The X.509 module provides X.509 support which includes:
x509parse_crt()
and x509parse_crtfile()
). Data Structures | |
struct | _x509_time |
Container for date and time (precision in seconds). More... | |
struct | _x509_crl_entry |
Certificate revocation list entry. More... | |
struct | _x509_crl |
Certificate revocation list structure. More... | |
struct | _x509_crt |
Container for an X.509 certificate. More... | |
struct | _x509write_cert |
Container for writing a certificate (CRT). More... | |
struct | _x509_csr |
Certificate Signing Request (CSR) structure. More... | |
struct | _x509write_csr |
Container for writing a CSR. More... | |
Functions | |
int | dhm_parse_dhm (dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen) |
Parse DHM parameters. | |
int | dhm_parse_dhmfile (dhm_context *dhm, const char *path) |
Load and parse DHM parameters. | |
Structures for parsing X.509 certificates, CRLs and CSRs | |
| |
typedef asn1_buf | x509_buf |
Type-length-value structure that allows for ASN1 using DER. | |
typedef asn1_bitstring | x509_bitstring |
Container for ASN1 bit strings. | |
typedef asn1_named_data | x509_name |
Container for ASN1 named information objects. | |
typedef asn1_sequence | x509_sequence |
Container for a sequence of ASN.1 items. | |
typedef struct _x509_time | x509_time |
Container for date and time (precision in seconds). | |
Structures and functions for parsing CRLs | |
| |
typedef struct _x509_crl_entry | x509_crl_entry |
Certificate revocation list entry. | |
typedef struct _x509_crl | x509_crl |
Certificate revocation list structure. | |
int | x509_crl_parse (x509_crl *chain, const unsigned char *buf, size_t buflen) |
Parse one or more CRLs and add them to the chained list. | |
int | x509_crl_parse_file (x509_crl *chain, const char *path) |
Load one or more CRLs and add them to the chained list. | |
int | x509_crl_info (char *buf, size_t size, const char *prefix, const x509_crl *crl) |
Returns an informational string about the CRL. | |
void | x509_crl_init (x509_crl *crl) |
Initialize a CRL (chain). | |
void | x509_crl_free (x509_crl *crl) |
Unallocate all CRL data. | |
Structures and functions for parsing and writing X.509 certificates | |
| |
typedef struct _x509_crt | x509_crt |
Container for an X.509 certificate. | |
typedef struct _x509write_cert | x509write_cert |
Container for writing a certificate (CRT). | |
int | x509_crt_parse_der (x509_crt *chain, const unsigned char *buf, size_t buflen) |
Parse a single DER formatted certificate and add it to the chained list. | |
int | x509_crt_parse (x509_crt *chain, const unsigned char *buf, size_t buflen) |
Parse one or more certificates and add them to the chained list. | |
int | x509_crt_parse_file (x509_crt *chain, const char *path) |
Load one or more certificates and add them to the chained list. | |
int | x509_crt_parse_path (x509_crt *chain, const char *path) |
Load one or more certificate files from a path and add them to the chained list. | |
int | x509_crt_info (char *buf, size_t size, const char *prefix, const x509_crt *crt) |
Returns an informational string about the certificate. | |
int | x509_crt_verify (x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy) |
Verify the certificate signature. | |
int | x509_crt_revoked (const x509_crt *crt, const x509_crl *crl) |
Verify the certificate revocation status. | |
void | x509_crt_init (x509_crt *crt) |
Initialize a certificate (chain). | |
void | x509_crt_free (x509_crt *crt) |
Unallocate all certificate data. | |
#define | X509_CRT_VERSION_1 0 |
#define | X509_CRT_VERSION_2 1 |
#define | X509_CRT_VERSION_3 2 |
#define | X509_RFC5280_MAX_SERIAL_LEN 32 |
#define | X509_RFC5280_UTC_TIME_LEN 15 |
Structures and functions for X.509 Certificate Signing Requests (CSR) | |
| |
typedef struct _x509_csr | x509_csr |
Certificate Signing Request (CSR) structure. | |
typedef struct _x509write_csr | x509write_csr |
Container for writing a CSR. | |
int | x509_csr_parse (x509_csr *csr, const unsigned char *buf, size_t buflen) |
Load a Certificate Signing Request (CSR). | |
