Mbed TLS v3.6.3
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 #ifndef MBEDTLS_X509_CRT_H
11 #define MBEDTLS_X509_CRT_H
12 #include "mbedtls/private_access.h"
13 
14 #include "mbedtls/build_info.h"
15 
16 #include "mbedtls/x509.h"
17 #include "mbedtls/x509_crl.h"
18 #include "mbedtls/bignum.h"
19 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif
28 
41 typedef struct mbedtls_x509_crt {
42  int MBEDTLS_PRIVATE(own_buffer);
47  int version;
72  int MBEDTLS_PRIVATE(ext_types);
73  int MBEDTLS_PRIVATE(ca_istrue);
74  int MBEDTLS_PRIVATE(max_pathlen);
76  unsigned int MBEDTLS_PRIVATE(key_usage);
80  unsigned char MBEDTLS_PRIVATE(ns_cert_type);
85  void *MBEDTLS_PRIVATE(sig_opts);
91 }
93 
98 #define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1))
99 
125 typedef struct mbedtls_x509_crt_profile {
126  uint32_t allowed_mds;
127  uint32_t allowed_pks;
130  uint32_t allowed_curves;
131  uint32_t rsa_min_bitlen;
132 }
134 
135 #define MBEDTLS_X509_CRT_VERSION_1 0
136 #define MBEDTLS_X509_CRT_VERSION_2 1
137 #define MBEDTLS_X509_CRT_VERSION_3 2
138 
139 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20
140 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
141 
142 #if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
143 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
144 #endif
145 
146 /* This macro unfolds to the concatenation of macro invocations
147  * X509_CRT_ERROR_INFO( error code,
148  * error code as string,
149  * human readable description )
150  * where X509_CRT_ERROR_INFO is defined by the user.
151  * See x509_crt.c for an example of how to use this. */
152 #define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
153  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \
154  "MBEDTLS_X509_BADCERT_EXPIRED", \
155  "The certificate validity has expired") \
156  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \
157  "MBEDTLS_X509_BADCERT_REVOKED", \
158  "The certificate has been revoked (is on a CRL)") \
159  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_CN_MISMATCH, \
160  "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
161  "The certificate Common Name (CN) does not match with the expected CN") \
162  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
163  "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
164  "The certificate is not correctly signed by the trusted CA") \
165  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
166  "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
167  "The CRL is not correctly signed by the trusted CA") \
168  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \
169  "MBEDTLS_X509_BADCRL_EXPIRED", \
170  "The CRL is expired") \
171  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \
172  "MBEDTLS_X509_BADCERT_MISSING", \
173  "Certificate was missing") \
174  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
175  "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
176  "Certificate verification was skipped") \
177  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \
178  "MBEDTLS_X509_BADCERT_OTHER", \
179  "Other reason (can be used by verify callback)") \
180  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \
181  "MBEDTLS_X509_BADCERT_FUTURE", \
182  "The certificate validity starts in the future") \
183  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \
184  "MBEDTLS_X509_BADCRL_FUTURE", \
185  "The CRL is from the future") \
186  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \
187  "MBEDTLS_X509_BADCERT_KEY_USAGE", \
188  "Usage does not match the keyUsage extension") \
189  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
190  "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
191  "Usage does not match the extendedKeyUsage extension") \
192  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
193  "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
194  "Usage does not match the nsCertType extension") \
195  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_MD, \
196  "MBEDTLS_X509_BADCERT_BAD_MD", \
197  "The certificate is signed with an unacceptable hash.") \
198  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_PK, \
199  "MBEDTLS_X509_BADCERT_BAD_PK", \
200  "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
201  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_KEY, \
202  "MBEDTLS_X509_BADCERT_BAD_KEY", \
203  "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \
204  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \
205  "MBEDTLS_X509_BADCRL_BAD_MD", \
206  "The CRL is signed with an unacceptable hash.") \
207  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_PK, \
208  "MBEDTLS_X509_BADCRL_BAD_PK", \
209  "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \
210  X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \
211  "MBEDTLS_X509_BADCRL_BAD_KEY", \
212  "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
213 
217 typedef struct mbedtls_x509write_cert {
218  int MBEDTLS_PRIVATE(version);
220  size_t MBEDTLS_PRIVATE(serial_len);
229 }
231 
245  const mbedtls_x509_san_list *san_list);
246 
250 typedef struct {
252  uint32_t MBEDTLS_PRIVATE(flags);
254 
258 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
259 
263 typedef struct {
265  unsigned MBEDTLS_PRIVATE(len);
266 
267 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
268  /* This stores the list of potential trusted signers obtained from
269  * the CA callback used for the CRT verification, if configured.
