Mbed TLS v3.5.0
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 #ifndef MBEDTLS_X509_CRT_H
23 #define MBEDTLS_X509_CRT_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 
28 #include "mbedtls/x509.h"
29 #include "mbedtls/x509_crl.h"
30 #include "mbedtls/bignum.h"
31 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
53 typedef struct mbedtls_x509_crt {
54  int MBEDTLS_PRIVATE(own_buffer);
59  int version;
84  int MBEDTLS_PRIVATE(ext_types);
85  int MBEDTLS_PRIVATE(ca_istrue);
86  int MBEDTLS_PRIVATE(max_pathlen);
88  unsigned int MBEDTLS_PRIVATE(key_usage);
92  unsigned char MBEDTLS_PRIVATE(ns_cert_type);
97  void *MBEDTLS_PRIVATE(sig_opts);
103 }
105 
110 #define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1))
111 
137 typedef struct mbedtls_x509_crt_profile {
138  uint32_t allowed_mds;
139  uint32_t allowed_pks;
142  uint32_t allowed_curves;
143  uint32_t rsa_min_bitlen;
144 }
146 
147 #define MBEDTLS_X509_CRT_VERSION_1 0
148 #define MBEDTLS_X509_CRT_VERSION_2 1
149 #define MBEDTLS_X509_CRT_VERSION_3 2
150 
151 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20
152 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
153 
154 #if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
155 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
156 #endif
157 
158 /* This macro unfolds to the concatenation of macro invocations
159  * X509_CRT_ERROR_INFO( error code,
160  * error code as string,
161  * human readable description )
162  * where X509_CRT_ERROR_INFO is defined by the user.
163  * See x509_crt.c for an example of how to use this. */
164 #define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
165  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \
166  "MBEDTLS_X509_BADCERT_EXPIRED", \
167  "The certificate validity has expired") \
168  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \
169  "MBEDTLS_X509_BADCERT_REVOKED", \
170  "The certificate has been revoked (is on a CRL)") \
171  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_CN_MISMATCH, \
172  "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
173  "The certificate Common Name (CN) does not match with the expected CN") \
174  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
175  "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
176  "The certificate is not correctly signed by the trusted CA") \
177  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
178  "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
179  "The CRL is not correctly signed by the trusted CA") \
180  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \
181  "MBEDTLS_X509_BADCRL_EXPIRED", \
182  "The CRL is expired") \
183  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \
184  "MBEDTLS_X509_BADCERT_MISSING", \
185  "Certificate was missing") \
186  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
187  "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
188  "Certificate verification was skipped") \
189  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \
190  "MBEDTLS_X509_BADCERT_OTHER", \
191  "Other reason (can be used by verify callback)") \
192  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \
193  "MBEDTLS_X509_BADCERT_FUTURE", \
194  "The certificate validity starts in the future") \
195  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \
196  "MBEDTLS_X509_BADCRL_FUTURE", \
197  "The CRL is from the future") \
198  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \
199  "MBEDTLS_X509_BADCERT_KEY_USAGE", \
200  "Usage does not match the keyUsage extension") \
201  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
202  "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
203  "Usage does not match the extendedKeyUsage extension") \
204  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
205  "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
206  "Usage does not match the nsCertType extension") \
207  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_MD, \
208  "MBEDTLS_X509_BADCERT_BAD_MD", \
209  "The certificate is signed with an unacceptable hash.") \
210  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_PK, \
211  "MBEDTLS_X509_BADCERT_BAD_PK", \
212  "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
213  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_KEY, \
214  "MBEDTLS_X509_BADCERT_BAD_KEY", \
215  "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \
216  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \
217  "MBEDTLS_X509_BADCRL_BAD_MD", \
218  "The CRL is signed with an unacceptable hash.") \
219  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_PK, \
220  "MBEDTLS_X509_BADCRL_BAD_PK", \
221  "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
222  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \
223  "MBEDTLS_X509_BADCRL_BAD_KEY", \
224  "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
225 
229 typedef struct mbedtls_x509write_cert {
230  int MBEDTLS_PRIVATE(version);
232  size_t MBEDTLS_PRIVATE(serial_len);
241 }
243 
257  const mbedtls_x509_san_list *san_list);
258 
262 typedef struct {
264  uint32_t MBEDTLS_PRIVATE(flags);
266 
270 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
271 
275 typedef struct {
277  unsigned MBEDTLS_PRIVATE(len);
278 
279 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
280  /* This stores the list of potential trusted signers obtained from
281  * the CA callback used for the CRT verification, if configured.