int | x509_csr_parse_file (x509_csr *csr, const char *path) |
Load a Certificate Signing Request (CSR). | |
int | x509_csr_info (char *buf, size_t size, const char *prefix, const x509_csr *csr) |
Returns an informational string about the CSR. | |
void | x509_csr_init (x509_csr *csr) |
Initialize a CSR. | |
void | x509_csr_free (x509_csr *csr) |
Unallocate all CSR data. | |
X509 Error codes | |
| |
#define | POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 |
Unavailable feature, e.g. | |
#define | POLARSSL_ERR_X509_UNKNOWN_OID -0x2100 |
Requested OID is unknown. | |
#define | POLARSSL_ERR_X509_INVALID_FORMAT -0x2180 |
The CRT/CRL/CSR format is invalid, e.g. | |
#define | POLARSSL_ERR_X509_INVALID_VERSION -0x2200 |
The CRT/CRL/CSR version element is invalid. | |
#define | POLARSSL_ERR_X509_INVALID_SERIAL -0x2280 |
The serial tag or value is invalid. | |
#define | POLARSSL_ERR_X509_INVALID_ALG -0x2300 |
The algorithm tag or value is invalid. | |
#define | POLARSSL_ERR_X509_INVALID_NAME -0x2380 |
The name tag or value is invalid. | |
#define | POLARSSL_ERR_X509_INVALID_DATE -0x2400 |
The date tag or value is invalid. | |
#define | POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480 |
The signature tag or value invalid. | |
#define | POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500 |
The extension tag or value is invalid. | |
#define | POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580 |
CRT/CRL/CSR has an unsupported version number. | |
#define | POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600 |
Signature algorithm (oid) is unsupported. | |
#define | POLARSSL_ERR_X509_SIG_MISMATCH -0x2680 |
Signature algorithms do not match. | |
#define | POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 |
Certificate verification failed, e.g. | |
#define | POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 |
Format not recognized as DER or PEM. | |
#define | POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 |
Input invalid. | |
#define | POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 |
Allocation of memory failed. | |
#define | POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 |
Read/write of file failed. | |
X509 Verify codes | |
| |
#define | BADCERT_EXPIRED 0x01 |
The certificate validity has expired. | |
#define | BADCERT_REVOKED 0x02 |
The certificate has been revoked (is on a CRL). | |
#define | BADCERT_CN_MISMATCH 0x04 |
The certificate Common Name (CN) does not match with the expected CN. | |
#define | BADCERT_NOT_TRUSTED 0x08 |
The certificate is not correctly signed by the trusted CA. | |
#define | BADCRL_NOT_TRUSTED 0x10 |
CRL is not correctly signed by the trusted CA. | |
#define | BADCRL_EXPIRED 0x20 |
CRL is expired. | |
#define | BADCERT_MISSING 0x40 |
Certificate was missing. | |
#define | BADCERT_SKIP_VERIFY 0x80 |
Certificate verification was skipped. | |
#define | BADCERT_OTHER 0x0100 |
Other reason (can be used by verify callback). |
The X.509 module provides X.509 support which includes:
x509parse_crt()
and x509parse_crtfile()
). x509parse_crl()
andx509parse_crlfile()
).x509parse_key()
and x509parse_keyfile()
).x509parse_verify()
)x509write_crt_der()
and x509write_csr_der()
).This module can be used to build a certificate authority (CA) chain and verify its signature. It is also used to generate Certificate Signing Requests and X509 certificates just as a CA would do.
#define BADCERT_CN_MISMATCH 0x04 |
The certificate Common Name (CN) does not match with the expected CN.
Definition at line 74 of file x509.h.
Referenced by verify_int(), and x509_crt_verify().
#define BADCERT_EXPIRED 0x01 |
The certificate validity has expired.
Definition at line 72 of file x509.h.
Referenced by x509_crt_verify_child(), and x509_crt_verify_top().
#define BADCERT_MISSING 0x40 |
Certificate was missing.
Definition at line 78 of file x509.h.
Referenced by ssl_parse_certificate().
#define BADCERT_NOT_TRUSTED 0x08 |
The certificate is not correctly signed by the trusted CA.
Definition at line 75 of file x509.h.
