Symbols ![]()
loading...
Files ![]()
loading...
mbedtls_x509_crl struct
Certificate revocation list structure. Every CRL may have multiple entries.
Syntax
typedef struct mbedtls_x509_crl
{
mbedtls_x509_buf raw;
mbedtls_x509_buf tbs;
int version;
mbedtls_x509_buf sig_oid;
mbedtls_x509_buf issuer_raw;
mbedtls_x509_name issuer;
mbedtls_x509_time this_update;
mbedtls_x509_time next_update;
mbedtls_x509_crl_entry entry;
mbedtls_x509_buf crl_ext;
mbedtls_x509_buf sig_oid2;
mbedtls_x509_buf sig;
mbedtls_md_type_t sig_md;
mbedtls_pk_type_t sig_pk;
void *sig_opts;
struct mbedtls_x509_crl *next;
}
mbedtls_x509_crl;
Fields
Field
Declared as
Description
The CRL entries containing the certificate revocation times for this CA.
Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256.
Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA.
void *
Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS.
Related Functions
Found 10 other functions taking a mbedtls_x509_crl
argument:
Function
Description
Set the data required to verify peer certificate
Restartable version of \c mbedtls_crt_verify_with_profile()
Verify the certificate signature The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0). All flags left after returning from the callback are also returned to the application. The function should return 0 for anything (including invalid certificates) other than fatal error, as a non-zero return code immediately aborts the verification process. For fatal errors, a specific error code should be used (different from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR can be used if no better code is available.
Verify the certificate signature according to profile
Parse a DER-encoded CRL and append it to the chained list
Parse one or more CRLs and append them to the chained list
Returns an informational string about the CRL.
Initialize a CRL (chain)
Unallocate all CRL data