mbedtls_x509_crt_parse_der_with_ext_cb() function

The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of ::mbedtls_x509_crt initialized through mbedtls_x509_crt_init().

The buffer holding the DER encoded certificate.

The size in Bytes of \p buf.

When not zero this function makes an internal copy of the CRT buffer \p buf. In particular, \p buf may be destroyed or reused after this call returns. When zero this function avoids duplicating the CRT buffer by taking temporary ownership thereof until the CRT is destroyed (like mbedtls_x509_crt_parse_der_nocopy())

A callback invoked for every unsupported certificate extension.

An opaque context passed to the callback.

Unallocate all certificate data

Parse a single DER formatted certificate and add it to the end of the provided chained list.

Initialize a certificate (chain)

Restartable version of \c mbedtls_crt_verify_with_profile()

Parse a single DER formatted certificate and add it to the end of the provided chained list. This is a variant of mbedtls_x509_crt_parse_der() which takes temporary ownership of the CRT buffer until the CRT is destroyed.

Set the data required to verify peer certificate

Set own certificate chain and private key

Set own certificate and key for the current handshake

Set the data required to verify peer certificate for the current handshake

Verify a chain of certificates with respect to a configurable security profile.

Verify a chain of certificates. The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0). All flags left after returning from the callback are also returned to the application. The function should return 0 for anything (including invalid certificates) other than fatal error, as a non-zero return code immediately aborts the verification process. For fatal errors, a specific error code should be used (different from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR can be used if no better code is available.

Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list. For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence \c 0 if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing. PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific '-----{BEGIN/END} CERTIFICATE-----' delimiters.

Returns an informational string about the certificate.

Print a X.509 certificate structure to the debug output. This function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, which supplies the ssl context, file and line number parameters. \attention This function is intended for INTERNAL usage within the library only.