Referenced by verify_int(), x509_crt_verify_child(), and x509_crt_verify_top().
#define BADCERT_OTHER 0x0100 |
Other reason (can be used by verify callback).
Definition at line 80 of file x509.h.
Referenced by verify_int(), and verify_none().
#define BADCERT_REVOKED 0x02 |
The certificate has been revoked (is on a CRL).
Definition at line 73 of file x509.h.
Referenced by verify_int(), and x509_crt_verifycrl().
#define BADCERT_SKIP_VERIFY 0x80 |
Certificate verification was skipped.
Definition at line 79 of file x509.h.
Referenced by ssl_parse_certificate().
#define BADCRL_EXPIRED 0x20 |
CRL is expired.
Definition at line 77 of file x509.h.
Referenced by verify_int(), and x509_crt_verifycrl().
#define BADCRL_NOT_TRUSTED 0x10 |
CRL is not correctly signed by the trusted CA.
Definition at line 76 of file x509.h.
Referenced by x509_crt_verifycrl().
#define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 |
Input invalid.
Definition at line 63 of file x509.h.
Referenced by polarssl_strerror(), x509_crl_parse(), x509_crt_parse(), x509_crt_parse_der(), x509_crt_parse_der_core(), x509_crt_parse_path(), x509_csr_parse(), x509write_crt_set_basic_constraints(), and x509write_crt_set_validity().
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 |
Format not recognized as DER or PEM.
Definition at line 62 of file x509.h.
Referenced by polarssl_strerror(), and x509_crt_parse().
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 |
Certificate verification failed, e.g.
CRL, CA or signature check failed.
Definition at line 61 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), and x509_crt_verify().
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 |
Unavailable feature, e.g.
RSA hashing/encryption combination.
Definition at line 48 of file x509.h.
Referenced by dhm_self_test(), polarssl_strerror(), x509_crt_parse_path(), x509_get_crt_ext(), and x509_self_test().
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 |
Read/write of file failed.
Definition at line 65 of file x509.h.
Referenced by polarssl_strerror(), x509_crt_parse_path(), and x509_load_file().
#define POLARSSL_ERR_X509_INVALID_ALG -0x2300 |
The algorithm tag or value is invalid.
Definition at line 53 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), and x509_get_alg_null().
#define POLARSSL_ERR_X509_INVALID_DATE -0x2400 |
The date tag or value is invalid.
Definition at line 55 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_get_dates(), and x509_get_time().
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500 |
The extension tag or value is invalid.
Definition at line 57 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_get_basic_constraints(), x509_get_crl_entry_ext(), x509_get_crl_ext(), x509_get_crt_ext(), x509_get_ext(), x509_get_ext_key_usage(), x509_get_key_usage(), x509_get_ns_cert_type(), and x509_get_subject_alt_name().
#define POLARSSL_ERR_X509_INVALID_FORMAT -0x2180 |
The CRT/CRL/CSR format is invalid, e.g.
different type expected.
Definition at line 50 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_crt_parse_der_core(), and x509_csr_parse().
#define POLARSSL_ERR_X509_INVALID_NAME -0x2380 |
The name tag or value is invalid.
Definition at line 54 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_get_attr_type_value(), and x509_get_name().
#define POLARSSL_ERR_X509_INVALID_SERIAL -0x2280 |
The serial tag or value is invalid.
Definition at line 52 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), and x509_get_serial().
#define POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480 |
The signature tag or value invalid.
Definition at line 56 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), and x509_get_sig().
#define POLARSSL_ERR_X509_INVALID_VERSION -0x2200 |
The CRT/CRL/CSR version element is invalid.
Definition at line 51 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_crl_get_version(), x509_csr_get_version(), and x509_get_version().
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 |
Allocation of memory failed.
Definition at line 64 of file x509.h.
Referenced by polarssl_strerror(), x509_crl_parse(), x509_crt_parse(), x509_crt_parse_der(), x509_crt_parse_der_core(), x509_csr_parse(), x509_get_entries(), x509_get_name(), x509_load_file(), x509_set_extension(), and x509_string_to_names().
#define POLARSSL_ERR_X509_SIG_MISMATCH -0x2680 |
Signature algorithms do not match.
(see x509_crt
sig_oid)
Definition at line 60 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), and x509_crt_parse_der_core().
