X.509 module

The X.509 module provides X.509 support which includes:

More...

Data Structures

struct  _x509_time
 Container for date and time (precision in seconds). More...
struct  _x509_crl_entry
 Certificate revocation list entry. More...
struct  _x509_crl
 Certificate revocation list structure. More...
struct  _x509_crt
 Container for an X.509 certificate. More...
struct  _x509write_cert
 Container for writing a certificate (CRT). More...
struct  _x509_csr
 Certificate Signing Request (CSR) structure. More...
struct  _x509write_csr
 Container for writing a CSR. More...

Functions

int dhm_parse_dhm (dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
 Parse DHM parameters.
int dhm_parse_dhmfile (dhm_context *dhm, const char *path)
 Load and parse DHM parameters.

Structures for parsing X.509 certificates, CRLs and CSRs



typedef asn1_buf x509_buf
 Type-length-value structure that allows for ASN1 using DER.
typedef asn1_bitstring x509_bitstring
 Container for ASN1 bit strings.
typedef asn1_named_data x509_name
 Container for ASN1 named information objects.
typedef asn1_sequence x509_sequence
 Container for a sequence of ASN.1 items.
typedef struct _x509_time x509_time
 Container for date and time (precision in seconds).

Structures and functions for parsing CRLs



typedef struct _x509_crl_entry x509_crl_entry
 Certificate revocation list entry.
typedef struct _x509_crl x509_crl
 Certificate revocation list structure.
int x509_crl_parse (x509_crl *chain, const unsigned char *buf, size_t buflen)
 Parse one or more CRLs and add them to the chained list.
int x509_crl_parse_file (x509_crl *chain, const char *path)
 Load one or more CRLs and add them to the chained list.
int x509_crl_info (char *buf, size_t size, const char *prefix, const x509_crl *crl)
 Returns an informational string about the CRL.
void x509_crl_init (x509_crl *crl)
 Initialize a CRL (chain).
void x509_crl_free (x509_crl *crl)
 Unallocate all CRL data.

Structures and functions for parsing and writing X.509 certificates



typedef struct _x509_crt x509_crt
 Container for an X.509 certificate.
typedef struct _x509write_cert x509write_cert
 Container for writing a certificate (CRT).
int x509_crt_parse_der (x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse a single DER formatted certificate and add it to the chained list.
int x509_crt_parse (x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse one or more certificates and add them to the chained list.
int x509_crt_parse_file (x509_crt *chain, const char *path)
 Load one or more certificates and add them to the chained list.
int x509_crt_parse_path (x509_crt *chain, const char *path)
 Load one or more certificate files from a path and add them to the chained list.
int x509_crt_info (char *buf, size_t size, const char *prefix, const x509_crt *crt)
 Returns an informational string about the certificate.
int x509_crt_verify (x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
 Verify the certificate signature.
int x509_crt_revoked (const x509_crt *crt, const x509_crl *crl)
 Verify the certificate revocation status.
void x509_crt_init (x509_crt *crt)
 Initialize a certificate (chain).
void x509_crt_free (x509_crt *crt)
 Unallocate all certificate data.
#define X509_CRT_VERSION_1   0
#define X509_CRT_VERSION_2   1
#define X509_CRT_VERSION_3   2
#define X509_RFC5280_MAX_SERIAL_LEN   32
#define X509_RFC5280_UTC_TIME_LEN   15

Structures and functions for X.509 Certificate Signing Requests (CSR)



typedef struct _x509_csr x509_csr
 Certificate Signing Request (CSR) structure.
typedef struct _x509write_csr x509write_csr
 Container for writing a CSR.
int x509_csr_parse (x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR).
int x509_csr_parse_file (x509_csr *csr, const char *path)
 Load a Certificate Signing Request (CSR).
int x509_csr_info (char *buf, size_t size, const char *prefix, const x509_csr *csr)
 Returns an informational string about the CSR.
void x509_csr_init (x509_csr *csr)
 Initialize a CSR.
void x509_csr_free (x509_csr *csr)
 Unallocate all CSR data.

