x509_crl::version
 
mbedtls_x509_buf mbedtls_x509_crl::sig_oid
 
mbedtls_x509_buf mbedtls_x509_crl::issuer_raw
 
mbedtls_x509_name mbedtls_x509_crl::issuer
 
mbedtls_x509_time mbedtls_x509_crl::this_update
 
mbedtls_x509_time mbedtls_x509_crl::next_update
 
mbedtls_x509_crl_entry mbedtls_x509_crl::entry
 
mbedtls_x509_buf mbedtls_x509_crl::crl_ext
 
mbedtls_x509_buf mbedtls_x509_crl::sig_oid2
 
mbedtls_x509_buf mbedtls_x509_crl::sig
 
mbedtls_md_type_t mbedtls_x509_crl::sig_md
 
mbedtls_pk_type_t mbedtls_x509_crl::sig_pk
 
voidmbedtls_x509_crl::sig_opts
 
struct mbedtls_x509_crlmbedtls_x509_crl::next
 
mbedtls_x509_buf mbedtls_x509_crt::raw
 
mbedtls_x509_buf mbedtls_x509_crt::tbs
 
int mbedtls_x509_crt::version
 
mbedtls_x509_buf mbedtls_x509_crt::serial
 
mbedtls_x509_buf mbedtls_x509_crt::sig_oid
 
mbedtls_x509_buf mbedtls_x509_crt::issuer_raw
 
mbedtls_x509_buf mbedtls_x509_crt::subject_raw
 
mbedtls_x509_name mbedtls_x509_crt::issuer
 
mbedtls_x509_name mbedtls_x509_crt::subject
 
mbedtls_x509_time mbedtls_x509_crt::valid_from
 
mbedtls_x509_time mbedtls_x509_crt::valid_to
 
mbedtls_pk_context mbedtls_x509_crt::pk
 
mbedtls_x509_buf mbedtls_x509_crt::issuer_id
 
mbedtls_x509_buf mbedtls_x509_crt::subject_id
 
mbedtls_x509_buf mbedtls_x509_crt::v3_ext
 
mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names
 
int mbedtls_x509_crt::ext_types
 
int mbedtls_x509_crt::ca_istrue
 
int mbedtls_x509_crt::max_pathlen
 
unsigned int mbedtls_x509_crt::key_usage
 
mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage
 
unsigned char mbedtls_x509_crt::ns_cert_type
 
mbedtls_x509_buf mbedtls_x509_crt::sig
 
mbedtls_md_type_t mbedtls_x509_crt::sig_md
 
mbedtls_pk_type_t mbedtls_x509_crt::sig_pk
 
voidmbedtls_x509_crt::sig_opts
 
struct mbedtls_x509_crtmbedtls_x509_crt::next
 
uint32_t mbedtls_x509_crt_profile::allowed_mds
 
uint32_t mbedtls_x509_crt_profile::allowed_pks
 
uint32_t mbedtls_x509_crt_profile::allowed_curves
 
uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen
 
int mbedtls_x509write_cert::version
 
mbedtls_mpi mbedtls_x509write_cert::serial
 
mbedtls_pk_contextmbedtls_x509write_cert::subject_key
 
mbedtls_pk_contextmbedtls_x509write_cert::issuer_key
 
mbedtls_asn1_named_datambedtls_x509write_cert::subject
 
mbedtls_asn1_named_datambedtls_x509write_cert::issuer
 
mbedtls_md_type_t mbedtls_x509write_cert::md_alg
 
char mbedtls_x509write_cert::not_before [MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
 
char mbedtls_x509write_cert::not_after [MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
 
mbedtls_asn1_named_datambedtls_x509write_cert::extensions
 
mbedtls_x509_crtmbedtls_x509_crt_verify_chain_item::crt
 
uint32_t mbedtls_x509_crt_verify_chain_item::flags
 
mbedtls_x509_crt_verify_chain_item mbedtls_x509_crt_verify_chain::items [MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]
 
unsigned mbedtls_x509_crt_verify_chain::len
 
mbedtls_x509_buf mbedtls_x509_csr::raw
 
mbedtls_x509_buf mbedtls_x509_csr::cri
 
int mbedtls_x509_csr::version
 
mbedtls_x509_buf mbedtls_x509_csr::subject_raw
 
mbedtls_x509_name mbedtls_x509_csr::subject
 
mbedtls_pk_context mbedtls_x509_csr::pk
 
mbedtls_x509_buf mbedtls_x509_csr::sig_oid
 
mbedtls_x509_buf mbedtls_x509_csr::sig
 
mbedtls_md_type_t mbedtls_x509_csr::sig_md
 
mbedtls_pk_type_t mbedtls_x509_csr::sig_pk
 
voidmbedtls_x509_csr::sig_opts
 
mbedtls_pk_contextmbedtls_x509write_csr::key
 
mbedtls_asn1_named_datambedtls_x509write_csr::subject
 
mbedtls_md_type_t mbedtls_x509write_csr::md_alg
 
mbedtls_asn1_named_datambedtls_x509write_csr::extensions
 

Structures for parsing X.509 certificates, CRLs and CSRs

typedef mbedtls_asn1_buf mbedtls_x509_buf
 
typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring
 
typedef mbedtls_asn1_named_data mbedtls_x509_name
 
typedef mbedtls_asn1_sequence mbedtls_x509_sequence
 
typedef struct mbedtls_x509_time mbedtls_x509_time
 

Structures and functions for parsing CRLs

typedef struct mbedtls_x509_crl_entry mbedtls_x509_crl_entry
 
typedef struct mbedtls_x509_crl mbedtls_x509_crl
 
int mbedtls_x509_crl_parse_der (mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse a DER-encoded CRL and append it to the chained list.
 
int mbedtls_x509_crl_parse (mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse one or more CRLs and append them to the chained list.
 
int mbedtls_x509_crl_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl)
 Returns an informational string about the CRL.
 
void mbedtls_x509_crl_init (mbedtls_x509_crl *crl)
 Initialize a CRL (chain)
 
void mbedtls_x509_crl_free (mbedtls_x509_crl *crl)
 Unallocate all CRL data.
 