#define POLARSSL_ERR_X509_UNKNOWN_OID -0x2100 |
Requested OID is unknown.
Definition at line 49 of file x509.h.
Referenced by polarssl_strerror(), and x509_string_to_names().
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600 |
Signature algorithm (oid) is unsupported.
Definition at line 59 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_csr_parse(), and x509_get_sig_alg().
#define POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580 |
CRT/CRL/CSR has an unsupported version number.
Definition at line 58 of file x509.h.
Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_crt_parse_der_core(), and x509_csr_parse().
#define X509_CRT_VERSION_1 0 |
Definition at line 97 of file x509_crt.h.
#define X509_CRT_VERSION_2 1 |
Definition at line 98 of file x509_crt.h.
#define X509_CRT_VERSION_3 2 |
Definition at line 99 of file x509_crt.h.
Referenced by x509write_crt_init().
#define X509_RFC5280_MAX_SERIAL_LEN 32 |
Definition at line 101 of file x509_crt.h.
#define X509_RFC5280_UTC_TIME_LEN 15 |
Definition at line 102 of file x509_crt.h.
Referenced by x509write_crt_der(), and x509write_crt_set_validity().
typedef asn1_bitstring x509_bitstring |
Certificate revocation list structure.
Every CRL may have multiple entries.
typedef struct _x509_crl_entry x509_crl_entry |
Certificate revocation list entry.
Contains the CA-specific serial numbers and revocation dates.
Container for an X.509 certificate.
The certificate may be chained.
typedef asn1_named_data x509_name |
typedef asn1_sequence x509_sequence |
typedef struct _x509_time x509_time |
Container for date and time (precision in seconds).
typedef struct _x509write_cert x509write_cert |
Container for writing a certificate (CRT).
typedef struct _x509write_csr x509write_csr |
Container for writing a CSR.
int dhm_parse_dhm | ( | dhm_context * | dhm, | |
const unsigned char * | dhmin, | |||
size_t | dhminlen | |||
) |
Parse DHM parameters.
dhm | DHM context to be initialized | |
dhmin | input buffer | |
dhminlen | size of the buffer |
Definition at line 399 of file dhm.c.
References ASN1_CONSTRUCTED, asn1_get_mpi(), asn1_get_tag(), ASN1_SEQUENCE, pem_context::buf, pem_context::buflen, dhm_free(), dhm_context::G, dhm_context::P, pem_free(), pem_init(), pem_read_buffer(), POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_DHM_INVALID_FORMAT, and POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT.
Referenced by dhm_parse_dhmfile(), and dhm_self_test().
int dhm_parse_dhmfile | ( | dhm_context * | dhm, | |
const char * | path | |||
) |
Load and parse DHM parameters.
dhm | DHM context to be initialized | |
path | filename to read the DHM Parameters from |
Definition at line 518 of file dhm.c.
References dhm_parse_dhm(), load_file(), and polarssl_free.
void x509_crl_free | ( | x509_crl * | crl | ) |
Unallocate all CRL data.
crl | CRL chain to free |
Definition at line 695 of file x509_crl.c.
References _x509_crl::entry, _x509_crl::issuer, _asn1_buf::len, _x509_crl::next, _x509_crl_entry::next, _asn1_named_data::next, _asn1_buf::p, polarssl_free, and _x509_crl::raw.
Referenced by test_suite_x509_crl_info(), test_suite_x509_verify(), test_suite_x509parse_crl(), and x509_crl_parse().
int x509_crl_info | ( | char * | buf, | |
size_t | size, | |||
const char * | prefix, | |||
const x509_crl * | crl | |||
) |
Returns an informational string about the CRL.
buf | Buffer to write to | |
size | Maximum size of buffer | |
prefix | A line prefix | |
crl | The X509 CRL to represent |
Definition at line 608 of file x509_crl.c.
References _x509_time::day, _x509_crl::entry, _x509_time::hour, _x509_crl::issuer, _asn1_buf::len, _x509_time::min, _x509_time::mon, _x509_crl_entry::next, _x509_crl::next_update, oid_get_sig_alg_desc(), _x509_crl_entry::raw, _x509_crl_entry::revocation_date, SAFE_SNPRINTF, _x509_time::sec, _x509_crl_entry::serial, _x509_crl::sig_oid1, _x509_crl::this_update, _x509_crl::version, x509_dn_gets(), x509_serial_gets(), and _x509_time::year.
