SourceVu will show references to mbedtls_x509_crt from the following samples and libraries:
Symbols ![]()
loading...
Files ![]()
loading...
mbedtls_x509_crt struct
Container for an X.509 certificate. The certificate may be chained.
Syntax
typedef struct mbedtls_x509_crt
{
mbedtls_x509_buf raw;
mbedtls_x509_buf tbs;
int version;
mbedtls_x509_buf serial;
mbedtls_x509_buf sig_oid;
mbedtls_x509_buf issuer_raw;
mbedtls_x509_buf subject_raw;
mbedtls_x509_name issuer;
mbedtls_x509_name subject;
mbedtls_x509_time valid_from;
mbedtls_x509_time valid_to;
mbedtls_pk_context pk;
mbedtls_x509_buf issuer_id;
mbedtls_x509_buf subject_id;
mbedtls_x509_buf v3_ext;
mbedtls_x509_sequence subject_alt_names;
int ext_types;
int ca_istrue;
int max_pathlen;
unsigned int key_usage;
mbedtls_x509_sequence ext_key_usage;
unsigned char ns_cert_type;
mbedtls_x509_buf sig;
mbedtls_md_type_t sig_md;
mbedtls_pk_type_t sig_pk;
void *sig_opts;
struct mbedtls_x509_crt *next;
}
mbedtls_x509_crt;
Fields
Field
Declared as
Description
Optional list of Subject Alternative Names (Only dNSName supported).
int
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
int
Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+.
unsigned int
Optional key usage extension value: See the values in x509.h.
unsigned char
Optional Netscape certificate type extension value: See the values in x509.h.
Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256.
Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA.
void *
Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS.
Related Functions
Found 22 other functions taking a mbedtls_x509_crt
argument:
Function
Description
Unallocate all certificate data
Initialize a certificate (chain)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list. For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence \c 0 if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing. PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific '-----{BEGIN/END} CERTIFICATE-----' delimiters.
Set the data required to verify peer certificate
Parse a single DER formatted certificate and add it to the chained list.
Set own certificate chain and private key
Restartable version of \c mbedtls_crt_verify_with_profile()
Returns an informational string about the certificate.
Verify the certificate signature The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0). All flags left after returning from the callback are also returned to the application. The function should return 0 for anything (including invalid certificates) other than fatal error, as a non-zero return code immediately aborts the verification process. For fatal errors, a specific error code should be used (different from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR can be used if no better code is available.
Verify the certificate signature according to profile
Print a X.509 certificate structure to the debug output. This function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, which supplies the ssl context, file and line number parameters. \attention This function is intended for INTERNAL usage within the library only.