x509_crt_check_san() function

Retrieve an AlgorithmIdentifier ASN.1 sequence. Updates the pointer to immediately behind the full AlgorithmIdentifier.

Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params. Updates the pointer to immediately behind the full AlgorithmIdentifier.

This function parses an item in the SubjectAlternativeNames extension. \warning The target structure contains pointers to the raw data of the parsed certificate, and its lifetime is restricted by the lifetime of the certificate.

Store the certificate serial in printable form into buf; no more than size characters will be written.

Translate an ASN.1 OID into its numeric representation (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")

Translate an X.509 extension OID into local values

Translate an X.509 attribute type OID into the short name (e.g. the OID for an X520 Common Name into "CN")

Translate PublicKeyAlgorithm OID into pk_type

Translate NamedCurve OID into an EC group identifier

Translate SignatureAlgorithm OID into md_type and pk_type

Translate SignatureAlgorithm OID into description

Translate hmac algorithm OID into md_type

Translate Extended Key Usage OID into description

Translate certificate policies OID into description

Translate encryption algorithm OID into cipher_type

PKCS#5 PBES2 function \warning When decrypting: - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile time, this function validates the CBC padding and returns #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255). - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile time, this function does not validate the CBC padding.

Translate hash algorithm OID into md_type