Structures and functions for parsing and writing X.509 certificates

typedef struct mbedtls_x509_crt mbedtls_x509_crt
 
typedef struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
 
typedef struct mbedtls_x509write_cert mbedtls_x509write_cert
 
typedef void mbedtls_x509_crt_restart_ctx
 
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
 
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
 
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
 
int mbedtls_x509_crt_parse_der (mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse a single DER formatted certificate and add it to the chained list.
 
int mbedtls_x509_crt_parse (mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list.
 
int mbedtls_x509_crt_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
 Returns an informational string about the certificate.
 
int mbedtls_x509_crt_verify_info (char *buf, size_t size, const char *prefix, uint32_t flags)
 Returns an informational string about the verification status of a certificate.
 
int mbedtls_x509_crt_verify (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 Verify the certificate signature.
 
int mbedtls_x509_crt_verify_with_profile (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
 Verify the certificate signature according to profile.
 
int mbedtls_x509_crt_verify_restartable (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
 Restartable version of mbedtls_crt_verify_with_profile()
 
int mbedtls_x509_crt_check_key_usage (const mbedtls_x509_crt *crt, unsigned int usage)
 Check usage of certificate against keyUsage extension.
 
int mbedtls_x509_crt_check_extended_key_usage (const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
 Check usage of certificate against extendedKeyUsage.
 
void mbedtls_x509_crt_init (mbedtls_x509_crt *crt)
 Initialize a certificate (chain)
 
void mbedtls_x509_crt_free (mbedtls_x509_crt *crt)
 Unallocate all certificate data.
 
#define MBEDTLS_X509_ID_FLAG(id)   ( 1 << ( (id) - 1 ) )
 
#define MBEDTLS_X509_CRT_VERSION_1   0
 
#define MBEDTLS_X509_CRT_VERSION_2   1
 
#define MBEDTLS_X509_CRT_VERSION_3   2
 
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN   32
 
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
 
#define MBEDTLS_X509_MAX_FILE_PATH_LEN   512
 
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE   ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
 

Structures and functions for X.509 Certificate Signing Requests (CSR)

typedef struct mbedtls_x509_csr mbedtls_x509_csr
 
typedef struct mbedtls_x509write_csr mbedtls_x509write_csr
 

X509 Error codes

#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 
#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100
 
#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180
 
#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200
 
#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280
 
#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300
 
#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380
 
#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400
 
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480
 
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500
 
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580
 
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 
#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680
 
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800
 
#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880
 
#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900
 
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980
 
#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000
 

X509 Verify codes

#define MBEDTLS_X509_BADCERT_EXPIRED   0x01
 
#define MBEDTLS_X509_BADCERT_REVOKED   0x02
 
#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04
 
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08
 
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10
 
#define MBEDTLS_X509_BADCRL_EXPIRED   0x20
 
#define MBEDTLS_X509_BADCERT_MISSING   0x40
 
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80
 
#define MBEDTLS_X509_BADCERT_OTHER   0x0100
 
#define MBEDTLS_X509_BADCERT_FUTURE   0x0200
 
#define MBEDTLS_X509_BADCRL_FUTURE   0x0400
 
#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800
 
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000
 
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000
 
#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000
 
#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000
 
#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000
 
#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000
 
#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000
 
#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000
 
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)
 
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
 
#define MBEDTLS_X509_EXT_KEY_USAGE   (1 << 2)
 
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   (1 << 3)
 
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   (1 << 4)
 
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   (1 << 5) /* Supported (DNS) */
 
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   (1 << 6)
 
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)
 
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   (1 << 8) /* Supported */
 
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   (1 << 9)
 
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   (1 << 10)
 
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   (1 << 11)
 
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)
 
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   (1 << 13)
 
#define MBEDTLS_X509_EXT_FRESHEST_CRL   (1 << 14)
 
#define MBEDTLS_X509_EXT_NS_CERT_TYPE   (1 << 16)
 
#define MBEDTLS_X509_FORMAT_DER   1
 
#define MBEDTLS_X509_FORMAT_PEM   2
 
#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256
 

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_ERR_X509_ALLOC_FAILED

#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880

Allocation of memory failed.

Definition at line 102 of file x509.h.

◆ MBEDTLS_ERR_X509_BAD_INPUT_DATA

#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800

Input invalid.

Definition at line 101 of file x509.h.

◆ MBEDTLS_ERR_X509_BUFFER_TOO_SMALL

#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980

Destination buffer is too small.

Definition at line 104 of file x509.h.

◆ MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT

#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780

Format not recognized as DER or PEM.

Definition at line 100 of file x509.h.

◆ MBEDTLS_ERR_X509_CERT_VERIFY_FAILED

#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700

Certificate verification failed, e.g. CRL, CA or signature check failed.

Definition at line 99 of file x509.h.

◆ MBEDTLS_ERR_X509_FATAL_ERROR

#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000

A fatal error occurred, eg the chain is too long or the vrfy callback failed.

Definition at line 105 of file x509.h.

◆ MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080

Unavailable feature, e.g. RSA hashing/encryption combination.

Definition at line 86 of file x509.h.

◆ MBEDTLS_ERR_X509_FILE_IO_ERROR

#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900

Read/write of file failed.

Definition at line 103 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_ALG

#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300

The algorithm tag or value is invalid.

Definition at line 91 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_DATE

#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400

The date tag or value is invalid.

Definition at line 93 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_EXTENSIONS

#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500

The extension tag or value is invalid.

Definition at line 95 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_FORMAT

#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180

The CRT/CRL/CSR format is invalid, e.g. different type expected.

Definition at line 88 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_NAME

#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380

The name tag or value is invalid.

Definition at line 92 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_SERIAL

#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280

The serial tag or value is invalid.

Definition at line 90 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_SIGNATURE

#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480

The signature tag or value invalid.

Definition at line 94 of file x509.h.

◆ MBEDTLS_ERR_X509_INVALID_VERSION

#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200

The CRT/CRL/CSR version element is invalid.

Definition at line 89 of file x509.h.

◆ MBEDTLS_ERR_X509_SIG_MISMATCH

#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680

Signature algorithms do not match. (see mbedtls_x509_crt sig_oid)

Definition at line 98 of file x509.h.

◆ MBEDTLS_ERR_X509_UNKNOWN_OID

#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100

Requested OID is unknown.

Definition at line 87 of file x509.h.

◆ MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG

#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600

Signature algorithm (oid) is unsupported.

Definition at line 97 of file x509.h.

◆ MBEDTLS_ERR_X509_UNKNOWN_VERSION

#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580

CRT/CRL/CSR has an unsupported version number.

