Mbed TLS v3.6.1
Loading...
Searching...
No Matches
Data Structures | Macros | Functions
x509.h File Reference

X.509 generic defines and structures. More...

#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
#include "mbedtls/rsa.h"
Include dependency graph for x509.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  mbedtls_x509_authority
 
struct  mbedtls_x509_time
 
struct  mbedtls_x509_san_other_name
 
struct  mbedtls_x509_subject_alternative_name
 
struct  mbedtls_x509_san_list
 

Macros

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
 
#define MBEDTLS_X509_SAN_OTHER_NAME   0
 
#define MBEDTLS_X509_SAN_RFC822_NAME   1
 
#define MBEDTLS_X509_SAN_DNS_NAME   2
 
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME   3
 
#define MBEDTLS_X509_SAN_DIRECTORY_NAME   4
 
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME   5
 
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER   6
 
#define MBEDTLS_X509_SAN_IP_ADDRESS   7
 
#define MBEDTLS_X509_SAN_REGISTERED_ID   8
 
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
 
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
 
#define MBEDTLS_X509_EXT_KEY_USAGE   MBEDTLS_OID_X509_EXT_KEY_USAGE
 
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
 
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
 
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
 
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
 
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
 
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
 
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
 
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
 
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
 
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
 
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
 
#define MBEDTLS_X509_EXT_FRESHEST_CRL   MBEDTLS_OID_X509_EXT_FRESHEST_CRL
 
#define MBEDTLS_X509_EXT_NS_CERT_TYPE   MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
 
#define MBEDTLS_X509_FORMAT_DER   1
 
#define MBEDTLS_X509_FORMAT_PEM   2
 
#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256
 
#define MBEDTLS_X509_SAFE_SNPRINTF
 
X509 Error codes
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 
#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100
 
#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180
 
#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200
 
#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280
 
#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300
 
#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380
 
#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400
 
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480
 
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500
 
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580
 
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 
#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680
 
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800
 
#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880
 
#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900
 
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980
 
#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000
 
X509 Verify codes
#define MBEDTLS_X509_BADCERT_EXPIRED   0x01
 
#define MBEDTLS_X509_BADCERT_REVOKED   0x02
 
#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04
 
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08
 
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10
 
#define MBEDTLS_X509_BADCRL_EXPIRED   0x20
 
#define MBEDTLS_X509_BADCERT_MISSING   0x40
 
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80
 
#define MBEDTLS_X509_BADCERT_OTHER   0x0100
 
#define MBEDTLS_X509_BADCERT_FUTURE   0x0200
 
#define MBEDTLS_X509_BADCRL_FUTURE   0x0400
 
#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800
 
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000
 
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000
 
#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000
 
#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000
 
#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000
 
#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000
 
#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000
 
#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000
 

Typedefs

Structures for parsing X.509 certificates, CRLs and CSRs
typedef mbedtls_asn1_buf mbedtls_x509_buf
 
typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring
 
typedef mbedtls_asn1_named_data mbedtls_x509_name
 
typedef mbedtls_asn1_sequence mbedtls_x509_sequence
 
typedef struct mbedtls_x509_authority mbedtls_x509_authority
 
typedef struct mbedtls_x509_time mbedtls_x509_time
 
typedef struct mbedtls_x509_san_other_name mbedtls_x509_san_other_name
 
typedef struct mbedtls_x509_subject_alternative_name mbedtls_x509_subject_alternative_name
 
typedef struct mbedtls_x509_san_list mbedtls_x509_san_list
 

Functions

int mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written.
 
int mbedtls_x509_string_to_names (mbedtls_asn1_named_data **head, const char *name)
 Convert the certificate DN string name into a linked list of mbedtls_x509_name (equivalent to mbedtls_asn1_named_data).
 
static mbedtls_x509_namembedtls_x509_dn_get_next (mbedtls_x509_name *dn)
 Return the next relative DN in an X509 name.
 
int mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written.
 
int mbedtls_x509_time_cmp (const mbedtls_x509_time *t1, const mbedtls_x509_time *t2)
 Compare pair of mbedtls_x509_time.
 
