SourceVu will show references to mbedtls_x509_crt from the following samples and libraries:
Symbols ![]()
loading...
Files ![]()
loading...
mbedtls_x509_crt struct
Container for an X.509 certificate. The certificate may be chained. Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.
Syntax
typedef struct mbedtls_x509_crt
{
int MBEDTLS_PRIVATE(own_buffer);
mbedtls_x509_buf raw;
mbedtls_x509_buf tbs;
int version;
mbedtls_x509_buf serial;
mbedtls_x509_buf sig_oid;
mbedtls_x509_buf issuer_raw;
mbedtls_x509_buf subject_raw;
mbedtls_x509_name issuer;
mbedtls_x509_name subject;
mbedtls_x509_time valid_from;
mbedtls_x509_time valid_to;
mbedtls_x509_buf pk_raw;
mbedtls_pk_context pk;
mbedtls_x509_buf issuer_id;
mbedtls_x509_buf subject_id;
mbedtls_x509_buf v3_ext;
mbedtls_x509_sequence subject_alt_names;
mbedtls_x509_buf subject_key_id;
mbedtls_x509_authority authority_key_id;
mbedtls_x509_sequence certificate_policies;
int MBEDTLS_PRIVATE(ext_types);
int MBEDTLS_PRIVATE(ca_istrue);
int MBEDTLS_PRIVATE(max_pathlen);
unsigned int MBEDTLS_PRIVATE(key_usage);
mbedtls_x509_sequence ext_key_usage;
unsigned char MBEDTLS_PRIVATE(ns_cert_type);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);
void *MBEDTLS_PRIVATE(sig_opts);
struct mbedtls_x509_crt *next;
}
mbedtls_x509_crt;
Fields
Field
Declared as
Description
private_own_buffer
int MBEDTLS_PRIVATE
Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name.
Optional X.509 v3 extension authority key identifier.
Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
private_ext_types
int MBEDTLS_PRIVATE
private_ca_istrue
int MBEDTLS_PRIVATE
private_max_pathlen
int MBEDTLS_PRIVATE
private_key_usage
private_ns_cert_type
private_sig
private_sig_md
private_sig_pk
private_sig_opts
Next certificate in the linked list that constitutes the CA chain. \p NULL indicates the end of the list. Do not modify this field directly.
Related Functions
Found 47 other functions taking a mbedtls_x509_crt
argument:
Function
Description
Unallocate all certificate data
Initialize a certificate (chain)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list. For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence \c 0 if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing. PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific '-----{BEGIN/END} CERTIFICATE-----' delimiters.
Set the data required to verify peer certificate
Parse a single DER formatted certificate and add it to the end of the provided chained list.
Check usage of certificate against keyUsage extension.
Set own certificate chain and private key
Verify a chain of certificates. The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0). All flags left after returning from the callback are also returned to the application. The function should return 0 for anything (including invalid certificates) other than fatal error, as a non-zero return code immediately aborts the verification process. For fatal errors, a specific error code should be used (different from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR can be used if no better code is available.
Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
Restartable version of \c mbedtls_crt_verify_with_profile()
Check usage of certificate against extendedKeyUsage.
Verify the certificate revocation status
Set own certificate and key for the current handshake
Set the data required to verify peer certificate for the current handshake
Set DN hints sent to client in CertificateRequest message
Parse a single DER formatted certificate and add it to the end of the provided chained list.
Parse a single DER formatted certificate and add it to the end of the provided chained list. This is a variant of mbedtls_x509_crt_parse_der() which takes temporary ownership of the CRT buffer until the CRT is destroyed.
Load one or more certificate files from a path and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
Returns an informational string about the certificate.
Verify a chain of certificates with respect to a configurable security profile.
Access the ca_istrue field
Check if the given CA certificate chain is the default "dummy" certificate chain attached by the esp_crt_bundle
Verification of PKCS #7 signature against a caller-supplied certificate. For each signer in the PKCS structure, this function computes a signature over the supplied data, using the supplied certificate and the same digest algorithm as specified by the signer. It then compares this signature against the signer's signature; verification succeeds if any comparison matches. This function does not use the certificates held within the PKCS #7 structure itself, and does not check that the certificate is signed by a trusted certification authority.
Verification of PKCS #7 signature against a caller-supplied certificate. For each signer in the PKCS structure, this function validates a signature over the supplied hash, using the supplied certificate and the same digest algorithm as specified by the signer. Verification succeeds if any signature is good. This function does not use the certificates held within the PKCS #7 structure itself, and does not check that the certificate is signed by a trusted certification authority.
certificates :: SET OF ExtendedCertificateOrCertificate, ExtendedCertificateOrCertificate ::= CHOICE { certificate Certificate -- x509, extendedCertificate[0] IMPLICIT ExtendedCertificate } Return number of certificates added to the signed data, 0 or higher is valid. Return negative error code for failure.
Set DN hints sent to client in CertificateRequest message
Query certificate for given extension type
Print a X.509 certificate structure to the debug output. This function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, which supplies the ssl context, file and line number parameters. \attention This function is intended for INTERNAL usage within the library only.