 |
5.11.0.0R3
Software Development Kit |
|
 |
|
5.11.0.0R3
Software Development Kit |
|
|
X.509 certificate parsing and writing. More...
Data Structures | |
| struct | mbedtls_x509_crt |
| struct | mbedtls_x509_crt_profile |
| struct | mbedtls_x509_crt_verify_chain |
| struct | mbedtls_x509_crt_verify_chain_item |
| struct | mbedtls_x509write_cert |
Structures and functions for parsing and writing X.509 certificates | |
| typedef struct mbedtls_x509_crt | mbedtls_x509_crt |
| int | mbedtls_x509_crt_check_extended_key_usage (const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len) |
| Check usage of certificate against extendedKeyUsage. | |
| int | mbedtls_x509_crt_check_key_usage (const mbedtls_x509_crt *crt, unsigned int usage) |
| Check usage of certificate against keyUsage extension. | |
| void | mbedtls_x509_crt_free (mbedtls_x509_crt *crt) |
| Unallocate all certificate data. | |
| int | mbedtls_x509_crt_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt) |
| Returns an informational string about the certificate. | |
| void | mbedtls_x509_crt_init (mbedtls_x509_crt *crt) |
| Initialize a certificate (chain) | |
| int | mbedtls_x509_crt_is_revoked (const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) |
| Verify the certificate revocation status. | |
| int | mbedtls_x509_crt_parse (mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen) |
| Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list. | |
| int | mbedtls_x509_crt_parse_der (mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen) |
| Parse a single DER formatted certificate and add it to the chained list. | |
| int | mbedtls_x509_crt_parse_file (mbedtls_x509_crt *chain, const char *path) |
| Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. | |
| int | mbedtls_x509_crt_parse_path (mbedtls_x509_crt *chain, const char *path) |
| Load one or more certificate files from a path and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. | |
| typedef struct mbedtls_x509_crt_profile | mbedtls_x509_crt_profile |
| const mbedtls_x509_crt_profile | mbedtls_x509_crt_profile_default |
| const mbedtls_x509_crt_profile | mbedtls_x509_crt_profile_next |
| const mbedtls_x509_crt_profile | mbedtls_x509_crt_profile_suiteb |
| int | mbedtls_x509_crt_verify (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy) |
| Verify the certificate signature. | |
| int | mbedtls_x509_crt_verify_info (char *buf, size_t size, const char *prefix, uint32_t flags) |
| Returns an informational string about the verification status of a certificate. | |
| int | mbedtls_x509_crt_verify_restartable (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx) |
Restartable version of mbedtls_crt_verify_with_profile() | |
| int | mbedtls_x509_crt_verify_with_profile (mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy) |
| Verify the certificate signature according to profile. | |
| #define | MBEDTLS_X509_ID_FLAG(id) |
| #define | MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) |
| typedef struct mbedtls_x509write_cert | mbedtls_x509write_cert |
| int | mbedtls_x509write_crt_der (mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. | |
| void | mbedtls_x509write_crt_free (mbedtls_x509write_cert *ctx) |
| Free the contents of a CRT write context. | |
| void | mbedtls_x509write_crt_init (mbedtls_x509write_cert *ctx) |
| Initialize a CRT writing context. | |
| int | mbedtls_x509write_crt_pem (mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Write a built up certificate to a X509 PEM string. | |
| int | mbedtls_x509write_crt_set_authority_key_identifier (mbedtls_x509write_cert *ctx) |
| Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key() has been called before. | |
| int | mbedtls_x509write_crt_set_basic_constraints (mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen) |
| Set the basicConstraints extension for a CRT. | |
| int | mbedtls_x509write_crt_set_extension (mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len) |
| Generic function to add to or replace an extension in the CRT. | |
| void | mbedtls_x509write_crt_set_issuer_key (mbedtls_x509write_cert *ctx, mbedtls_pk_context *key) |
| Set the issuer key used for signing the certificate. | |
| int | mbedtls_x509write_crt_set_issuer_name (mbedtls_x509write_cert *ctx, const char *issuer_name) |
| Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS CA". | |
| int | mbedtls_x509write_crt_set_key_usage (mbedtls_x509write_cert *ctx, unsigned int key_usage) |
| Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) | |
| void | mbedtls_x509write_crt_set_md_alg (mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg) |
| Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1) | |
| int | mbedtls_x509write_crt_set_ns_cert_type (mbedtls_x509write_cert *ctx, unsigned char ns_cert_type) |
| Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) | |
| int | mbedtls_x509write_crt_set_serial (mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial) |
| Set the serial number for a Certificate. | |
| void | mbedtls_x509write_crt_set_subject_key (mbedtls_x509write_cert *ctx, mbedtls_pk_context *key) |
| Set the subject public key for the certificate. | |
| int | mbedtls_x509write_crt_set_subject_key_identifier (mbedtls_x509write_cert *ctx) |
| Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key() has been called before. | |
| int | mbedtls_x509write_crt_set_subject_name (mbedtls_x509write_cert *ctx, const char *subject_name) |
| Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1". | |
| int | mbedtls_x509write_crt_set_validity (mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after) |
| Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e. "YYYYMMDDhhmmss" e.g. "20131231235959" for December 31st 2013 at 23:59:59. | |
| void | mbedtls_x509write_crt_set_version (mbedtls_x509write_cert *ctx, int version) |
| Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3. | |
X.509 certificate parsing and writing.