PolarSSL v1.1.4
Data Structures | Defines | Functions
x509.h File Reference

X.509 certificate and private key decoding. More...

#include "asn1.h"
#include "rsa.h"
#include "dhm.h"
Include dependency graph for x509.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _x509_name
 Container for ASN1 named information objects. More...
struct  _x509_time
 Container for date and time (precision in seconds). More...
struct  _x509_cert
 Container for an X.509 certificate. More...
struct  _x509_crl_entry
 Certificate revocation list entry. More...
struct  _x509_crl
 Certificate revocation list structure. More...

Defines

#define X520_COMMON_NAME   3
#define X520_COUNTRY   6
#define X520_LOCALITY   7
#define X520_STATE   8
#define X520_ORGANIZATION   10
#define X520_ORG_UNIT   11
#define PKCS9_EMAIL   1
#define X509_OUTPUT_DER   0x01
#define X509_OUTPUT_PEM   0x02
#define PEM_LINE_LENGTH   72
#define X509_ISSUER   0x01
#define X509_SUBJECT   0x02
#define OID_X520   "\x55\x04"
#define OID_CN   OID_X520 "\x03"
#define OID_PKCS1   "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
#define OID_PKCS1_RSA   OID_PKCS1 "\x01"
#define OID_RSA_SHA_OBS   "\x2B\x0E\x03\x02\x1D"
#define OID_PKCS9   "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
#define OID_PKCS9_EMAIL   OID_PKCS9 "\x01"
#define OID_ID_CE   "\x55\x1D"
 ISO arc for standard certificate and CRL extensions.
#define OID_PKIX   "\x2B\x06\x01\x05\x05\x07"
 Private Internet Extensions { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) }.
#define OID_AUTHORITY_KEY_IDENTIFIER   OID_ID_CE "\x23"
 id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
#define OID_SUBJECT_KEY_IDENTIFIER   OID_ID_CE "\x0E"
 id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
#define OID_KEY_USAGE   OID_ID_CE "\x0F"
 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
#define OID_CERTIFICATE_POLICIES   OID_ID_CE "\x20"
 id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
#define OID_POLICY_MAPPINGS   OID_ID_CE "\x21"
 id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
#define OID_SUBJECT_ALT_NAME   OID_ID_CE "\x11"
 id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
#define OID_ISSUER_ALT_NAME   OID_ID_CE "\x12"
 id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
#define OID_SUBJECT_DIRECTORY_ATTRS   OID_ID_CE "\x09"
 id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
#define OID_BASIC_CONSTRAINTS   OID_ID_CE "\x13"
 id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
#define OID_NAME_CONSTRAINTS   OID_ID_CE "\x1E"
 id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
#define OID_POLICY_CONSTRAINTS   OID_ID_CE "\x24"
 id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
#define OID_EXTENDED_KEY_USAGE   OID_ID_CE "\x25"
 id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
#define OID_CRL_DISTRIBUTION_POINTS   OID_ID_CE "\x1F"
 id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }
#define OID_INIHIBIT_ANYPOLICY   OID_ID_CE "\x36"
 id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
#define OID_FRESHEST_CRL   OID_ID_CE "\x2E"
 id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
#define KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
#define KU_NON_REPUDIATION   (0x40) /* bit 1 */
#define KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
#define KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
#define KU_KEY_AGREEMENT   (0x08) /* bit 4 */
#define KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
#define KU_CRL_SIGN   (0x02) /* bit 6 */
#define OID_ANY_EXTENDED_KEY_USAGE   OID_EXTENDED_KEY_USAGE "\x00"
 anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
#define OID_KP   OID_PKIX "\x03"
 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
#define OID_SERVER_AUTH   OID_KP "\x01"
 id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
#define OID_CLIENT_AUTH   OID_KP "\x02"
 id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
#define OID_CODE_SIGNING   OID_KP "\x03"
 id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
#define OID_EMAIL_PROTECTION   OID_KP "\x04"
 id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
#define OID_TIME_STAMPING   OID_KP "\x08"
 id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
#define OID_OCSP_SIGNING   OID_KP "\x09"
 id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
#define STRING_SERVER_AUTH   "TLS Web Server Authentication"
#define STRING_CLIENT_AUTH   "TLS Web Client Authentication"
#define STRING_CODE_SIGNING   "Code Signing"
#define STRING_EMAIL_PROTECTION   "E-mail Protection"
#define STRING_TIME_STAMPING   "Time Stamping"
#define STRING_OCSP_SIGNING   "OCSP Signing"
#define OID_PRIVATE_KEY_USAGE_PERIOD   OID_ID_CE "\x10"