X509 Error codes



#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 Unavailable feature, e.g.
#define POLARSSL_ERR_X509_UNKNOWN_OID   -0x2100
 Requested OID is unknown.
#define POLARSSL_ERR_X509_INVALID_FORMAT   -0x2180
 The CRT/CRL/CSR format is invalid, e.g.
#define POLARSSL_ERR_X509_INVALID_VERSION   -0x2200
 The CRT/CRL/CSR version element is invalid.
#define POLARSSL_ERR_X509_INVALID_SERIAL   -0x2280
 The serial tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_ALG   -0x2300
 The algorithm tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_NAME   -0x2380
 The name tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_DATE   -0x2400
 The date tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_SIGNATURE   -0x2480
 The signature tag or value invalid.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS   -0x2500
 The extension tag or value is invalid.
#define POLARSSL_ERR_X509_UNKNOWN_VERSION   -0x2580
 CRT/CRL/CSR has an unsupported version number.
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 Signature algorithm (oid) is unsupported.
#define POLARSSL_ERR_X509_SIG_MISMATCH   -0x2680
 Signature algorithms do not match.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 Certificate verification failed, e.g.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 Format not recognized as DER or PEM.
#define POLARSSL_ERR_X509_BAD_INPUT_DATA   -0x2800
 Input invalid.
#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2880
 Allocation of memory failed.
#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2900
 Read/write of file failed.

X509 Verify codes



#define BADCERT_EXPIRED   0x01
 The certificate validity has expired.
#define BADCERT_REVOKED   0x02
 The certificate has been revoked (is on a CRL).
#define BADCERT_CN_MISMATCH   0x04
 The certificate Common Name (CN) does not match with the expected CN.
#define BADCERT_NOT_TRUSTED   0x08
 The certificate is not correctly signed by the trusted CA.
#define BADCRL_NOT_TRUSTED   0x10
 CRL is not correctly signed by the trusted CA.
#define BADCRL_EXPIRED   0x20
 CRL is expired.
#define BADCERT_MISSING   0x40
 Certificate was missing.
#define BADCERT_SKIP_VERIFY   0x80
 Certificate verification was skipped.
#define BADCERT_OTHER   0x0100
 Other reason (can be used by verify callback).

Detailed Description

The X.509 module provides X.509 support which includes:

This module can be used to build a certificate authority (CA) chain and verify its signature. It is also used to generate Certificate Signing Requests and X509 certificates just as a CA would do.


Define Documentation

#define BADCERT_CN_MISMATCH   0x04

The certificate Common Name (CN) does not match with the expected CN.

Definition at line 74 of file x509.h.

Referenced by verify_int(), and x509_crt_verify().

#define BADCERT_EXPIRED   0x01

The certificate validity has expired.

Definition at line 72 of file x509.h.

Referenced by x509_crt_verify_child(), and x509_crt_verify_top().

#define BADCERT_MISSING   0x40

Certificate was missing.

Definition at line 78 of file x509.h.

Referenced by ssl_parse_certificate().

#define BADCERT_NOT_TRUSTED   0x08

The certificate is not correctly signed by the trusted CA.

Definition at line 75 of file x509.h.

Referenced by verify_int(), x509_crt_verify_child(), and x509_crt_verify_top().

#define BADCERT_OTHER   0x0100

Other reason (can be used by verify callback).

Definition at line 80 of file x509.h.

Referenced by verify_int(), and verify_none().

#define BADCERT_REVOKED   0x02

The certificate has been revoked (is on a CRL).

Definition at line 73 of file x509.h.

Referenced by verify_int(), and x509_crt_verifycrl().

#define BADCERT_SKIP_VERIFY   0x80

Certificate verification was skipped.

Definition at line 79 of file x509.h.

Referenced by ssl_parse_certificate().

#define BADCRL_EXPIRED   0x20

CRL is expired.