Definition at line 96 of file x509.h.

◆ MBEDTLS_X509_BADCERT_BAD_KEY

#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000

The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

Definition at line 129 of file x509.h.

◆ MBEDTLS_X509_BADCERT_BAD_MD

#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000

The certificate is signed with an unacceptable hash.

Definition at line 127 of file x509.h.

◆ MBEDTLS_X509_BADCERT_BAD_PK

#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000

The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).

Definition at line 128 of file x509.h.

◆ MBEDTLS_X509_BADCERT_CN_MISMATCH

#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04

The certificate Common Name (CN) does not match with the expected CN.

Definition at line 115 of file x509.h.

◆ MBEDTLS_X509_BADCERT_EXPIRED

#define MBEDTLS_X509_BADCERT_EXPIRED   0x01

The certificate validity has expired.

Definition at line 113 of file x509.h.

◆ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE

#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000

Usage does not match the extendedKeyUsage extension.

Definition at line 125 of file x509.h.

◆ MBEDTLS_X509_BADCERT_FUTURE

#define MBEDTLS_X509_BADCERT_FUTURE   0x0200

The certificate validity starts in the future.

Definition at line 122 of file x509.h.

◆ MBEDTLS_X509_BADCERT_KEY_USAGE

#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800

Usage does not match the keyUsage extension.

Definition at line 124 of file x509.h.

◆ MBEDTLS_X509_BADCERT_MISSING

#define MBEDTLS_X509_BADCERT_MISSING   0x40

Certificate was missing.

Definition at line 119 of file x509.h.

◆ MBEDTLS_X509_BADCERT_NOT_TRUSTED

#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08

The certificate is not correctly signed by the trusted CA.

Definition at line 116 of file x509.h.

◆ MBEDTLS_X509_BADCERT_NS_CERT_TYPE

#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000

Usage does not match the nsCertType extension.

Definition at line 126 of file x509.h.

◆ MBEDTLS_X509_BADCERT_OTHER

#define MBEDTLS_X509_BADCERT_OTHER   0x0100

Other reason (can be used by verify callback)

Definition at line 121 of file x509.h.

◆ MBEDTLS_X509_BADCERT_REVOKED

#define MBEDTLS_X509_BADCERT_REVOKED   0x02

The certificate has been revoked (is on a CRL).

Definition at line 114 of file x509.h.

◆ MBEDTLS_X509_BADCERT_SKIP_VERIFY

#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80

Certificate verification was skipped.

Definition at line 120 of file x509.h.

◆ MBEDTLS_X509_BADCRL_BAD_KEY

#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000

The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

Definition at line 132 of file x509.h.

◆ MBEDTLS_X509_BADCRL_BAD_MD

#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000

The CRL is signed with an unacceptable hash.

Definition at line 130 of file x509.h.

◆ MBEDTLS_X509_BADCRL_BAD_PK

#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000

The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).

Definition at line 131 of file x509.h.

◆ MBEDTLS_X509_BADCRL_EXPIRED

#define MBEDTLS_X509_BADCRL_EXPIRED   0x20

The CRL is expired.

Definition at line 118 of file x509.h.

◆ MBEDTLS_X509_BADCRL_FUTURE

#define MBEDTLS_X509_BADCRL_FUTURE   0x0400

The CRL is from the future

Definition at line 123 of file x509.h.

◆ MBEDTLS_X509_BADCRL_NOT_TRUSTED

#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10

The CRL is not correctly signed by the trusted CA.

Definition at line 117 of file x509.h.

◆ MBEDTLS_X509_CRT_VERSION_1

#define MBEDTLS_X509_CRT_VERSION_1   0

Definition at line 142 of file x509_crt.h.

◆ MBEDTLS_X509_CRT_VERSION_2

#define MBEDTLS_X509_CRT_VERSION_2   1

Definition at line 143 of file x509_crt.h.

◆ MBEDTLS_X509_CRT_VERSION_3

#define MBEDTLS_X509_CRT_VERSION_3   2

Definition at line 144 of file x509_crt.h.

◆ MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER

#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)

Definition at line 171 of file x509.h.

◆ MBEDTLS_X509_EXT_BASIC_CONSTRAINTS

#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   (1 << 8) /* Supported */

Definition at line 179 of file x509.h.

◆ MBEDTLS_X509_EXT_CERTIFICATE_POLICIES

#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   (1 << 3)

Definition at line 174 of file x509.h.

◆ MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS

#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)

Definition at line 183 of file x509.h.

◆ MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE

#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   (1 << 11)

Definition at line 182 of file x509.h.

◆ MBEDTLS_X509_EXT_FRESHEST_CRL

#define MBEDTLS_X509_EXT_FRESHEST_CRL   (1 << 14)

Definition at line 185 of file x509.h.

◆ MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY

#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   (1 << 13)

Definition at line 184 of file x509.h.

◆ MBEDTLS_X509_EXT_ISSUER_ALT_NAME

#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   (1 << 6)

Definition at line 177 of file x509.h.

◆ MBEDTLS_X509_EXT_KEY_USAGE

#define MBEDTLS_X509_EXT_KEY_USAGE   (1 << 2)

Definition at line 173 of file x509.h.

◆ MBEDTLS_X509_EXT_NAME_CONSTRAINTS

#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   (1 << 9)

Definition at line 180 of file x509.h.

◆ MBEDTLS_X509_EXT_NS_CERT_TYPE

#define MBEDTLS_X509_EXT_NS_CERT_TYPE   (1 << 16)

Definition at line 187 of file x509.h.

◆ MBEDTLS_X509_EXT_POLICY_CONSTRAINTS

#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   (1 << 10)

Definition at line 181 of file x509.h.

◆ MBEDTLS_X509_EXT_POLICY_MAPPINGS

#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   (1 << 4)

Definition at line 175 of file x509.h.

◆ MBEDTLS_X509_EXT_SUBJECT_ALT_NAME

#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   (1 << 5) /* Supported (DNS) */

Definition at line 176 of file x509.h.

◆ MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS

#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)

Definition at line 178 of file x509.h.

◆ MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER

#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)

Definition at line 172 of file x509.h.

◆ MBEDTLS_X509_FORMAT_DER

#define MBEDTLS_X509_FORMAT_DER   1

Definition at line 193 of file x509.h.

◆ MBEDTLS_X509_FORMAT_PEM

#define MBEDTLS_X509_FORMAT_PEM   2

Definition at line 194 of file x509.h.