#define OID_CRL_NUMBER   OID_ID_CE "\x14"
 id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
#define OID_NETSCAPE   "\x60\x86\x48\x01\x86\xF8\x42"
 Netscape OID.
#define OID_NS_CERT   OID_NETSCAPE "\x01"
#define OID_NS_CERT_TYPE   OID_NS_CERT "\x01"
#define OID_NS_BASE_URL   OID_NS_CERT "\x02"
#define OID_NS_REVOCATION_URL   OID_NS_CERT "\x03"
#define OID_NS_CA_REVOCATION_URL   OID_NS_CERT "\x04"
#define OID_NS_RENEWAL_URL   OID_NS_CERT "\x07"
#define OID_NS_CA_POLICY_URL   OID_NS_CERT "\x08"
#define OID_NS_SSL_SERVER_NAME   OID_NS_CERT "\x0C"
#define OID_NS_COMMENT   OID_NS_CERT "\x0D"
#define OID_NS_DATA_TYPE   OID_NETSCAPE "\x02"
#define OID_NS_CERT_SEQUENCE   OID_NS_DATA_TYPE "\x05"
#define NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
#define NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
#define NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
#define NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
#define NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
#define NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)
#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
#define EXT_KEY_USAGE   (1 << 2)
#define EXT_CERTIFICATE_POLICIES   (1 << 3)
#define EXT_POLICY_MAPPINGS   (1 << 4)
#define EXT_SUBJECT_ALT_NAME   (1 << 5)
#define EXT_ISSUER_ALT_NAME   (1 << 6)
#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)
#define EXT_BASIC_CONSTRAINTS   (1 << 8)
#define EXT_NAME_CONSTRAINTS   (1 << 9)
#define EXT_POLICY_CONSTRAINTS   (1 << 10)
#define EXT_EXTENDED_KEY_USAGE   (1 << 11)
#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)
#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)
#define EXT_FRESHEST_CRL   (1 << 14)
#define EXT_NS_CERT_TYPE   (1 << 16)
#define X509_FORMAT_DER   1
#define X509_FORMAT_PEM   2
X509 Error codes
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 Unavailable feature, e.g.
#define POLARSSL_ERR_X509_CERT_INVALID_PEM   -0x2100
 The PEM-encoded certificate contains invalid elements, e.g.
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT   -0x2180
 The certificate format is invalid, e.g.
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION   -0x2200
 The certificate version element is invalid.
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL   -0x2280
 The serial tag or value is invalid.
#define POLARSSL_ERR_X509_CERT_INVALID_ALG   -0x2300
 The algorithm tag or value is invalid.
#define POLARSSL_ERR_X509_CERT_INVALID_NAME   -0x2380
 The name tag or value is invalid.
#define POLARSSL_ERR_X509_CERT_INVALID_DATE   -0x2400
 The date tag or value is invalid.
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY   -0x2480
 The pubkey tag or value is invalid (only RSA is supported).
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE   -0x2500
 The signature tag or value invalid.
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS   -0x2580
 The extension tag or value is invalid.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION   -0x2600
 Certificate or CRL has an unsupported version number.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG   -0x2680
 Signature algorithm (oid) is unsupported.
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG   -0x2700
 Key algorithm is unsupported (only RSA is supported).
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH   -0x2780
 Certificate signature algorithms do not match.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2800
 Certificate verification failed, e.g.
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION   -0x2880
 Unsupported RSA key version.
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT   -0x2900
 Invalid RSA key tag or value.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2980
 Format not recognized as DER or PEM.
#define POLARSSL_ERR_X509_INVALID_INPUT   -0x2A00
 Input invalid.
#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2A80
 Allocation of memory failed.
#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2B00
 Read/write of file failed.
X509 Verify codes
#define BADCERT_EXPIRED   0x01
 The certificate validity has expired.
#define BADCERT_REVOKED   0x02
 The certificate has been revoked (is on a CRL).
#define BADCERT_CN_MISMATCH   0x04
 The certificate Common Name (CN) does not match with the expected CN.
#define BADCERT_NOT_TRUSTED   0x08
 The certificate is not correctly signed by the trusted CA.
#define BADCRL_NOT_TRUSTED   0x10
 CRL is not correctly signed by the trusted CA.
#define BADCRL_EXPIRED   0x20
 CRL is expired.
#define BADCERT_MISSING   0x40
 Certificate was missing.
#define BADCERT_SKIP_VERIFY   0x80
 Certificate verification was skipped.