282  * We must track it somewhere because the callback passes its
283  * ownership to the caller. */
284  mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
285 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
287 
288 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
289 
293 typedef struct {
294  /* for check_signature() */
296 
297  /* for find_parent_in() */
298  mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
299  mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
300  int MBEDTLS_PRIVATE(fallback_signature_is_good);
301 
302  /* for find_parent() */
303  int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
304 
305  /* for verify_chain() */
306  enum {
307  x509_crt_rs_none,
308  x509_crt_rs_find_parent,
309  } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
310  int MBEDTLS_PRIVATE(self_cnt);
312 
314 
315 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
316 
317 /* Now we can declare functions that take a pointer to that */
319 
320 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
321 
322 #if defined(MBEDTLS_X509_CRT_PARSE_C)
337 
344 
349 
355 
381  const unsigned char *buf,
382  size_t buflen);
383 
414 typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
415  mbedtls_x509_crt const *crt,
416  mbedtls_x509_buf const *oid,
417  int critical,
418  const unsigned char *p,
419  const unsigned char *end);
420 
466  const unsigned char *buf,
467  size_t buflen,
468  int make_copy,
470  void *p_ctx);
471 
504  const unsigned char *buf,
505  size_t buflen);
506 
541 int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen);
542 
543 #if defined(MBEDTLS_FS_IO)
561 int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
562 
576 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
577 
578 #endif /* MBEDTLS_FS_IO */
579 
580 #if !defined(MBEDTLS_X509_REMOVE_INFO)
593 int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
594  const mbedtls_x509_crt *crt);
595 
608 int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
609  uint32_t flags);
610 #endif /* !MBEDTLS_X509_REMOVE_INFO */
611 
683  mbedtls_x509_crt *trust_ca,
684  mbedtls_x509_crl *ca_crl,
685  const char *cn, uint32_t *flags,
686  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
687  void *p_vrfy);
688 
724  mbedtls_x509_crt *trust_ca,
725  mbedtls_x509_crl *ca_crl,
726  const mbedtls_x509_crt_profile *profile,
727  const char *cn, uint32_t *flags,
728  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
729  void *p_vrfy);
730 
758  mbedtls_x509_crt *trust_ca,
759  mbedtls_x509_crl *ca_crl,
760  const mbedtls_x509_crt_profile *profile,
761  const char *cn, uint32_t *flags,
762  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
763  void *p_vrfy,
765 
796 typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
797  mbedtls_x509_crt const *child,
798  mbedtls_x509_crt **candidate_cas);
799 
800 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
823 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
824  mbedtls_x509_crt_ca_cb_t f_ca_cb,
825  void *p_ca_cb,
826  const mbedtls_x509_crt_profile *profile,
827  const char *cn, uint32_t *flags,
828  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
829  void *p_vrfy);
830 
831 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
832 
855  unsigned int usage);
856 
871  const char *usage_oid,
872  size_t usage_len);
873 
874 #if defined(MBEDTLS_X509_CRL_PARSE_C)
885 #endif /* MBEDTLS_X509_CRL_PARSE_C */
886 
893 
900 
901 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
905 void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
906 
910 void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
911 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
912 #endif /* MBEDTLS_X509_CRT_PARSE_C */
913 
925 static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx,
926  int ext_type)
927 {
928  return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
929 }
930 
933 #if defined(MBEDTLS_X509_CRT_WRITE_C)
940 
950 
951 #if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
970  mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
971 #endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
972 
987  unsigned char *serial, size_t serial_len);
988 
1004  const char *not_after);
1005 
1019  const char *issuer_name);
1020 
1034  const char *subject_name);
1035 
1043 
1051 
1060 
1075  const char *oid, size_t oid_len,
1076  int critical,
1077  const unsigned char *val, size_t val_len);