◆ MBEDTLS_X509_ID_FLAG

#define MBEDTLS_X509_ID_FLAG (   id)    ( 1 << ( (id) - 1 ) )

Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.

Definition at line 126 of file x509_crt.h.

◆ MBEDTLS_X509_KU_CRL_SIGN

#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */

Definition at line 147 of file x509.h.

◆ MBEDTLS_X509_KU_DATA_ENCIPHERMENT

#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */

Definition at line 144 of file x509.h.

◆ MBEDTLS_X509_KU_DECIPHER_ONLY

#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */

Definition at line 149 of file x509.h.

◆ MBEDTLS_X509_KU_DIGITAL_SIGNATURE

#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */

Definition at line 141 of file x509.h.

◆ MBEDTLS_X509_KU_ENCIPHER_ONLY

#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */

Definition at line 148 of file x509.h.

◆ MBEDTLS_X509_KU_KEY_AGREEMENT

#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */

Definition at line 145 of file x509.h.

◆ MBEDTLS_X509_KU_KEY_CERT_SIGN

#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */

Definition at line 146 of file x509.h.

◆ MBEDTLS_X509_KU_KEY_ENCIPHERMENT

#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */

Definition at line 143 of file x509.h.

◆ MBEDTLS_X509_KU_NON_REPUDIATION

#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */

Definition at line 142 of file x509.h.

◆ MBEDTLS_X509_MAX_DN_NAME_SIZE

#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256

Maximum value size of a DN entry

Definition at line 196 of file x509.h.

◆ MBEDTLS_X509_MAX_FILE_PATH_LEN

#define MBEDTLS_X509_MAX_FILE_PATH_LEN   512

Definition at line 150 of file x509_crt.h.

◆ MBEDTLS_X509_MAX_INTERMEDIATE_CA

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8

Maximum number of intermediate CAs in a verification chain. That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate.

Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.

Definition at line 79 of file x509.h.

◆ MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE

#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE   ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )

Max size of verification chain: end-entity + intermediates + trusted root

Definition at line 182 of file x509_crt.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_EMAIL

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */

Definition at line 158 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */

Definition at line 162 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */

Definition at line 159 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */

Definition at line 163 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_RESERVED

#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */

Definition at line 160 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_SSL_CA

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */

Definition at line 161 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */

Definition at line 156 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */

Definition at line 157 of file x509.h.

◆ MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN

#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN   32

Definition at line 146 of file x509_crt.h.

◆ MBEDTLS_X509_RFC5280_UTC_TIME_LEN

#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15

Definition at line 147 of file x509_crt.h.

◆ MBEDTLS_X509_SAFE_SNPRINTF

#define MBEDTLS_X509_SAFE_SNPRINTF
Value:
do { \
if( ret < 0 || (size_t) ret >= n ) \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while( 0 )
__kernel_size_t size_t
Definition: linux.h:237
GLdouble n
Definition: glext.h:7729
GLfloat GLfloat p
Definition: glext.h:8902
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
Definition: x509.h:104
int ret

Definition at line 349 of file x509.h.

Typedef Documentation

◆ mbedtls_x509_bitstring

Container for ASN1 bit strings.

Definition at line 219 of file x509.h.

◆ mbedtls_x509_buf

Type-length-value structure that allows for ASN1 using DER.

Definition at line 214 of file x509.h.

◆ mbedtls_x509_crl

Certificate revocation list structure. Every CRL may have multiple entries.

◆ mbedtls_x509_crl_entry

Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.

◆ mbedtls_x509_crt

Container for an X.509 certificate. The certificate may be chained.

◆ mbedtls_x509_crt_profile

Security profile for certificate verification.

All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().

◆ mbedtls_x509_crt_restart_ctx

Definition at line 224 of file x509_crt.h.

◆ mbedtls_x509_csr

Certificate Signing Request (CSR) structure.

◆ mbedtls_x509_name

Container for ASN1 named information objects. It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).

Definition at line 225 of file x509.h.

◆ mbedtls_x509_sequence

Container for a sequence of ASN.1 items

Definition at line 230 of file x509.h.

◆ mbedtls_x509_time

Container for date and time (precision in seconds).

◆ mbedtls_x509write_cert

Container for writing a certificate (CRT)

◆ mbedtls_x509write_csr

Container for writing a CSR

Function Documentation

◆ mbedtls_dhm_parse_dhm()

int mbedtls_dhm_parse_dhm ( mbedtls_dhm_context dhm,
const unsigned char dhmin,
size_t  dhminlen 
)

This function parses DHM parameters in PEM or DER format.

Parameters
dhmThe DHM context to import the DHM parameters into. This must be initialized.
dhminThe input buffer. This must be a readable buffer of length dhminlen Bytes.
dhminlenThe size of the input buffer dhmin, including the terminating NULL Byte for PEM data.
Returns
0 on success.
An MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code on failure.

◆ mbedtls_x509_crl_free()

void mbedtls_x509_crl_free ( mbedtls_x509_crl crl)

Unallocate all CRL data.

Parameters
crlCRL chain to free

◆ mbedtls_x509_crl_info()

int mbedtls_x509_crl_info ( char buf,
size_t  size,
const char prefix,
const mbedtls_x509_crl crl 
)

Returns an informational string about the CRL.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crlThe X509 CRL to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_crl_init()

void mbedtls_x509_crl_init ( mbedtls_x509_crl crl)

Initialize a CRL (chain)

Parameters
crlCRL chain to initialize

◆ mbedtls_x509_crl_parse()

int mbedtls_x509_crl_parse ( mbedtls_x509_crl chain,
const unsigned char buf,
size_t  buflen 
)

Parse one or more CRLs and append them to the chained list.

Note
Multiple CRLs are accepted only if using PEM format
Parameters
chainpoints to the start of the chain
bufbuffer holding the CRL data in PEM or DER format
buflensize of the buffer (including the terminating null byte for PEM data)
Returns
0 if successful, or a specific X509 or PEM error code

◆ mbedtls_x509_crl_parse_der()

int mbedtls_x509_crl_parse_der ( mbedtls_x509_crl chain,
const unsigned char buf,
size_t  buflen 
)

Parse a DER-encoded CRL and append it to the chained list.