int mbedtls_x509_time_gmtime (mbedtls_time_t tt, mbedtls_x509_time *now)
 Fill mbedtls_x509_time with provided mbedtls_time_t.
 
int mbedtls_x509_time_is_past (const mbedtls_x509_time *to)
 Check a given mbedtls_x509_time against the system time and tell if it's in the past.
 
int mbedtls_x509_time_is_future (const mbedtls_x509_time *from)
 Check a given mbedtls_x509_time against the system time and tell if it's in the future.
 
int mbedtls_x509_parse_subject_alt_name (const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san)
 This function parses an item in the SubjectAlternativeNames extension. Please note that this function might allocate additional memory for a subject alternative name, thus mbedtls_x509_free_subject_alt_name has to be called to dispose of this additional memory afterwards.
 
void mbedtls_x509_free_subject_alt_name (mbedtls_x509_subject_alternative_name *san)
 Unallocate all data related to subject alternative name.
 
size_t mbedtls_x509_crt_parse_cn_inet_pton (const char *cn, void *dst)
 This function parses a CN string as an IP address.
 

Detailed Description

X.509 generic defines and structures.

Definition in file x509.h.

Macro Definition Documentation

◆ MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER

#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER

Definition at line 174 of file x509.h.

◆ MBEDTLS_X509_EXT_BASIC_CONSTRAINTS

#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */

Definition at line 182 of file x509.h.

◆ MBEDTLS_X509_EXT_CERTIFICATE_POLICIES

#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES

Definition at line 177 of file x509.h.

◆ MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS

#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS

Definition at line 186 of file x509.h.

◆ MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE

#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE

Definition at line 185 of file x509.h.

◆ MBEDTLS_X509_EXT_FRESHEST_CRL

#define MBEDTLS_X509_EXT_FRESHEST_CRL   MBEDTLS_OID_X509_EXT_FRESHEST_CRL

Definition at line 188 of file x509.h.

◆ MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY

#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY

Definition at line 187 of file x509.h.

◆ MBEDTLS_X509_EXT_ISSUER_ALT_NAME

#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME

Definition at line 180 of file x509.h.

◆ MBEDTLS_X509_EXT_KEY_USAGE

#define MBEDTLS_X509_EXT_KEY_USAGE   MBEDTLS_OID_X509_EXT_KEY_USAGE

Definition at line 176 of file x509.h.

◆ MBEDTLS_X509_EXT_NAME_CONSTRAINTS

#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS

Definition at line 183 of file x509.h.

◆ MBEDTLS_X509_EXT_NS_CERT_TYPE

#define MBEDTLS_X509_EXT_NS_CERT_TYPE   MBEDTLS_OID_X509_EXT_NS_CERT_TYPE

Definition at line 189 of file x509.h.

◆ MBEDTLS_X509_EXT_POLICY_CONSTRAINTS

#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS

Definition at line 184 of file x509.h.

◆ MBEDTLS_X509_EXT_POLICY_MAPPINGS

#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS

Definition at line 178 of file x509.h.

◆ MBEDTLS_X509_EXT_SUBJECT_ALT_NAME

#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */

Definition at line 179 of file x509.h.

◆ MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS

#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS

Definition at line 181 of file x509.h.

◆ MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER

#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER

Definition at line 175 of file x509.h.

◆ MBEDTLS_X509_FORMAT_DER

#define MBEDTLS_X509_FORMAT_DER   1

Definition at line 195 of file x509.h.

◆ MBEDTLS_X509_FORMAT_PEM

#define MBEDTLS_X509_FORMAT_PEM   2

Definition at line 196 of file x509.h.

◆ MBEDTLS_X509_KU_CRL_SIGN

#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */

Definition at line 147 of file x509.h.

◆ MBEDTLS_X509_KU_DATA_ENCIPHERMENT

#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */

Definition at line 144 of file x509.h.

◆ MBEDTLS_X509_KU_DECIPHER_ONLY

#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */

Definition at line 149 of file x509.h.