Definition at line 77 of file x509.h.

Referenced by verify_int(), and x509_crt_verifycrl().

#define BADCRL_NOT_TRUSTED   0x10

CRL is not correctly signed by the trusted CA.

Definition at line 76 of file x509.h.

Referenced by x509_crt_verifycrl().

#define POLARSSL_ERR_X509_BAD_INPUT_DATA   -0x2800
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780

Format not recognized as DER or PEM.

Definition at line 62 of file x509.h.

Referenced by polarssl_strerror(), and x509_crt_parse().

#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2700

Certificate verification failed, e.g.

CRL, CA or signature check failed.

Definition at line 61 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), and x509_crt_verify().

#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080

Unavailable feature, e.g.

RSA hashing/encryption combination.

Definition at line 48 of file x509.h.

Referenced by dhm_self_test(), polarssl_strerror(), x509_crt_parse_path(), x509_get_crt_ext(), and x509_self_test().

#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2900

Read/write of file failed.

Definition at line 65 of file x509.h.

Referenced by polarssl_strerror(), x509_crt_parse_path(), and x509_load_file().

#define POLARSSL_ERR_X509_INVALID_ALG   -0x2300

The algorithm tag or value is invalid.

Definition at line 53 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), and x509_get_alg_null().

#define POLARSSL_ERR_X509_INVALID_DATE   -0x2400

The date tag or value is invalid.

Definition at line 55 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_get_dates(), and x509_get_time().

#define POLARSSL_ERR_X509_INVALID_EXTENSIONS   -0x2500
#define POLARSSL_ERR_X509_INVALID_FORMAT   -0x2180

The CRT/CRL/CSR format is invalid, e.g.

different type expected.

Definition at line 50 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_crt_parse_der_core(), and x509_csr_parse().

#define POLARSSL_ERR_X509_INVALID_NAME   -0x2380

The name tag or value is invalid.

Definition at line 54 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_get_attr_type_value(), and x509_get_name().

#define POLARSSL_ERR_X509_INVALID_SERIAL   -0x2280

The serial tag or value is invalid.

Definition at line 52 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), and x509_get_serial().

#define POLARSSL_ERR_X509_INVALID_SIGNATURE   -0x2480

The signature tag or value invalid.

Definition at line 56 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), and x509_get_sig().

#define POLARSSL_ERR_X509_INVALID_VERSION   -0x2200

The CRT/CRL/CSR version element is invalid.

Definition at line 51 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_crl_get_version(), x509_csr_get_version(), and x509_get_version().

#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2880
#define POLARSSL_ERR_X509_SIG_MISMATCH   -0x2680

Signature algorithms do not match.

(see x509_crt sig_oid)

Definition at line 60 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), and x509_crt_parse_der_core().

#define POLARSSL_ERR_X509_UNKNOWN_OID   -0x2100

Requested OID is unknown.

Definition at line 49 of file x509.h.

Referenced by polarssl_strerror(), and x509_string_to_names().

#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG   -0x2600

Signature algorithm (oid) is unsupported.

Definition at line 59 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_csr_parse(), and x509_get_sig_alg().

#define POLARSSL_ERR_X509_UNKNOWN_VERSION   -0x2580

CRT/CRL/CSR has an unsupported version number.

Definition at line 58 of file x509.h.

Referenced by polarssl_strerror(), verify_int(), x509_crl_parse(), x509_crt_parse_der_core(), and x509_csr_parse().

#define X509_CRT_VERSION_1   0

Definition at line 97 of file x509_crt.h.

#define X509_CRT_VERSION_2   1

Definition at line 98 of file x509_crt.h.

#define X509_CRT_VERSION_3   2

Definition at line 99 of file x509_crt.h.

Referenced by x509write_crt_init().

#define X509_RFC5280_MAX_SERIAL_LEN   32

Definition at line 101 of file x509_crt.h.