Parameters
chainpoints to the start of the chain
bufbuffer holding the CRL data in DER format
buflensize of the buffer (including the terminating null byte for PEM data)
Returns
0 if successful, or a specific X509 or PEM error code

◆ mbedtls_x509_crt_check_extended_key_usage()

int mbedtls_x509_crt_check_extended_key_usage ( const mbedtls_x509_crt crt,
const char usage_oid,
size_t  usage_len 
)

Check usage of certificate against extendedKeyUsage.

Parameters
crtLeaf certificate used.
usage_oidIntended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
usage_lenLength of usage_oid (eg given by MBEDTLS_OID_SIZE()).
Returns
0 if this use of the certificate is allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
Note
Usually only makes sense on leaf certificates.

◆ mbedtls_x509_crt_check_key_usage()

int mbedtls_x509_crt_check_key_usage ( const mbedtls_x509_crt crt,
unsigned int  usage 
)

Check usage of certificate against keyUsage extension.

Parameters
crtLeaf certificate used.
usageIntended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the certificate to perform an RSA key exchange).
Note
Except for decipherOnly and encipherOnly, a bit set in the usage argument means this bit MUST be set in the certificate. For decipherOnly and encipherOnly, it means that bit MAY be set.
Returns
0 is these uses of the certificate are allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension is present but does not match the usage argument.
Note
You should only call this function on leaf certificates, on (intermediate) CAs the keyUsage extension is automatically checked by mbedtls_x509_crt_verify().

◆ mbedtls_x509_crt_free()

void mbedtls_x509_crt_free ( mbedtls_x509_crt crt)

Unallocate all certificate data.

Parameters
crtCertificate chain to free

◆ mbedtls_x509_crt_info()

int mbedtls_x509_crt_info ( char buf,
size_t  size,
const char prefix,
const mbedtls_x509_crt crt 
)

Returns an informational string about the certificate.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crtThe X509 certificate to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_crt_init()

void mbedtls_x509_crt_init ( mbedtls_x509_crt crt)

Initialize a certificate (chain)

Parameters
crtCertificate chain to initialize

◆ mbedtls_x509_crt_parse()

int mbedtls_x509_crt_parse ( mbedtls_x509_crt chain,
const unsigned char buf,
size_t  buflen 
)

Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list.

For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence 0 if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing.

PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific '--—{BEGIN/END} CERTIFICATE--—' delimiters.

Parameters
chainThe chain to which to add the parsed certificates.
bufThe buffer holding the certificate data in PEM or DER format. For certificates in PEM encoding, this may be a concatenation of multiple certificates; for DER encoding, the buffer must comprise exactly one certificate.
buflenThe size of buf, including the terminating NULL byte in case of PEM encoded data.
Returns
0 if all certificates were parsed successfully.
The (positive) number of certificates that couldn't be parsed if parsing was partly successful (see above).
A negative X509 or PEM error code otherwise.

◆ mbedtls_x509_crt_parse_der()

int mbedtls_x509_crt_parse_der ( mbedtls_x509_crt chain,
const unsigned char buf,
size_t  buflen 
)

Parse a single DER formatted certificate and add it to the chained list.

Parameters
chainpoints to the start of the chain
bufbuffer holding the certificate DER data
buflensize of the buffer
Returns
0 if successful, or a specific X509 or PEM error code

◆ mbedtls_x509_crt_verify()

int mbedtls_x509_crt_verify ( mbedtls_x509_crt crt,
mbedtls_x509_crt trust_ca,
mbedtls_x509_crl ca_crl,
const char cn,
uint32_t flags,
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *)  f_vrfy,
void p_vrfy 
)

Verify the certificate signature.

            The verify callback is a user-supplied callback that
            can clear / modify / add flags for a certificate. If set,
            the verification callback is called for each
            certificate in the chain (from the trust-ca down to the
            presented crt). The parameters for the callback are:
            (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
            int *flags). With the flags representing current flags for
            that specific certificate and the certificate depth from
            the bottom (Peer cert depth = 0).

            All flags left after returning from the callback
            are also returned to the application. The function should
            return 0 for anything (including invalid certificates)
            other than fatal error, as a non-zero return code
            immediately aborts the verification process. For fatal
            errors, a specific error code should be used (different
            from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
            be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
            can be used if no better code is available.
Note
In case verification failed, the results can be displayed using mbedtls_x509_crt_verify_info()
Same as mbedtls_x509_crt_verify_with_profile() with the default security profile.
It is your responsibility to provide up-to-date CRLs for all trusted CAs. If no CRL is provided for the CA that was used to sign the certificate, CRL verification is skipped silently, that is without setting any flag.
The trust_ca list can contain two types of certificates: (1) those of trusted root CAs, so that certificates chaining up to those CAs will be trusted, and (2) self-signed end-entity certificates to be trusted (for specific peers you know) - in that case, the self-signed certificate doesn't need to have the CA bit set.
Parameters
crta certificate (chain) to be verified
trust_cathe list of trusted CAs (see note above)
ca_crlthe list of CRLs for trusted CAs (see note above)
cnexpected Common Name (can be set to NULL if the CN must not be verified)
flagsresult of the verification
f_vrfyverification function
p_vrfyverification parameter
Returns
0 (and flags set to 0) if the chain was verified and valid, MBEDTLS_ERR_X509_CERT_VERIFY_FAILED if the chain was verified but found to be invalid, in which case *flags will have one or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags set, or another error (and flags set to 0xffffffff) in case of a fatal error encountered during the verification process.

◆ mbedtls_x509_crt_verify_info()

int mbedtls_x509_crt_verify_info ( char buf,
size_t  size,
const char prefix,
uint32_t  flags 
)

Returns an informational string about the verification status of a certificate.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
flagsVerification flags created by mbedtls_x509_crt_verify()
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_crt_verify_restartable()

int mbedtls_x509_crt_verify_restartable ( mbedtls_x509_crt crt,
mbedtls_x509_crt trust_ca,
mbedtls_x509_crl ca_crl,
const mbedtls_x509_crt_profile profile,
const char cn,
uint32_t flags,
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *)  f_vrfy,
void p_vrfy,
mbedtls_x509_crt_restart_ctx rs_ctx 
)

Restartable version of mbedtls_crt_verify_with_profile()

Note
Performs the same job as mbedtls_crt_verify_with_profile() but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking.
Parameters
crta certificate (chain) to be verified
trust_cathe list of trusted CAs
ca_crlthe list of CRLs for trusted CAs
profilesecurity profile for verification
cnexpected Common Name (can be set to NULL if the CN must not be verified)
flagsresult of the verification
f_vrfyverification function
p_vrfyverification parameter
rs_ctxrestart context (NULL to disable restart)
Returns
See mbedtls_crt_verify_with_profile(), or
MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see mbedtls_ecp_set_max_ops().