◆ MBEDTLS_X509_KU_DIGITAL_SIGNATURE

#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */

Definition at line 141 of file x509.h.

◆ MBEDTLS_X509_KU_ENCIPHER_ONLY

#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */

Definition at line 148 of file x509.h.

◆ MBEDTLS_X509_KU_KEY_AGREEMENT

#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */

Definition at line 145 of file x509.h.

◆ MBEDTLS_X509_KU_KEY_CERT_SIGN

#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */

Definition at line 146 of file x509.h.

◆ MBEDTLS_X509_KU_KEY_ENCIPHERMENT

#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */

Definition at line 143 of file x509.h.

◆ MBEDTLS_X509_KU_NON_REPUDIATION

#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */

Definition at line 142 of file x509.h.

◆ MBEDTLS_X509_MAX_DN_NAME_SIZE

#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256

Maximum value size of a DN entry

Definition at line 198 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_EMAIL

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */

Definition at line 158 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */

Definition at line 162 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */

Definition at line 159 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */

Definition at line 163 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_RESERVED

#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */

Definition at line 160 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_SSL_CA

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */

Definition at line 161 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */

Definition at line 156 of file x509.h.

◆ MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */

Definition at line 157 of file x509.h.

◆ MBEDTLS_X509_SAFE_SNPRINTF

#define MBEDTLS_X509_SAFE_SNPRINTF
Value:
do { \
if (ret < 0 || (size_t) ret >= n) \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while (0)
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
Definition: x509.h:81

Definition at line 486 of file x509.h.

◆ MBEDTLS_X509_SAN_DIRECTORY_NAME

#define MBEDTLS_X509_SAN_DIRECTORY_NAME   4

Definition at line 131 of file x509.h.

◆ MBEDTLS_X509_SAN_DNS_NAME

#define MBEDTLS_X509_SAN_DNS_NAME   2

Definition at line 129 of file x509.h.

◆ MBEDTLS_X509_SAN_EDI_PARTY_NAME

#define MBEDTLS_X509_SAN_EDI_PARTY_NAME   5

Definition at line 132 of file x509.h.

◆ MBEDTLS_X509_SAN_IP_ADDRESS

#define MBEDTLS_X509_SAN_IP_ADDRESS   7

Definition at line 134 of file x509.h.

◆ MBEDTLS_X509_SAN_OTHER_NAME

#define MBEDTLS_X509_SAN_OTHER_NAME   0

Definition at line 127 of file x509.h.

◆ MBEDTLS_X509_SAN_REGISTERED_ID

#define MBEDTLS_X509_SAN_REGISTERED_ID   8

Definition at line 135 of file x509.h.

◆ MBEDTLS_X509_SAN_RFC822_NAME

#define MBEDTLS_X509_SAN_RFC822_NAME   1

Definition at line 128 of file x509.h.

◆ MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER

#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER   6

Definition at line 133 of file x509.h.

◆ MBEDTLS_X509_SAN_X400_ADDRESS_NAME

#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME   3

Definition at line 130 of file x509.h.

Function Documentation

◆ mbedtls_x509_crt_parse_cn_inet_pton()

size_t mbedtls_x509_crt_parse_cn_inet_pton ( const char *  cn,
void *  dst 
)

This function parses a CN string as an IP address.

Parameters
cnThe CN string to parse. CN string MUST be null-terminated.
dstThe target buffer to populate with the binary IP address. The buffer MUST be 16 bytes to save IPv6, and should be 4-byte aligned if the result will be used as struct in_addr. e.g. uint32_t dst[4]
Note
cn is parsed as an IPv6 address if string contains ':', else cn is parsed as an IPv4 address.
Returns
Length of binary IP address; num bytes written to target.
0 on failure to parse CN string as an IP address.

◆ mbedtls_x509_dn_get_next()

static mbedtls_x509_name * mbedtls_x509_dn_get_next ( mbedtls_x509_name dn)
inlinestatic

Return the next relative DN in an X509 name.

Note
Intended use is to compare function result to dn->next in order to detect boundaries of multi-valued RDNs.
Parameters
dnCurrent node in the X509 name
Returns
Pointer to the first attribute-value pair of the next RDN in sequence, or NULL if end is reached.