Referenced by test_suite_x509_crl_info(), and test_suite_x509parse_crl().
void x509_crl_init | ( | x509_crl * | crl | ) |
Initialize a CRL (chain).
crl | CRL chain to initialize |
Definition at line 687 of file x509_crl.c.
Referenced by test_suite_x509_crl_info(), test_suite_x509_verify(), test_suite_x509parse_crl(), and x509_crl_parse().
int x509_crl_parse | ( | x509_crl * | chain, | |
const unsigned char * | buf, | |||
size_t | buflen | |||
) |
Parse one or more CRLs and add them to the chained list.
chain | points to the start of the chain | |
buf | buffer holding the CRL data | |
buflen | size of the buffer |
Definition at line 247 of file x509_crl.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_SEQUENCE, pem_context::buf, pem_context::buflen, _x509_crl::crl_ext, _x509_crl::entry, _x509_crl::issuer, _x509_crl::issuer_raw, _asn1_buf::len, _x509_crl::next, _x509_crl::next_update, _asn1_buf::p, pem_free(), pem_init(), pem_read_buffer(), POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_ASN1_OUT_OF_DATA, POLARSSL_ERR_ASN1_UNEXPECTED_TAG, POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_INVALID_DATE, POLARSSL_ERR_X509_INVALID_FORMAT, POLARSSL_ERR_X509_MALLOC_FAILED, POLARSSL_ERR_X509_SIG_MISMATCH, POLARSSL_ERR_X509_UNKNOWN_SIG_ALG, POLARSSL_ERR_X509_UNKNOWN_VERSION, polarssl_malloc, _x509_crl::raw, _x509_crl::sig, _x509_crl::sig_md, _x509_crl::sig_oid1, _x509_crl::sig_oid2, _x509_crl::sig_pk, _x509_crl::tbs, _x509_crl::this_update, _x509_crl::version, x509_crl_free(), x509_crl_get_version(), x509_crl_init(), x509_crl_parse(), x509_get_alg_null(), x509_get_crl_ext(), x509_get_entries(), x509_get_name(), x509_get_sig(), x509_get_sig_alg(), and x509_get_time().
Referenced by test_suite_x509parse_crl(), x509_crl_parse(), and x509_crl_parse_file().
int x509_crl_parse_file | ( | x509_crl * | chain, | |
const char * | path | |||
) |
Load one or more CRLs and add them to the chained list.
chain | points to the start of the chain | |
path | filename to read the CRLs from |
Definition at line 530 of file x509_crl.c.
References polarssl_free, x509_crl_parse(), and x509_load_file().
Referenced by test_suite_x509_crl_info(), and test_suite_x509_verify().
void x509_crt_free | ( | x509_crt * | crt | ) |
Unallocate all certificate data.
crt | Certificate chain to free |
Definition at line 1633 of file x509_crt.c.
References _x509_crt::ext_key_usage, _x509_crt::issuer, _asn1_buf::len, _x509_crt::next, _asn1_sequence::next, _asn1_named_data::next, _asn1_buf::p, _x509_crt::pk, pk_free(), polarssl_free, _x509_crt::raw, _x509_crt::subject, and _x509_crt::subject_alt_names.
Referenced by ssl_load_session(), ssl_parse_certificate(), ssl_session_free(), test_suite_debug_print_crt(), test_suite_x509_cert_info(), test_suite_x509_dn_gets(), test_suite_x509_time_expired(), test_suite_x509_verify(), test_suite_x509parse_crt(), x509_crt_parse_der_core(), and x509_self_test().
int x509_crt_info | ( | char * | buf, | |
size_t | size, | |||
const char * | prefix, | |||
const x509_crt * | crt | |||
) |
Returns an informational string about the certificate.
buf | Buffer to write to | |
size | Maximum size of buffer | |
prefix | A line prefix | |
crt | The X509 certificate to represent |
Definition at line 1099 of file x509_crt.c.