◆ mbedtls_x509_crt_verify_with_profile()

int mbedtls_x509_crt_verify_with_profile ( mbedtls_x509_crt crt,
mbedtls_x509_crt trust_ca,
mbedtls_x509_crl ca_crl,
const mbedtls_x509_crt_profile profile,
const char cn,
uint32_t flags,
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *)  f_vrfy,
void p_vrfy 
)

Verify the certificate signature according to profile.

Note
Same as mbedtls_x509_crt_verify(), but with explicit security profile.
The restrictions on keys (RSA minimum size, allowed curves for ECDSA) apply to all certificates: trusted root, intermediate CAs if any, and end entity certificate.
Parameters
crta certificate (chain) to be verified
trust_cathe list of trusted CAs
ca_crlthe list of CRLs for trusted CAs
profilesecurity profile for verification
cnexpected Common Name (can be set to NULL if the CN must not be verified)
flagsresult of the verification
f_vrfyverification function
p_vrfyverification parameter
Returns
0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in which case *flags will have one or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags set, or another error in case of a fatal error encountered during the verification process.

◆ mbedtls_x509_dn_gets()

int mbedtls_x509_dn_gets ( char buf,
size_t  size,
const mbedtls_x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_get_alg()

int mbedtls_x509_get_alg ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_buf alg,
mbedtls_x509_buf params 
)

◆ mbedtls_x509_get_alg_null()

int mbedtls_x509_get_alg_null ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_buf alg 
)

◆ mbedtls_x509_get_ext()

int mbedtls_x509_get_ext ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_buf ext,
int  tag 
)

◆ mbedtls_x509_get_name()

int mbedtls_x509_get_name ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_name cur 
)

◆ mbedtls_x509_get_rsassa_pss_params()

int mbedtls_x509_get_rsassa_pss_params ( const mbedtls_x509_buf params,
mbedtls_md_type_t md_alg,
mbedtls_md_type_t mgf_md,
int salt_len 
)

◆ mbedtls_x509_get_serial()

int mbedtls_x509_get_serial ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_buf serial 
)

◆ mbedtls_x509_get_sig()

int mbedtls_x509_get_sig ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_buf sig 
)

◆ mbedtls_x509_get_sig_alg()

int mbedtls_x509_get_sig_alg ( const mbedtls_x509_buf sig_oid,
const mbedtls_x509_buf sig_params,
mbedtls_md_type_t md_alg,
mbedtls_pk_type_t pk_alg,
void **  sig_opts 
)

◆ mbedtls_x509_get_time()

int mbedtls_x509_get_time ( unsigned char **  p,
const unsigned char end,
mbedtls_x509_time t 
)

◆ mbedtls_x509_key_size_helper()

int mbedtls_x509_key_size_helper ( char buf,
size_t  buf_size,
const char name 
)

◆ mbedtls_x509_serial_gets()

int mbedtls_x509_serial_gets ( char buf,
size_t  size,
const mbedtls_x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_set_extension()

int mbedtls_x509_set_extension ( mbedtls_asn1_named_data **  head,
const char oid,
size_t  oid_len,
int  critical,
const unsigned char val,
size_t  val_len 
)

◆ mbedtls_x509_sig_alg_gets()

int mbedtls_x509_sig_alg_gets ( char buf,
size_t  size,
const mbedtls_x509_buf sig_oid,
mbedtls_pk_type_t  pk_alg,
mbedtls_md_type_t  md_alg,
const void sig_opts 
)

◆ mbedtls_x509_string_to_names()

int mbedtls_x509_string_to_names ( mbedtls_asn1_named_data **  head,
const char name 
)

◆ mbedtls_x509_time_is_future()

int mbedtls_x509_time_is_future ( const mbedtls_x509_time from)

Check a given mbedtls_x509_time against the system time and tell if it's in the future.

Note
Intended usage is "if( is_future( valid_from ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
frommbedtls_x509_time to check
Returns
1 if the given time is in the future or an error occurred, 0 otherwise.

◆ mbedtls_x509_time_is_past()

int mbedtls_x509_time_is_past ( const mbedtls_x509_time to)

Check a given mbedtls_x509_time against the system time and tell if it's in the past.

Note
Intended usage is "if( is_past( valid_to ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
tombedtls_x509_time to check
Returns
1 if the given time is in the past or an error occurred, 0 otherwise.

◆ mbedtls_x509_write_extensions()

int mbedtls_x509_write_extensions ( unsigned char **  p,
unsigned char start,
mbedtls_asn1_named_data first 
)

◆ mbedtls_x509_write_names()

int mbedtls_x509_write_names ( unsigned char **  p,
unsigned char start,
mbedtls_asn1_named_data first 
)

◆ mbedtls_x509_write_sig()

int mbedtls_x509_write_sig ( unsigned char **  p,
unsigned char start,
const char oid,
size_t  oid_len,
unsigned char sig,
size_t  size 
)

Variable Documentation

◆ allowed_curves

uint32_t mbedtls_x509_crt_profile::allowed_curves

Elliptic curves for ECDSA

Definition at line 137 of file x509_crt.h.

◆ allowed_mds

uint32_t mbedtls_x509_crt_profile::allowed_mds

MDs for signatures

Definition at line 135 of file x509_crt.h.

◆ allowed_pks

uint32_t mbedtls_x509_crt_profile::allowed_pks

PK algs for signatures

Definition at line 136 of file x509_crt.h.

◆ ca_istrue

int mbedtls_x509_crt::ca_istrue

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

Definition at line 104 of file x509_crt.h.

◆ cri

mbedtls_x509_buf mbedtls_x509_csr::cri

The raw CertificateRequestInfo body (DER).

Definition at line 79 of file x509_csr.h.

◆ crl_ext

mbedtls_x509_buf mbedtls_x509_crl::crl_ext

Definition at line 112 of file x509_crl.h.

◆ crt

mbedtls_x509_crt* mbedtls_x509_crt_verify_chain_item::crt

Definition at line 175 of file x509_crt.h.

◆ day

int mbedtls_x509_time::day

Date.