Definition at line 353 of file x509.h.

References mbedtls_asn1_named_data::next.

◆ mbedtls_x509_dn_gets()

int mbedtls_x509_dn_gets ( char *  buf,
size_t  size,
const mbedtls_x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_free_subject_alt_name()

void mbedtls_x509_free_subject_alt_name ( mbedtls_x509_subject_alternative_name san)

Unallocate all data related to subject alternative name.

Parameters
sanSAN structure - extra memory owned by this structure will be freed

◆ mbedtls_x509_parse_subject_alt_name()

int mbedtls_x509_parse_subject_alt_name ( const mbedtls_x509_buf san_buf,
mbedtls_x509_subject_alternative_name san 
)

This function parses an item in the SubjectAlternativeNames extension. Please note that this function might allocate additional memory for a subject alternative name, thus mbedtls_x509_free_subject_alt_name has to be called to dispose of this additional memory afterwards.

Parameters
san_bufThe buffer holding the raw data item of the subject alternative name.
sanThe target structure to populate with the parsed presentation of the subject alternative name encoded in san_buf.
Note
Supported GeneralName types, as defined in RFC 5280: "rfc822Name", "dnsName", "directoryName", "uniformResourceIdentifier" and "hardware_module_name" of type "otherName", as defined in RFC 4108.
This function should be called on a single raw data of subject alternative name. For example, after successful certificate parsing, one must iterate on every item in the crt->subject_alt_names sequence, and pass it to this function.
Warning
The target structure contains pointers to the raw data of the parsed certificate, and its lifetime is restricted by the lifetime of the certificate.
Returns
0 on success
MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported SAN type.
Another negative value for any other failure.

◆ mbedtls_x509_serial_gets()

int mbedtls_x509_serial_gets ( char *  buf,
size_t  size,
const mbedtls_x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.

◆ mbedtls_x509_string_to_names()

int mbedtls_x509_string_to_names ( mbedtls_asn1_named_data **  head,
const char *  name 
)

Convert the certificate DN string name into a linked list of mbedtls_x509_name (equivalent to mbedtls_asn1_named_data).

Note
This function allocates a linked list, and places the head pointer in head. This list must later be freed by a call to mbedtls_asn1_free_named_data_list().
Parameters
[out]headAddress in which to store the pointer to the head of the allocated list of mbedtls_x509_name
[in]nameThe string representation of a DN to convert
Returns
0 on success, or a negative error code.

◆ mbedtls_x509_time_cmp()

int mbedtls_x509_time_cmp ( const mbedtls_x509_time t1,
const mbedtls_x509_time t2 
)

Compare pair of mbedtls_x509_time.

Parameters
t1mbedtls_x509_time to compare
t2mbedtls_x509_time to compare
Returns
< 0 if t1 is before t2 0 if t1 equals t2 > 0 if t1 is after t2

◆ mbedtls_x509_time_gmtime()

int mbedtls_x509_time_gmtime ( mbedtls_time_t  tt,
mbedtls_x509_time now 
)

Fill mbedtls_x509_time with provided mbedtls_time_t.

Parameters
ttmbedtls_time_t to convert
nowmbedtls_x509_time to fill with converted mbedtls_time_t
Returns
0 on success
A non-zero return value on failure.

◆ mbedtls_x509_time_is_future()

int mbedtls_x509_time_is_future ( const mbedtls_x509_time from)

Check a given mbedtls_x509_time against the system time and tell if it's in the future.

Note
Intended usage is "if( is_future( valid_from ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
frommbedtls_x509_time to check
Returns
1 if the given time is in the future or an error occurred, 0 otherwise.

◆ mbedtls_x509_time_is_past()

int mbedtls_x509_time_is_past ( const mbedtls_x509_time to)

Check a given mbedtls_x509_time against the system time and tell if it's in the past.

Note
Intended usage is "if( is_past( valid_to ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
tombedtls_x509_time to check
Returns
1 if the given time is in the past or an error occurred, 0 otherwise.