Typedefs

Structures for parsing X.509 certificates and CRLs
typedef asn1_buf x509_buf
 Type-length-value structure that allows for ASN1 using DER.
typedef asn1_bitstring x509_bitstring
 Container for ASN1 bit strings.
typedef struct _x509_name x509_name
 Container for ASN1 named information objects.
typedef asn1_sequence x509_sequence
 Container for a sequence of ASN.1 items.
typedef struct _x509_time x509_time
 Container for date and time (precision in seconds).
typedef struct _x509_cert x509_cert
 Container for an X.509 certificate.
typedef struct _x509_crl_entry x509_crl_entry
 Certificate revocation list entry.
typedef struct _x509_crl x509_crl
 Certificate revocation list structure.

Functions

int x509parse_dn_gets (char *buf, size_t size, const x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written.
int x509parse_serial_gets (char *buf, size_t size, const x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written.
int x509parse_cert_info (char *buf, size_t size, const char *prefix, const x509_cert *crt)
 Returns an informational string about the certificate.
int x509parse_crl_info (char *buf, size_t size, const char *prefix, const x509_crl *crl)
 Returns an informational string about the CRL.
const char * x509_oid_get_description (x509_buf *oid)
 Give an known OID, return its descriptive string.
int x509_oid_get_numeric_string (char *buf, size_t size, x509_buf *oid)
int x509parse_time_expired (const x509_time *time)
 Check a given x509_time against the system time and check if it is valid.
int x509_self_test (int verbose)
 Checkup routine.
Functions to read in DHM parameters, a certificate, CRL or private RSA key
int x509parse_crt (x509_cert *chain, const unsigned char *buf, size_t buflen)
 Parse one or more certificates and add them to the chained list.
int x509parse_crtfile (x509_cert *chain, const char *path)
 Load one or more certificates and add them to the chained list.
int x509parse_crl (x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse one or more CRLs and add them to the chained list.
int x509parse_crlfile (x509_crl *chain, const char *path)
 Load one or more CRLs and add them to the chained list.
int x509parse_key (rsa_context *rsa, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
 Parse a private RSA key.
int x509parse_keyfile (rsa_context *rsa, const char *path, const char *password)
 Load and parse a private RSA key.
int x509parse_public_key (rsa_context *rsa, const unsigned char *key, size_t keylen)
 Parse a public RSA key.
int x509parse_public_keyfile (rsa_context *rsa, const char *path)
 Load and parse a public RSA key.
int x509parse_dhm (dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
 Parse DHM parameters.
int x509parse_dhmfile (dhm_context *dhm, const char *path)
 Load and parse DHM parameters.
Functions to verify a certificate
int x509parse_verify (x509_cert *crt, x509_cert *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_cert *, int, int), void *p_vrfy)
 Verify the certificate signature.
int x509parse_revoked (const x509_cert *crt, const x509_crl *crl)
 Verify the certificate signature.
Functions to clear a certificate, CRL or private RSA key
void x509_free (x509_cert *crt)
 Unallocate all certificate data.
void x509_crl_free (x509_crl *crl)
 Unallocate all CRL data.

Detailed Description

X.509 certificate and private key decoding.

Copyright (C) 2006-2011, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file x509.h.


Define Documentation

#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)

Definition at line 207 of file x509.h.

#define EXT_BASIC_CONSTRAINTS   (1 << 8)

Definition at line 215 of file x509.h.

#define EXT_CERTIFICATE_POLICIES   (1 << 3)

Definition at line 210 of file x509.h.

#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)

Definition at line 219 of file x509.h.

#define EXT_EXTENDED_KEY_USAGE   (1 << 11)

Definition at line 218 of file x509.h.

#define EXT_FRESHEST_CRL   (1 << 14)

Definition at line 221 of file x509.h.

#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)

Definition at line 220 of file x509.h.

#define EXT_ISSUER_ALT_NAME   (1 << 6)

Definition at line 213 of file x509.h.

#define EXT_KEY_USAGE   (1 << 2)

Definition at line 209 of file x509.h.

#define EXT_NAME_CONSTRAINTS   (1 << 9)

Definition at line 216 of file x509.h.

#define EXT_NS_CERT_TYPE   (1 << 16)

Definition at line 223 of file x509.h.

#define EXT_POLICY_CONSTRAINTS   (1 << 10)

Definition at line 217 of file x509.h.

#define EXT_POLICY_MAPPINGS   (1 << 4)

Definition at line 211 of file x509.h.

#define EXT_SUBJECT_ALT_NAME   (1 << 5)

Definition at line 212 of file x509.h.

#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)

Definition at line 214 of file x509.h.

#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)

Definition at line 208 of file x509.h.

#define KU_CRL_SIGN   (0x02) /* bit 6 */

Definition at line 149 of file x509.h.