Definition at line 235 of file x509.h.

◆ entry

mbedtls_x509_crl_entry mbedtls_x509_crl::entry

The CRL entries containing the certificate revocation times for this CA.

Definition at line 110 of file x509_crl.h.

◆ entry_ext

mbedtls_x509_buf mbedtls_x509_crl_entry::entry_ext

Definition at line 85 of file x509_crl.h.

◆ ext_key_usage

mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage

Optional list of extended key usage OIDs.

Definition at line 109 of file x509_crt.h.

◆ ext_types

int mbedtls_x509_crt::ext_types

Bit string containing detected and parsed extensions

Definition at line 103 of file x509_crt.h.

◆ extensions [1/2]

mbedtls_asn1_named_data* mbedtls_x509write_cert::extensions

Definition at line 167 of file x509_crt.h.

◆ extensions [2/2]

mbedtls_asn1_named_data* mbedtls_x509write_csr::extensions

Definition at line 104 of file x509_csr.h.

◆ flags

uint32_t mbedtls_x509_crt_verify_chain_item::flags

Definition at line 176 of file x509_crt.h.

◆ hour

int mbedtls_x509_time::hour

Definition at line 236 of file x509.h.

◆ issuer [1/3]

mbedtls_x509_name mbedtls_x509_crl::issuer

The parsed issuer data (named information object).

Definition at line 105 of file x509_crl.h.

◆ issuer [2/3]

mbedtls_x509_name mbedtls_x509_crt::issuer

The parsed issuer data (named information object).

Definition at line 90 of file x509_crt.h.

◆ issuer [3/3]

mbedtls_asn1_named_data* mbedtls_x509write_cert::issuer

Definition at line 163 of file x509_crt.h.

◆ issuer_id

mbedtls_x509_buf mbedtls_x509_crt::issuer_id

Optional X.509 v2/v3 issuer unique identifier.

Definition at line 98 of file x509_crt.h.

◆ issuer_key

mbedtls_pk_context* mbedtls_x509write_cert::issuer_key

Definition at line 161 of file x509_crt.h.

◆ issuer_raw [1/2]

mbedtls_x509_buf mbedtls_x509_crl::issuer_raw

The raw issuer data (DER).

Definition at line 103 of file x509_crl.h.

◆ issuer_raw [2/2]

mbedtls_x509_buf mbedtls_x509_crt::issuer_raw

The raw issuer data (DER). Used for quick comparison.

Definition at line 87 of file x509_crt.h.

◆ items

Definition at line 189 of file x509_crt.h.

◆ key

mbedtls_pk_context* mbedtls_x509write_csr::key

Definition at line 101 of file x509_csr.h.

◆ key_usage

unsigned int mbedtls_x509_crt::key_usage

Optional key usage extension value: See the values in x509.h

Definition at line 107 of file x509_crt.h.

◆ len

unsigned mbedtls_x509_crt_verify_chain::len

Definition at line 190 of file x509_crt.h.

◆ max_pathlen

int mbedtls_x509_crt::max_pathlen

Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+

Definition at line 105 of file x509_crt.h.

◆ mbedtls_x509_crt_profile_default

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
extern

Default security profile. Should provide a good balance between security and compatibility with current deployments.

This profile permits:

  • SHA2 hashes.
  • All supported elliptic curves.
  • RSA with 2048 bits and above.

New minor versions of Mbed TLS may extend this profile, for example if new curves are added to the library. New minor versions of Mbed TLS will not reduce this profile unless serious security concerns require it.

◆ mbedtls_x509_crt_profile_next

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
extern

Expected next default profile. Recommended for new deployments. Currently targets a 128-bit security level, except for allowing RSA-2048.

◆ mbedtls_x509_crt_profile_suiteb

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
extern

NSA Suite B profile.

◆ md_alg [1/2]

mbedtls_md_type_t mbedtls_x509write_cert::md_alg

Definition at line 164 of file x509_crt.h.

◆ md_alg [2/2]

mbedtls_md_type_t mbedtls_x509write_csr::md_alg

Definition at line 103 of file x509_csr.h.

◆ min

int mbedtls_x509_time::min

Definition at line 236 of file x509.h.

◆ mon

int mbedtls_x509_time::mon

Definition at line 235 of file x509.h.

◆ next [1/3]

struct mbedtls_x509_crl_entry* mbedtls_x509_crl_entry::next

Definition at line 87 of file x509_crl.h.

◆ next [2/3]

struct mbedtls_x509_crl* mbedtls_x509_crl::next

Definition at line 120 of file x509_crl.h.

◆ next [3/3]

struct mbedtls_x509_crt* mbedtls_x509_crt::next

Next certificate in the CA-chain.

Definition at line 118 of file x509_crt.h.

◆ next_update

mbedtls_x509_time mbedtls_x509_crl::next_update

Definition at line 108 of file x509_crl.h.

◆ not_after

char mbedtls_x509write_cert::not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]

Definition at line 166 of file x509_crt.h.

◆ not_before

char mbedtls_x509write_cert::not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]

Definition at line 165 of file x509_crt.h.

◆ ns_cert_type

unsigned char mbedtls_x509_crt::ns_cert_type

Optional Netscape certificate type extension value: See the values in x509.h

Definition at line 111 of file x509_crt.h.

◆ pk [1/2]

mbedtls_pk_context mbedtls_x509_crt::pk

Container for the public key context.

Definition at line 96 of file x509_crt.h.

◆ pk [2/2]

mbedtls_pk_context mbedtls_x509_csr::pk

Container for the public key context.

Definition at line 86 of file x509_csr.h.

◆ raw [1/4]

mbedtls_x509_buf mbedtls_x509_crl_entry::raw

Definition at line 79 of file x509_crl.h.

◆ raw [2/4]

mbedtls_x509_buf mbedtls_x509_crl::raw

The raw certificate data (DER).

Definition at line 97 of file x509_crl.h.

◆ raw [3/4]

mbedtls_x509_buf mbedtls_x509_crt::raw

The raw certificate data (DER).

Definition at line 80 of file x509_crt.h.

◆ raw [4/4]

mbedtls_x509_buf mbedtls_x509_csr::raw

The raw CSR data (DER).

Definition at line 78 of file x509_csr.h.

◆ revocation_date

mbedtls_x509_time mbedtls_x509_crl_entry::revocation_date

Definition at line 83 of file x509_crl.h.