References BC, BEFORE_COLON, _x509_time::day, _x509_time::hour, _x509_crt::issuer, _x509_time::min, _x509_time::mon, oid_get_sig_alg_desc(), _x509_crt::pk, pk_get_name(), pk_get_size(), SAFE_SNPRINTF, _x509_time::sec, _x509_crt::serial, _x509_crt::sig_oid1, _x509_crt::subject, _x509_crt::valid_from, _x509_crt::valid_to, _x509_crt::version, x509_dn_gets(), x509_key_size_helper(), x509_serial_gets(), and _x509_time::year.
Referenced by debug_print_crt(), test_suite_x509_cert_info(), and test_suite_x509parse_crt().
void x509_crt_init | ( | x509_crt * | crt | ) |
Initialize a certificate (chain).
crt | Certificate chain to initialize |
Definition at line 1625 of file x509_crt.c.
Referenced by ssl_cache_get(), ssl_load_session(), ssl_parse_certificate(), ssl_session_copy(), test_suite_debug_print_crt(), test_suite_x509_cert_info(), test_suite_x509_dn_gets(), test_suite_x509_time_expired(), test_suite_x509_verify(), test_suite_x509parse_crt(), x509_crt_parse_der(), and x509_self_test().
int x509_crt_parse | ( | x509_crt * | chain, | |
const unsigned char * | buf, | |||
size_t | buflen | |||
) |
Parse one or more certificates and add them to the chained list.
Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
chain | points to the start of the chain | |
buf | buffer holding the certificate data | |
buflen | size of the buffer |
Definition at line 817 of file x509_crt.c.
References pem_context::buf, pem_context::buflen, pem_free(), pem_init(), pem_read_buffer(), POLARSSL_ERR_PEM_BAD_INPUT_DATA, POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT, POLARSSL_ERR_X509_MALLOC_FAILED, x509_crt_parse_der(), X509_FORMAT_DER, and X509_FORMAT_PEM.
Referenced by ssl_cache_get(), ssl_load_session(), ssl_session_copy(), test_suite_x509parse_crt(), x509_crt_parse_file(), and x509_self_test().
int x509_crt_parse_der | ( | x509_crt * | chain, | |
const unsigned char * | buf, | |||
size_t | buflen | |||
) |
Parse a single DER formatted certificate and add it to the chained list.
chain | points to the start of the chain | |
buf | buffer holding the certificate DER data | |
buflen | size of the buffer |
Definition at line 767 of file x509_crt.c.
References _x509_crt::next, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_MALLOC_FAILED, polarssl_free, polarssl_malloc, _x509_crt::version, x509_crt_init(), and x509_crt_parse_der_core().
Referenced by ssl_parse_certificate(), and x509_crt_parse().
int x509_crt_parse_file | ( | x509_crt * | chain, | |
const char * | path | |||
) |
Load one or more certificates and add them to the chained list.
Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
chain | points to the start of the chain | |
path | filename to read the certificates from |
Definition at line 922 of file x509_crt.c.
References polarssl_free, x509_crt_parse(), and x509_load_file().
Referenced by test_suite_debug_print_crt(), test_suite_x509_cert_info(), test_suite_x509_dn_gets(), test_suite_x509_time_expired(), test_suite_x509_verify(), and x509_crt_parse_path().
int x509_crt_parse_path | ( | x509_crt * | chain, | |
const char * | path | |||
) |
Load one or more certificate files from a path and add them to the chained list.
Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
chain | points to the start of the chain | |
path | directory / folder to read the certificate files from |
Definition at line 939 of file x509_crt.c.
References POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_FEATURE_UNAVAILABLE, POLARSSL_ERR_X509_FILE_IO_ERROR, and x509_crt_parse_file().
Verify the certificate revocation status.
crt | a certificate to be verified | |
crl | the CRL to verify against |
Definition at line 1172 of file x509_crt.c.
References _x509_crl::entry, _asn1_buf::len, _x509_crl_entry::next, _asn1_buf::p, _x509_crl_entry::revocation_date, _x509_crt::serial, _x509_crl_entry::serial, and x509_time_expired().
Referenced by x509_crt_verifycrl().
int x509_crt_verify | ( | x509_crt * | crt, | |
x509_crt * | trust_ca, | |||
x509_crl * | ca_crl, | |||
const char * | cn, | |||
int * | flags, | |||
int(*)(void *, x509_crt *, int, int *) | f_vrfy, | |||
void * | p_vrfy | |||
) |
Verify the certificate signature.