270  * We must track it somewhere because the callback passes its
271  * ownership to the caller. */
272  mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
273 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
275 
276 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
277 
281 typedef struct {
282  /* for check_signature() */
284 
285  /* for find_parent_in() */
286  mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
287  mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
288  int MBEDTLS_PRIVATE(fallback_signature_is_good);
289 
290  /* for find_parent() */
291  int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
292 
293  /* for verify_chain() */
294  enum {
295  x509_crt_rs_none,
296  x509_crt_rs_find_parent,
297  } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
298  int MBEDTLS_PRIVATE(self_cnt);
300 
302 
303 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
304 
305 /* Now we can declare functions that take a pointer to that */
307 
308 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
309 
310 #if defined(MBEDTLS_X509_CRT_PARSE_C)
311 
325 
332 
337 
343 
369  const unsigned char *buf,
370  size_t buflen);
371 
402 typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
403  mbedtls_x509_crt const *crt,
404  mbedtls_x509_buf const *oid,
405  int critical,
406  const unsigned char *p,
407  const unsigned char *end);
408 
454  const unsigned char *buf,
455  size_t buflen,
456  int make_copy,
458  void *p_ctx);
459 
492  const unsigned char *buf,
493  size_t buflen);
494 
529 int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen);
530 
531 #if defined(MBEDTLS_FS_IO)
532 
549 int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
550 
564 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
565 
566 #endif /* MBEDTLS_FS_IO */
567 
568 #if !defined(MBEDTLS_X509_REMOVE_INFO)
569 
581 int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
582  const mbedtls_x509_crt *crt);
583 
596 int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
597  uint32_t flags);
598 #endif /* !MBEDTLS_X509_REMOVE_INFO */
599 
671  mbedtls_x509_crt *trust_ca,
672  mbedtls_x509_crl *ca_crl,
673  const char *cn, uint32_t *flags,
674  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
675  void *p_vrfy);
676 
712  mbedtls_x509_crt *trust_ca,
713  mbedtls_x509_crl *ca_crl,
714  const mbedtls_x509_crt_profile *profile,
715  const char *cn, uint32_t *flags,
716  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
717  void *p_vrfy);
718 
746  mbedtls_x509_crt *trust_ca,
747  mbedtls_x509_crl *ca_crl,
748  const mbedtls_x509_crt_profile *profile,
749  const char *cn, uint32_t *flags,
750  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
751  void *p_vrfy,
752  mbedtls_x509_crt_restart_ctx *rs_ctx);
753 
784 typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
785  mbedtls_x509_crt const *child,
786  mbedtls_x509_crt **candidate_cas);
787 
788 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
789 
811 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
812  mbedtls_x509_crt_ca_cb_t f_ca_cb,
813  void *p_ca_cb,
814  const mbedtls_x509_crt_profile *profile,
815  const char *cn, uint32_t *flags,
816  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
817  void *p_vrfy);
818 
819 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
820 
843  unsigned int usage);
844 
859  const char *usage_oid,
860  size_t usage_len);
861 
862 #if defined(MBEDTLS_X509_CRL_PARSE_C)
863 
873 #endif /* MBEDTLS_X509_CRL_PARSE_C */
874 
881 
888 
889 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
890 
893 void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
894 
898 void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
899 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
900 #endif /* MBEDTLS_X509_CRT_PARSE_C */
901 
913 static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx,
914  int ext_type)
915 {
916  return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
917 }
918 
930 
933 #if defined(MBEDTLS_X509_CRT_WRITE_C)
934 
940 
950 
951 #if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
952 
970  mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
971 #endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
972 
987  unsigned char *serial, size_t serial_len);
988 
1003 int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before,
1004  const char *not_after);
1005 
1019  const char *issuer_name);
1020 
1034  const char *subject_name);
1035 
1043 
1051 
1060 
1075  const char *oid, size_t oid_len,