#define X509_RFC5280_UTC_TIME_LEN   15

Definition at line 102 of file x509_crt.h.

Referenced by x509write_crt_der(), and x509write_crt_set_validity().


Typedef Documentation

Container for ASN1 bit strings.

Definition at line 158 of file x509.h.

typedef asn1_buf x509_buf

Type-length-value structure that allows for ASN1 using DER.

Definition at line 153 of file x509.h.

typedef struct _x509_crl x509_crl

Certificate revocation list structure.

Every CRL may have multiple entries.

Certificate revocation list entry.

Contains the CA-specific serial numbers and revocation dates.

typedef struct _x509_crt x509_crt

Container for an X.509 certificate.

The certificate may be chained.

typedef struct _x509_csr x509_csr

Certificate Signing Request (CSR) structure.

Container for ASN1 named information objects.

It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).

Definition at line 164 of file x509.h.

Container for a sequence of ASN.1 items.

Definition at line 169 of file x509.h.

typedef struct _x509_time x509_time

Container for date and time (precision in seconds).

Container for writing a certificate (CRT).

typedef struct _x509write_csr x509write_csr

Container for writing a CSR.


Function Documentation

int dhm_parse_dhm ( dhm_context dhm,
const unsigned char *  dhmin,
size_t  dhminlen 
)

Parse DHM parameters.

Parameters:
dhm DHM context to be initialized
dhmin input buffer
dhminlen size of the buffer
Returns:
0 if successful, or a specific DHM or PEM error code

Definition at line 399 of file dhm.c.

References ASN1_CONSTRUCTED, asn1_get_mpi(), asn1_get_tag(), ASN1_SEQUENCE, pem_context::buf, pem_context::buflen, dhm_free(), dhm_context::G, dhm_context::P, pem_free(), pem_init(), pem_read_buffer(), POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_DHM_INVALID_FORMAT, and POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT.

Referenced by dhm_parse_dhmfile(), and dhm_self_test().

int dhm_parse_dhmfile ( dhm_context dhm,
const char *  path 
)

Load and parse DHM parameters.

Parameters:
dhm DHM context to be initialized
path filename to read the DHM Parameters from
Returns:
0 if successful, or a specific DHM or PEM error code

Definition at line 518 of file dhm.c.

References dhm_parse_dhm(), load_file(), and polarssl_free.

void x509_crl_free ( x509_crl crl  ) 
int x509_crl_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_crl crl 
)

Returns an informational string about the CRL.

Parameters:
buf Buffer to write to
size Maximum size of buffer
prefix A line prefix
crl The X509 CRL to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Definition at line 608 of file x509_crl.c.

References _x509_time::day, _x509_crl::entry, _x509_time::hour, _x509_crl::issuer, _asn1_buf::len, _x509_time::min, _x509_time::mon, _x509_crl_entry::next, _x509_crl::next_update, oid_get_sig_alg_desc(), _x509_crl_entry::raw, _x509_crl_entry::revocation_date, SAFE_SNPRINTF, _x509_time::sec, _x509_crl_entry::serial, _x509_crl::sig_oid1, _x509_crl::this_update, _x509_crl::version, x509_dn_gets(), x509_serial_gets(), and _x509_time::year.

Referenced by test_suite_x509_crl_info(), and test_suite_x509parse_crl().

void x509_crl_init ( x509_crl crl  ) 

Initialize a CRL (chain).

Parameters:
crl CRL chain to initialize

Definition at line 687 of file x509_crl.c.

Referenced by test_suite_x509_crl_info(), test_suite_x509_verify(), test_suite_x509parse_crl(), and x509_crl_parse().

int x509_crl_parse ( x509_crl chain,
const unsigned char *  buf,
size_t  buflen 
)
int x509_crl_parse_file ( x509_crl chain,
const char *  path 
)

Load one or more CRLs and add them to the chained list.

Parameters:
chain points to the start of the chain
path filename to read the CRLs from
Returns:
0 if successful, or a specific X509 or PEM error code

Definition at line 530 of file x509_crl.c.