The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0).
All flags left after returning from the callback are also returned to the application. The function should return 0 for anything but a fatal error.
crt | a certificate to be verified | |
trust_ca | the trusted CA chain | |
ca_crl | the CRL chain for trusted CA's | |
cn | expected Common Name (can be set to NULL if the CN must not be verified) | |
flags | result of the verification | |
f_vrfy | verification function | |
p_vrfy | verification parameter |
Definition at line 1515 of file x509_crt.c.
References BADCERT_CN_MISMATCH, _asn1_sequence::buf, _x509_crt::ca_istrue, EXT_SUBJECT_ALT_NAME, _x509_crt::ext_types, _x509_crt::issuer_raw, _asn1_buf::len, _x509_crt::next, _asn1_named_data::next, _asn1_sequence::next, _asn1_named_data::oid, OID_AT_CN, OID_CMP, _asn1_buf::p, POLARSSL_ERR_X509_CERT_VERIFY_FAILED, _x509_crt::subject, _x509_crt::subject_alt_names, _x509_crt::subject_raw, _asn1_named_data::val, _x509_crt::version, x509_crt_verify_child(), x509_crt_verify_top(), x509_name_cmp(), and x509_wildcard_verify().
Referenced by ssl_parse_certificate(), test_suite_x509_verify(), and x509_self_test().
void x509_csr_free | ( | x509_csr * | csr | ) |
Unallocate all CSR data.
csr | CSR to free |
Definition at line 417 of file x509_csr.c.
References _asn1_buf::len, _asn1_named_data::next, _asn1_buf::p, _x509_csr::pk, pk_free(), polarssl_free, _x509_csr::raw, and _x509_csr::subject.
Referenced by x509_csr_parse().
int x509_csr_info | ( | char * | buf, | |
size_t | size, | |||
const char * | prefix, | |||
const x509_csr * | csr | |||
) |
Returns an informational string about the CSR.
buf | Buffer to write to | |
size | Maximum size of buffer | |
prefix | A line prefix | |
csr | The X509 CSR to represent |
Definition at line 362 of file x509_csr.c.
References BC, BEFORE_COLON, oid_get_sig_alg_desc(), _x509_csr::pk, pk_get_name(), pk_get_size(), SAFE_SNPRINTF, _x509_csr::sig_oid, _x509_csr::subject, _x509_csr::version, x509_dn_gets(), and x509_key_size_helper().
void x509_csr_init | ( | x509_csr * | csr | ) |
Initialize a CSR.
csr | CSR to initialize |
Definition at line 409 of file x509_csr.c.
Referenced by x509_csr_parse().
int x509_csr_parse | ( | x509_csr * | csr, | |
const unsigned char * | buf, | |||
size_t | buflen | |||
) |
Load a Certificate Signing Request (CSR).
csr | CSR context to fill | |
buf | buffer holding the CRL data | |
buflen | size of the buffer |
Definition at line 87 of file x509_csr.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_tag(), ASN1_SEQUENCE, pem_context::buf, pem_context::buflen, _x509_csr::cri, _asn1_buf::len, _asn1_buf::p, pem_free(), pem_init(), pem_read_buffer(), _x509_csr::pk, pk_parse_subpubkey(), POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_INVALID_FORMAT, POLARSSL_ERR_X509_MALLOC_FAILED, POLARSSL_ERR_X509_UNKNOWN_SIG_ALG, POLARSSL_ERR_X509_UNKNOWN_VERSION, polarssl_malloc, _x509_csr::raw, _x509_csr::sig, _x509_csr::sig_md, _x509_csr::sig_oid, _x509_csr::sig_pk, _x509_csr::subject, _x509_csr::subject_raw, _x509_csr::version, x509_csr_free(), x509_csr_get_version(), x509_csr_init(), x509_get_alg_null(), x509_get_name(), x509_get_sig(), and x509_get_sig_alg().
Referenced by x509_csr_parse_file().
int x509_csr_parse_file | ( | x509_csr * | csr, | |
const char * | path | |||
) |
Load a Certificate Signing Request (CSR).
csr | CSR context to fill | |
path | filename to read the CSR from |
Definition at line 287 of file x509_csr.c.
References polarssl_free, x509_csr_parse(), and x509_load_file().