1078 
1091  int is_ca, int max_pathlen);
1092 
1093 #if defined(MBEDTLS_MD_CAN_SHA1)
1104 
1115 #endif /* MBEDTLS_MD_CAN_SHA1 */
1116 
1127  unsigned int key_usage);
1128 
1140  const mbedtls_asn1_sequence *exts);
1141 
1152  unsigned char ns_cert_type);
1153 
1160 
1178 int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1179  int (*f_rng)(void *, unsigned char *, size_t),
1180  void *p_rng);
1181 
1182 #if defined(MBEDTLS_PEM_WRITE_C)
1196 int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1197  int (*f_rng)(void *, unsigned char *, size_t),
1198  void *p_rng);
1199 #endif /* MBEDTLS_PEM_WRITE_C */
1200 #endif /* MBEDTLS_X509_CRT_WRITE_C */
1201 
1204 #ifdef __cplusplus
1205 }
1206 #endif
1207 
1208 #endif /* mbedtls_x509_crt.h */
Multi-precision integer library.
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list.
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list....
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
Definition: x509_crt.h:151
int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts)
Set the Extended Key Usage Extension (e.g. MBEDTLS_OID_SERVER_AUTH)
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:318
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)
The type of certificate extension callbacks.
Definition: x509_crt.h:414
static int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, int ext_type)
Query certificate for given extension type.
Definition: x509_crt.h:925
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:152
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:270
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, unsigned char *serial, size_t serial_len)
Set the serial number for a Certificate.
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively....
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none
int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)
The type of trusted certificate callbacks.
Definition: x509_crt.h:796
int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list)
Set Subject Alternative Name.
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Parse a single DER formatted certificate and add it to the end of the provided chained list.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
struct mbedtls_x509_crt mbedtls_x509_crt
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the version for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i....
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively....
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer!...
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
struct mbedtls_x509write_cert mbedtls_x509write_cert
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates with respect to a configurable security profile.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
Build-time configuration info.
mbedtls_md_type_t
Supported message digests.
Definition: md.h:173
mbedtls_pk_type_t
Public key types.
Definition: pk.h:85
void mbedtls_pk_restart_ctx
Definition: pk.h:299
#define MBEDTLS_DEPRECATED
Definition: platform_util.h:45
Macro wrapper for struct's members.
#define MBEDTLS_PRIVATE(member)
MPI structure.
Definition: bignum.h:219
Public key container.
Definition: pk.h:239
mbedtls_x509_time valid_to
Definition: x509_crt.h:70
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:61
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:78
mbedtls_x509_buf tbs
Definition: x509_crt.h:57
mbedtls_x509_authority authority_key_id
Definition: x509_crt.h:80
mbedtls_x509_buf subject_key_id
Definition: x509_crt.h:79
mbedtls_x509_buf raw
Definition: x509_crt.h:56
mbedtls_x509_buf serial
Definition: x509_crt.h:60
mbedtls_pk_context pk
Definition: x509_crt.h:73
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:77
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:75
mbedtls_x509_name subject
Definition: x509_crt.h:67
mbedtls_x509_sequence certificate_policies
Definition: x509_crt.h:82
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:72
mbedtls_x509_time valid_from
Definition: x509_crt.h:69
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:64
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:90
struct mbedtls_x509_crt * next
Definition: x509_crt.h:102
mbedtls_x509_buf subject_id
Definition: x509_crt.h:76
mbedtls_x509_name issuer
Definition: x509_crt.h:66
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:63
X.509 generic defines and structures.
X.509 certificate revocation list parsing.