#define KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */

Definition at line 146 of file x509.h.

#define KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */

Definition at line 143 of file x509.h.

#define KU_KEY_AGREEMENT   (0x08) /* bit 4 */

Definition at line 147 of file x509.h.

#define KU_KEY_CERT_SIGN   (0x04) /* bit 5 */

Definition at line 148 of file x509.h.

#define KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */

Definition at line 145 of file x509.h.

#define KU_NON_REPUDIATION   (0x40) /* bit 1 */

Definition at line 144 of file x509.h.

#define NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */

Definition at line 200 of file x509.h.

#define NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */

Definition at line 204 of file x509.h.

#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */

Definition at line 201 of file x509.h.

#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */

Definition at line 205 of file x509.h.

#define NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */

Definition at line 202 of file x509.h.

#define NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */

Definition at line 203 of file x509.h.

#define NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */

Definition at line 198 of file x509.h.

#define NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */

Definition at line 199 of file x509.h.

anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }

Definition at line 154 of file x509.h.

id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }

Definition at line 124 of file x509.h.

#define OID_BASIC_CONSTRAINTS   OID_ID_CE "\x13"

id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }

Definition at line 132 of file x509.h.

#define OID_CERTIFICATE_POLICIES   OID_ID_CE "\x20"

id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }

Definition at line 127 of file x509.h.

#define OID_CLIENT_AUTH   OID_KP "\x02"

id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }

Definition at line 158 of file x509.h.

#define OID_CN   OID_X520 "\x03"

Definition at line 101 of file x509.h.

#define OID_CODE_SIGNING   OID_KP "\x03"

id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }

Definition at line 159 of file x509.h.

id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }

Definition at line 136 of file x509.h.

#define OID_CRL_NUMBER   OID_ID_CE "\x14"

id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }

Definition at line 175 of file x509.h.

#define OID_EMAIL_PROTECTION   OID_KP "\x04"

id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }

Definition at line 160 of file x509.h.

#define OID_EXTENDED_KEY_USAGE   OID_ID_CE "\x25"

id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }

Definition at line 135 of file x509.h.

#define OID_FRESHEST_CRL   OID_ID_CE "\x2E"

id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }

Definition at line 138 of file x509.h.

#define OID_ID_CE   "\x55\x1D"

ISO arc for standard certificate and CRL extensions.

id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}

Definition at line 112 of file x509.h.

#define OID_INIHIBIT_ANYPOLICY   OID_ID_CE "\x36"

id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }

Definition at line 137 of file x509.h.

#define OID_ISSUER_ALT_NAME   OID_ID_CE "\x12"

id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }

Definition at line 130 of file x509.h.

#define OID_KEY_USAGE   OID_ID_CE "\x0F"

id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }

Definition at line 126 of file x509.h.

#define OID_KP   OID_PKIX "\x03"

id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }

Definition at line 156 of file x509.h.

#define OID_NAME_CONSTRAINTS   OID_ID_CE "\x1E"

id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }

Definition at line 133 of file x509.h.

#define OID_NETSCAPE   "\x60\x86\x48\x01\x86\xF8\x42"

Netscape OID.

Definition at line 180 of file x509.h.

#define OID_NS_BASE_URL   OID_NS_CERT "\x02"

Definition at line 183 of file x509.h.

#define OID_NS_CA_POLICY_URL   OID_NS_CERT "\x08"

Definition at line 187 of file x509.h.

Definition at line 185 of file x509.h.

#define OID_NS_CERT   OID_NETSCAPE "\x01"

Definition at line 181 of file x509.h.

Definition at line 191 of file x509.h.

#define OID_NS_CERT_TYPE   OID_NS_CERT "\x01"

Definition at line 182 of file x509.h.

#define OID_NS_COMMENT   OID_NS_CERT "\x0D"

Definition at line 189 of file x509.h.

#define OID_NS_DATA_TYPE   OID_NETSCAPE "\x02"

Definition at line 190 of file x509.h.

#define OID_NS_RENEWAL_URL   OID_NS_CERT "\x07"

Definition at line 186 of file x509.h.

#define OID_NS_REVOCATION_URL   OID_NS_CERT "\x03"

Definition at line 184 of file x509.h.

#define OID_NS_SSL_SERVER_NAME   OID_NS_CERT "\x0C"

Definition at line 188 of file x509.h.

#define OID_OCSP_SIGNING   OID_KP "\x09"

id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }

Definition at line 162 of file x509.h.

#define OID_PKCS1   "\x2A\x86\x48\x86\xF7\x0D\x01\x01"

Definition at line 103 of file x509.h.