References polarssl_free, x509_crl_parse(), and x509_load_file().

Referenced by test_suite_x509_crl_info(), and test_suite_x509_verify().

void x509_crt_free ( x509_crt crt  ) 
int x509_crt_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_crt crt 
)

Returns an informational string about the certificate.

Parameters:
buf Buffer to write to
size Maximum size of buffer
prefix A line prefix
crt The X509 certificate to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Definition at line 1099 of file x509_crt.c.

References BC, BEFORE_COLON, _x509_time::day, _x509_time::hour, _x509_crt::issuer, _x509_time::min, _x509_time::mon, oid_get_sig_alg_desc(), _x509_crt::pk, pk_get_name(), pk_get_size(), SAFE_SNPRINTF, _x509_time::sec, _x509_crt::serial, _x509_crt::sig_oid1, _x509_crt::subject, _x509_crt::valid_from, _x509_crt::valid_to, _x509_crt::version, x509_dn_gets(), x509_key_size_helper(), x509_serial_gets(), and _x509_time::year.

Referenced by debug_print_crt(), test_suite_x509_cert_info(), and test_suite_x509parse_crt().

void x509_crt_init ( x509_crt crt  ) 
int x509_crt_parse ( x509_crt chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse one or more certificates and add them to the chained list.

Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters:
chain points to the start of the chain
buf buffer holding the certificate data
buflen size of the buffer
Returns:
0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

Definition at line 817 of file x509_crt.c.

References pem_context::buf, pem_context::buflen, pem_free(), pem_init(), pem_read_buffer(), POLARSSL_ERR_PEM_BAD_INPUT_DATA, POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT, POLARSSL_ERR_X509_MALLOC_FAILED, x509_crt_parse_der(), X509_FORMAT_DER, and X509_FORMAT_PEM.

Referenced by ssl_cache_get(), ssl_load_session(), ssl_session_copy(), test_suite_x509parse_crt(), x509_crt_parse_file(), and x509_self_test().

int x509_crt_parse_der ( x509_crt chain,
const unsigned char *  buf,
size_t  buflen 
)

Parse a single DER formatted certificate and add it to the chained list.

Parameters:
chain points to the start of the chain
buf buffer holding the certificate DER data
buflen size of the buffer
Returns:
0 if successful, or a specific X509 or PEM error code

Definition at line 767 of file x509_crt.c.

References _x509_crt::next, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_MALLOC_FAILED, polarssl_free, polarssl_malloc, _x509_crt::version, x509_crt_init(), and x509_crt_parse_der_core().

Referenced by ssl_parse_certificate(), and x509_crt_parse().

int x509_crt_parse_file ( x509_crt chain,
const char *  path 
)

Load one or more certificates and add them to the chained list.

Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters:
chain points to the start of the chain
path filename to read the certificates from
Returns:
0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

Definition at line 922 of file x509_crt.c.

References polarssl_free, x509_crt_parse(), and x509_load_file().

Referenced by test_suite_debug_print_crt(), test_suite_x509_cert_info(), test_suite_x509_dn_gets(), test_suite_x509_time_expired(), test_suite_x509_verify(), and x509_crt_parse_path().

int x509_crt_parse_path ( x509_crt chain,
const char *  path 
)

Load one or more certificate files from a path and add them to the chained list.

Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters:
chain points to the start of the chain
path directory / folder to read the certificate files from
Returns:
0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

Definition at line 939 of file x509_crt.c.

References POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_FEATURE_UNAVAILABLE, POLARSSL_ERR_X509_FILE_IO_ERROR, and x509_crt_parse_file().

int x509_crt_revoked ( const x509_crt crt,
const x509_crl crl 
)

Verify the certificate revocation status.

Parameters:
crt a certificate to be verified
crl the CRL to verify against
Returns:
1 if the certificate is revoked, 0 otherwise

Definition at line 1172 of file x509_crt.c.