1076  int critical,
1077  const unsigned char *val, size_t val_len);
1078 
1091  int is_ca, int max_pathlen);
1092 
1093 #if defined(MBEDTLS_MD_CAN_SHA1)
1094 
1104 
1115 #endif /* MBEDTLS_MD_CAN_SHA1 */
1116 
1127  unsigned int key_usage);
1128 
1140  const mbedtls_asn1_sequence *exts);
1141 
1152  unsigned char ns_cert_type);
1153 
1160 
1178 int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1179  int (*f_rng)(void *, unsigned char *, size_t),
1180  void *p_rng);
1181 
1182 #if defined(MBEDTLS_PEM_WRITE_C)
1183 
1196 int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1197  int (*f_rng)(void *, unsigned char *, size_t),
1198  void *p_rng);
1199 #endif /* MBEDTLS_PEM_WRITE_C */
1200 #endif /* MBEDTLS_X509_CRT_WRITE_C */
1201 
1204 #ifdef __cplusplus
1205 }
1206 #endif
1207 
1208 #endif /* mbedtls_x509_crt.h */
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates.
Public key container.
Definition: pk.h:220
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates with respect to a configurable security profile.
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:66
int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the version for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list)
Set Subject Alternative Name.
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:60
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
#define MBEDTLS_PRIVATE(member)
mbedtls_pk_type_t
Public key types.
Definition: pk.h:73
int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)
The type of trusted certificate callbacks.
Definition: x509_crt.h:784
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
mbedtls_x509_sequence certificate_policies
Definition: x509_crt.h:70
struct mbedtls_x509_crt * next
Definition: x509_crt.h:90
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_name issuer
Definition: x509_crt.h:54
mbedtls_x509_buf subject_id
Definition: x509_crt.h:64
struct mbedtls_x509write_cert mbedtls_x509write_cert
mbedtls_x509_buf tbs
Definition: x509_crt.h:45
Multi-precision integer library.
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:52
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:49
void mbedtls_pk_restart_ctx
Definition: pk.h:277
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:51
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_name subject
Definition: x509_crt.h:55
mbedtls_x509_time valid_to
Definition: x509_crt.h:58
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
static int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, int ext_type)
Query certificate for given extension type.
Definition: x509_crt.h:913
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively...
mbedtls_x509_authority authority_key_id
Definition: x509_crt.h:68
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
mbedtls_x509_buf serial
Definition: x509_crt.h:48
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:306
mbedtls_x509_time valid_from
Definition: x509_crt.h:57
mbedtls_x509_buf raw
Definition: x509_crt.h:44
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
Macro wrapper for struct's members.
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:140
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:258
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
#define MBEDTLS_DEPRECATED
Definition: platform_util.h:37
int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)
The type of certificate extension callbacks.
Definition: x509_crt.h:402
X.509 generic defines and structures.
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
Build-time configuration info.
mbedtls_x509_buf subject_key_id
Definition: x509_crt.h:67
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt)
Access the ca_istrue field.
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:63
MPI structure.
Definition: bignum.h:207
X.509 certificate revocation list parsing.
struct mbedtls_x509_crt mbedtls_x509_crt
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:78
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, unsigned char *serial, size_t serial_len)
Set the serial number for a Certificate.
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
mbedtls_pk_context pk
Definition: x509_crt.h:61
mbedtls_md_type_t
Supported message digests.
Definition: md.h:47
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts)
Set the Extended Key Usage Extension (e.g. MBEDTLS_OID_SERVER_AUTH)
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
Definition: x509_crt.h:139
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:65