#define OID_PKCS1_RSA   OID_PKCS1 "\x01"

Definition at line 104 of file x509.h.

#define OID_PKCS9   "\x2A\x86\x48\x86\xF7\x0D\x01\x09"

Definition at line 108 of file x509.h.

#define OID_PKCS9_EMAIL   OID_PKCS9 "\x01"

Definition at line 109 of file x509.h.

#define OID_PKIX   "\x2B\x06\x01\x05\x05\x07"

Private Internet Extensions { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) }.

Definition at line 119 of file x509.h.

#define OID_POLICY_CONSTRAINTS   OID_ID_CE "\x24"

id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }

Definition at line 134 of file x509.h.

#define OID_POLICY_MAPPINGS   OID_ID_CE "\x21"

id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }

Definition at line 128 of file x509.h.

Definition at line 174 of file x509.h.

#define OID_RSA_SHA_OBS   "\x2B\x0E\x03\x02\x1D"

Definition at line 106 of file x509.h.

#define OID_SERVER_AUTH   OID_KP "\x01"

id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }

Definition at line 157 of file x509.h.

#define OID_SUBJECT_ALT_NAME   OID_ID_CE "\x11"

id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }

Definition at line 129 of file x509.h.

id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }

Definition at line 131 of file x509.h.

id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }

Definition at line 125 of file x509.h.

#define OID_TIME_STAMPING   OID_KP "\x08"

id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }

Definition at line 161 of file x509.h.

#define OID_X520   "\x55\x04"

Definition at line 100 of file x509.h.

#define PEM_LINE_LENGTH   72

Definition at line 96 of file x509.h.

#define PKCS9_EMAIL   1

Definition at line 92 of file x509.h.

#define STRING_CLIENT_AUTH   "TLS Web Client Authentication"

Definition at line 165 of file x509.h.

#define STRING_CODE_SIGNING   "Code Signing"

Definition at line 166 of file x509.h.

#define STRING_EMAIL_PROTECTION   "E-mail Protection"

Definition at line 167 of file x509.h.

#define STRING_OCSP_SIGNING   "OCSP Signing"

Definition at line 169 of file x509.h.

#define STRING_SERVER_AUTH   "TLS Web Server Authentication"

Definition at line 164 of file x509.h.

#define STRING_TIME_STAMPING   "Time Stamping"

Definition at line 168 of file x509.h.

#define X509_FORMAT_DER   1

Definition at line 229 of file x509.h.

#define X509_FORMAT_PEM   2

Definition at line 230 of file x509.h.

#define X509_ISSUER   0x01

Definition at line 97 of file x509.h.

#define X509_OUTPUT_DER   0x01

Definition at line 94 of file x509.h.

#define X509_OUTPUT_PEM   0x02

Definition at line 95 of file x509.h.

#define X509_SUBJECT   0x02

Definition at line 98 of file x509.h.

#define X520_COMMON_NAME   3

Definition at line 86 of file x509.h.

#define X520_COUNTRY   6

Definition at line 87 of file x509.h.

#define X520_LOCALITY   7

Definition at line 88 of file x509.h.

#define X520_ORG_UNIT   11

Definition at line 91 of file x509.h.

#define X520_ORGANIZATION   10

Definition at line 90 of file x509.h.

#define X520_STATE   8

Definition at line 89 of file x509.h.


Function Documentation

const char* x509_oid_get_description ( x509_buf oid)

Give an known OID, return its descriptive string.

Parameters:
oidbuffer containing the oid
Returns:
Return a string if the OID is known, or NULL otherwise.
int x509_oid_get_numeric_string ( char *  buf,
size_t  size,
x509_buf oid 
)
int x509_self_test ( int  verbose)

Checkup routine.

Returns:
0 if successful, or 1 if the test failed

Referenced by FCT_BGN().

int x509parse_cert_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_cert crt 
)

Returns an informational string about the certificate.

Parameters:
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crtThe X509 certificate to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Referenced by FCT_BGN().

int x509parse_crl_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_crl crl 
)

Returns an informational string about the CRL.

Parameters:
bufBuffer to write to
sizeMaximum size of buffer
prefixA line prefix
crlThe X509 CRL to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Referenced by FCT_BGN().

int x509parse_dn_gets ( char *  buf,
size_t  size,
const x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters:
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Referenced by FCT_BGN().

int x509parse_serial_gets ( char *  buf,
size_t  size,
const x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters:
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.
int x509parse_time_expired ( const x509_time time)

Check a given x509_time against the system time and check if it is valid.

Parameters:
timex509_time to check
Returns:
Return 0 if the x509_time is still valid, or 1 otherwise.

Referenced by FCT_BGN().