◆ rsa_min_bitlen

uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen

Minimum size for RSA keys

Definition at line 138 of file x509_crt.h.

◆ sec

int mbedtls_x509_time::sec

Time.

Definition at line 236 of file x509.h.

◆ serial [1/3]

mbedtls_x509_buf mbedtls_x509_crl_entry::serial

Definition at line 81 of file x509_crl.h.

◆ serial [2/3]

mbedtls_x509_buf mbedtls_x509_crt::serial

Unique id for certificate issued by a specific CA.

Definition at line 84 of file x509_crt.h.

◆ serial [3/3]

mbedtls_mpi mbedtls_x509write_cert::serial

Definition at line 159 of file x509_crt.h.

◆ sig [1/3]

mbedtls_x509_buf mbedtls_x509_crl::sig

Definition at line 115 of file x509_crl.h.

◆ sig [2/3]

mbedtls_x509_buf mbedtls_x509_crt::sig

Signature: hash of the tbs part signed with the private key.

Definition at line 113 of file x509_crt.h.

◆ sig [3/3]

mbedtls_x509_buf mbedtls_x509_csr::sig

Definition at line 89 of file x509_csr.h.

◆ sig_md [1/3]

mbedtls_md_type_t mbedtls_x509_crl::sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256

Definition at line 116 of file x509_crl.h.

◆ sig_md [2/3]

mbedtls_md_type_t mbedtls_x509_crt::sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256

Definition at line 114 of file x509_crt.h.

◆ sig_md [3/3]

mbedtls_md_type_t mbedtls_x509_csr::sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256

Definition at line 90 of file x509_csr.h.

◆ sig_oid [1/3]

mbedtls_x509_buf mbedtls_x509_crl::sig_oid

CRL signature type identifier

Definition at line 101 of file x509_crl.h.

◆ sig_oid [2/3]

mbedtls_x509_buf mbedtls_x509_crt::sig_oid

Signature algorithm, e.g. sha1RSA

Definition at line 85 of file x509_crt.h.

◆ sig_oid [3/3]

mbedtls_x509_buf mbedtls_x509_csr::sig_oid

Definition at line 88 of file x509_csr.h.

◆ sig_oid2

mbedtls_x509_buf mbedtls_x509_crl::sig_oid2

Definition at line 114 of file x509_crl.h.

◆ sig_opts [1/3]

void* mbedtls_x509_crl::sig_opts

Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS

Definition at line 118 of file x509_crl.h.

◆ sig_opts [2/3]

void* mbedtls_x509_crt::sig_opts

Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS

Definition at line 116 of file x509_crt.h.

◆ sig_opts [3/3]

void* mbedtls_x509_csr::sig_opts

Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS

Definition at line 92 of file x509_csr.h.

◆ sig_pk [1/3]

mbedtls_pk_type_t mbedtls_x509_crl::sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA

Definition at line 117 of file x509_crl.h.

◆ sig_pk [2/3]

mbedtls_pk_type_t mbedtls_x509_crt::sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA

Definition at line 115 of file x509_crt.h.

◆ sig_pk [3/3]

mbedtls_pk_type_t mbedtls_x509_csr::sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA

Definition at line 91 of file x509_csr.h.

◆ subject [1/4]

mbedtls_x509_name mbedtls_x509_crt::subject

The parsed subject data (named information object).

Definition at line 91 of file x509_crt.h.

◆ subject [2/4]

mbedtls_asn1_named_data* mbedtls_x509write_cert::subject

Definition at line 162 of file x509_crt.h.

◆ subject [3/4]

mbedtls_x509_name mbedtls_x509_csr::subject

The parsed subject data (named information object).

Definition at line 84 of file x509_csr.h.

◆ subject [4/4]

mbedtls_asn1_named_data* mbedtls_x509write_csr::subject

Definition at line 102 of file x509_csr.h.

◆ subject_alt_names

mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names

Optional list of Subject Alternative Names (Only dNSName supported).

Definition at line 101 of file x509_crt.h.

◆ subject_id

mbedtls_x509_buf mbedtls_x509_crt::subject_id

Optional X.509 v2/v3 subject unique identifier.

Definition at line 99 of file x509_crt.h.

◆ subject_key

mbedtls_pk_context* mbedtls_x509write_cert::subject_key

Definition at line 160 of file x509_crt.h.

◆ subject_raw [1/2]

mbedtls_x509_buf mbedtls_x509_crt::subject_raw

The raw subject data (DER). Used for quick comparison.

Definition at line 88 of file x509_crt.h.

◆ subject_raw [2/2]

mbedtls_x509_buf mbedtls_x509_csr::subject_raw

The raw subject data (DER).

Definition at line 83 of file x509_csr.h.

◆ tbs [1/2]

mbedtls_x509_buf mbedtls_x509_crl::tbs

The raw certificate body (DER). The part that is To Be Signed.

Definition at line 98 of file x509_crl.h.

◆ tbs [2/2]

mbedtls_x509_buf mbedtls_x509_crt::tbs

The raw certificate body (DER). The part that is To Be Signed.

Definition at line 81 of file x509_crt.h.

◆ this_update

mbedtls_x509_time mbedtls_x509_crl::this_update

Definition at line 107 of file x509_crl.h.

◆ v3_ext

mbedtls_x509_buf mbedtls_x509_crt::v3_ext

Optional X.509 v3 extensions.

Definition at line 100 of file x509_crt.h.

◆ valid_from

mbedtls_x509_time mbedtls_x509_crt::valid_from

Start time of certificate validity.

Definition at line 93 of file x509_crt.h.

◆ valid_to

mbedtls_x509_time mbedtls_x509_crt::valid_to

End time of certificate validity.

Definition at line 94 of file x509_crt.h.

◆ version [1/4]

int mbedtls_x509_crl::version

CRL version (1=v1, 2=v2)

Definition at line 100 of file x509_crl.h.

◆ version [2/4]

int mbedtls_x509_crt::version

The X.509 version. (1=v1, 2=v2, 3=v3)

Definition at line 83 of file x509_crt.h.

◆ version [3/4]

int mbedtls_x509write_cert::version

Definition at line 158 of file x509_crt.h.

◆ version [4/4]

int mbedtls_x509_csr::version

CSR version (1=v1).

Definition at line 81 of file x509_csr.h.

◆ year

int mbedtls_x509_time::year

Definition at line 235 of file x509.h.