Mbed TLS v3.6.0
|
X.509 generic defines and structures. More...
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
#include "mbedtls/rsa.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_x509_authority |
struct | mbedtls_x509_time |
struct | mbedtls_x509_san_other_name |
struct | mbedtls_x509_subject_alternative_name |
struct | mbedtls_x509_san_list |
Typedefs | |
Structures for parsing X.509 certificates, CRLs and CSRs | |
typedef mbedtls_asn1_buf | mbedtls_x509_buf |
typedef mbedtls_asn1_bitstring | mbedtls_x509_bitstring |
typedef mbedtls_asn1_named_data | mbedtls_x509_name |
typedef mbedtls_asn1_sequence | mbedtls_x509_sequence |
typedef struct mbedtls_x509_authority | mbedtls_x509_authority |
typedef struct mbedtls_x509_time | mbedtls_x509_time |
typedef struct mbedtls_x509_san_other_name | mbedtls_x509_san_other_name |
typedef struct mbedtls_x509_subject_alternative_name | mbedtls_x509_subject_alternative_name |
typedef struct mbedtls_x509_san_list | mbedtls_x509_san_list |
Functions | |
int | mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn) |
Store the certificate DN in printable form into buf; no more than size characters will be written. | |
int | mbedtls_x509_string_to_names (mbedtls_asn1_named_data **head, const char *name) |
Convert the certificate DN string name into a linked list of mbedtls_x509_name (equivalent to mbedtls_asn1_named_data). | |
static mbedtls_x509_name * | mbedtls_x509_dn_get_next (mbedtls_x509_name *dn) |
Return the next relative DN in an X509 name. | |
int | mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial) |
Store the certificate serial in printable form into buf; no more than size characters will be written. | |
int | mbedtls_x509_time_cmp (const mbedtls_x509_time *t1, const mbedtls_x509_time *t2) |
Compare pair of mbedtls_x509_time. | |
int | mbedtls_x509_time_gmtime (mbedtls_time_t tt, mbedtls_x509_time *now) |
Fill mbedtls_x509_time with provided mbedtls_time_t. | |
int | mbedtls_x509_time_is_past (const mbedtls_x509_time *to) |
Check a given mbedtls_x509_time against the system time and tell if it's in the past. | |
int | mbedtls_x509_time_is_future (const mbedtls_x509_time *from) |
Check a given mbedtls_x509_time against the system time and tell if it's in the future. | |
int | mbedtls_x509_parse_subject_alt_name (const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san) |
This function parses an item in the SubjectAlternativeNames extension. Please note that this function might allocate additional memory for a subject alternative name, thus mbedtls_x509_free_subject_alt_name has to be called to dispose of this additional memory afterwards. | |
void | mbedtls_x509_free_subject_alt_name (mbedtls_x509_subject_alternative_name *san) |
Unallocate all data related to subject alternative name. | |
size_t | mbedtls_x509_crt_parse_cn_inet_pton (const char *cn, void *dst) |
This function parses a CN string as an IP address. | |
X.509 generic defines and structures.
Definition in file x509.h.
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER |
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ |
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES |
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS |
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE |
#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL |
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY |
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME |
#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE |
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS |
#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE |
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS |
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS |
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ |
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS |
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER |
#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 |
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ |
#define MBEDTLS_X509_SAFE_SNPRINTF |
size_t mbedtls_x509_crt_parse_cn_inet_pton | ( | const char * | cn, |
void * | dst | ||
) |
This function parses a CN string as an IP address.
cn | The CN string to parse. CN string MUST be null-terminated. |
dst | The target buffer to populate with the binary IP address. The buffer MUST be 16 bytes to save IPv6, and should be 4-byte aligned if the result will be used as struct in_addr. e.g. uint32_t dst[4] |
cn
is parsed as an IPv6 address if string contains ':', else cn
is parsed as an IPv4 address.0
on failure to parse CN string as an IP address.
|
inlinestatic |
Return the next relative DN in an X509 name.
dn | Current node in the X509 name |
Definition at line 353 of file x509.h.
References mbedtls_asn1_named_data::next.
int mbedtls_x509_dn_gets | ( | char * | buf, |
size_t | size, | ||
const mbedtls_x509_name * | dn | ||
) |
Store the certificate DN in printable form into buf; no more than size characters will be written.
buf | Buffer to write to |
size | Maximum size of buffer |
dn | The X509 name to represent |
void mbedtls_x509_free_subject_alt_name | ( | mbedtls_x509_subject_alternative_name * | san | ) |
Unallocate all data related to subject alternative name.
san | SAN structure - extra memory owned by this structure will be freed |
int mbedtls_x509_parse_subject_alt_name | ( | const mbedtls_x509_buf * | san_buf, |
mbedtls_x509_subject_alternative_name * | san | ||
) |
This function parses an item in the SubjectAlternativeNames extension. Please note that this function might allocate additional memory for a subject alternative name, thus mbedtls_x509_free_subject_alt_name has to be called to dispose of this additional memory afterwards.
san_buf | The buffer holding the raw data item of the subject alternative name. |
san | The target structure to populate with the parsed presentation of the subject alternative name encoded in san_buf . |
crt->subject_alt_names
sequence, and pass it to this function.0
on success int mbedtls_x509_serial_gets | ( | char * | buf, |
size_t | size, | ||
const mbedtls_x509_buf * | serial | ||
) |
Store the certificate serial in printable form into buf; no more than size characters will be written.
buf | Buffer to write to |
size | Maximum size of buffer |
serial | The X509 serial to represent |
int mbedtls_x509_string_to_names | ( | mbedtls_asn1_named_data ** | head, |
const char * | name | ||
) |
Convert the certificate DN string name
into a linked list of mbedtls_x509_name (equivalent to mbedtls_asn1_named_data).
head
. This list must later be freed by a call to mbedtls_asn1_free_named_data_list().[out] | head | Address in which to store the pointer to the head of the allocated list of mbedtls_x509_name |
[in] | name | The string representation of a DN to convert |
int mbedtls_x509_time_cmp | ( | const mbedtls_x509_time * | t1, |
const mbedtls_x509_time * | t2 | ||
) |
Compare pair of mbedtls_x509_time.
t1 | mbedtls_x509_time to compare |
t2 | mbedtls_x509_time to compare |
int mbedtls_x509_time_gmtime | ( | mbedtls_time_t | tt, |
mbedtls_x509_time * | now | ||
) |
Fill mbedtls_x509_time with provided mbedtls_time_t.
tt | mbedtls_time_t to convert |
now | mbedtls_x509_time to fill with converted mbedtls_time_t |
0
on success int mbedtls_x509_time_is_future | ( | const mbedtls_x509_time * | from | ) |
Check a given mbedtls_x509_time against the system time and tell if it's in the future.
from | mbedtls_x509_time to check |
int mbedtls_x509_time_is_past | ( | const mbedtls_x509_time * | to | ) |
Check a given mbedtls_x509_time against the system time and tell if it's in the past.
to | mbedtls_x509_time to check |