References _x509_crl::entry, _asn1_buf::len, _x509_crl_entry::next, _asn1_buf::p, _x509_crl_entry::revocation_date, _x509_crt::serial, _x509_crl_entry::serial, and x509_time_expired().

Referenced by x509_crt_verifycrl().

int x509_crt_verify ( x509_crt crt,
x509_crt trust_ca,
x509_crl ca_crl,
const char *  cn,
int *  flags,
int(*)(void *, x509_crt *, int, int *)  f_vrfy,
void *  p_vrfy 
)

Verify the certificate signature.

The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0).

All flags left after returning from the callback are also returned to the application. The function should return 0 for anything but a fatal error.

Parameters:
crt a certificate to be verified
trust_ca the trusted CA chain
ca_crl the CRL chain for trusted CA's
cn expected Common Name (can be set to NULL if the CN must not be verified)
flags result of the verification
f_vrfy verification function
p_vrfy verification parameter
Returns:
0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED, in which case *flags will have one or more of the following values set: BADCERT_EXPIRED -- BADCERT_REVOKED -- BADCERT_CN_MISMATCH -- BADCERT_NOT_TRUSTED or another error in case of a fatal error encountered during the verification process.

Definition at line 1515 of file x509_crt.c.

References BADCERT_CN_MISMATCH, _asn1_sequence::buf, _x509_crt::ca_istrue, EXT_SUBJECT_ALT_NAME, _x509_crt::ext_types, _x509_crt::issuer_raw, _asn1_buf::len, _x509_crt::next, _asn1_named_data::next, _asn1_sequence::next, _asn1_named_data::oid, OID_AT_CN, OID_CMP, _asn1_buf::p, POLARSSL_ERR_X509_CERT_VERIFY_FAILED, _x509_crt::subject, _x509_crt::subject_alt_names, _x509_crt::subject_raw, _asn1_named_data::val, _x509_crt::version, x509_crt_verify_child(), x509_crt_verify_top(), x509_name_cmp(), and x509_wildcard_verify().

Referenced by ssl_parse_certificate(), test_suite_x509_verify(), and x509_self_test().

void x509_csr_free ( x509_csr csr  ) 

Unallocate all CSR data.

Parameters:
csr CSR to free

Definition at line 417 of file x509_csr.c.

References _asn1_buf::len, _asn1_named_data::next, _asn1_buf::p, _x509_csr::pk, pk_free(), polarssl_free, _x509_csr::raw, and _x509_csr::subject.

Referenced by x509_csr_parse().

int x509_csr_info ( char *  buf,
size_t  size,
const char *  prefix,
const x509_csr csr 
)

Returns an informational string about the CSR.

Parameters:
buf Buffer to write to
size Maximum size of buffer
prefix A line prefix
csr The X509 CSR to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Definition at line 362 of file x509_csr.c.

References BC, BEFORE_COLON, oid_get_sig_alg_desc(), _x509_csr::pk, pk_get_name(), pk_get_size(), SAFE_SNPRINTF, _x509_csr::sig_oid, _x509_csr::subject, _x509_csr::version, x509_dn_gets(), and x509_key_size_helper().

void x509_csr_init ( x509_csr csr  ) 

Initialize a CSR.

Parameters:
csr CSR to initialize

Definition at line 409 of file x509_csr.c.

Referenced by x509_csr_parse().

int x509_csr_parse ( x509_csr csr,
const unsigned char *  buf,
size_t  buflen 
)
int x509_csr_parse_file ( x509_csr csr,
const char *  path 
)

Load a Certificate Signing Request (CSR).

Parameters:
csr CSR context to fill
path filename to read the CSR from
Returns:
0 if successful, or a specific X509 or PEM error code

Definition at line 287 of file x509_csr.c.

References polarssl_free, x509_csr_parse(), and x509_load_file().


Generated on 9 Apr 2014 for PolarSSL v1.3.2 by  doxygen 1.6.1