Data Structures
struct	mbedtls_x509_time

struct	mbedtls_x509_crl_entry

struct	mbedtls_x509_crl

struct	mbedtls_x509_crt

struct	mbedtls_x509_san_other_name

struct	mbedtls_x509_subject_alternative_name

struct	mbedtls_x509_crt_profile

struct	mbedtls_x509write_cert

struct	mbedtls_x509_crt_verify_chain_item

struct	mbedtls_x509_crt_verify_chain

struct	mbedtls_x509_crt_restart_ctx
	Context for resuming X.509 verify operations. More...

struct	mbedtls_x509_csr

struct	mbedtls_x509write_csr

Macros
#define	MBEDTLS_X509_MAX_INTERMEDIATE_CA 8

X509 Error codes
#define	MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080

#define	MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100

#define	MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180

#define	MBEDTLS_ERR_X509_INVALID_VERSION -0x2200

#define	MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280

#define	MBEDTLS_ERR_X509_INVALID_ALG -0x2300

#define	MBEDTLS_ERR_X509_INVALID_NAME -0x2380

#define	MBEDTLS_ERR_X509_INVALID_DATE -0x2400

#define	MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480

#define	MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500

#define	MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580

#define	MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600

#define	MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680

#define	MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700

#define	MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780

#define	MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800

#define	MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880

#define	MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900

#define	MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980

#define	MBEDTLS_ERR_X509_FATAL_ERROR -0x3000

X509 Verify codes
#define	MBEDTLS_X509_BADCERT_EXPIRED 0x01

#define	MBEDTLS_X509_BADCERT_REVOKED 0x02

#define	MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04

#define	MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08

#define	MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10

#define	MBEDTLS_X509_BADCRL_EXPIRED 0x20

#define	MBEDTLS_X509_BADCERT_MISSING 0x40

#define	MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80

#define	MBEDTLS_X509_BADCERT_OTHER 0x0100

#define	MBEDTLS_X509_BADCERT_FUTURE 0x0200

#define	MBEDTLS_X509_BADCRL_FUTURE 0x0400

#define	MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800

#define	MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000

#define	MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000

#define	MBEDTLS_X509_BADCERT_BAD_MD 0x4000

#define	MBEDTLS_X509_BADCERT_BAD_PK 0x8000

#define	MBEDTLS_X509_BADCERT_BAD_KEY 0x010000

#define	MBEDTLS_X509_BADCRL_BAD_MD 0x020000

#define	MBEDTLS_X509_BADCRL_BAD_PK 0x040000

#define	MBEDTLS_X509_BADCRL_BAD_KEY 0x080000

Structures for parsing X.509 certificates, CRLs and CSRs
typedef mbedtls_asn1_buf	mbedtls_x509_buf

typedef mbedtls_asn1_bitstring	mbedtls_x509_bitstring

typedef mbedtls_asn1_named_data	mbedtls_x509_name

typedef mbedtls_asn1_sequence	mbedtls_x509_sequence

typedef struct mbedtls_x509_time	mbedtls_x509_time

Structures and functions for parsing CRLs
typedef struct mbedtls_x509_crl_entry	mbedtls_x509_crl_entry

typedef struct mbedtls_x509_crl	mbedtls_x509_crl

int	mbedtls_x509_crl_parse_der (mbedtls_x509_crl chain, const unsigned char buf, size_t buflen)
	Parse a DER-encoded CRL and append it to the chained list. More...

int	mbedtls_x509_crl_parse (mbedtls_x509_crl chain, const unsigned char buf, size_t buflen)
	Parse one or more CRLs and append them to the chained list. More...

int	mbedtls_x509_crl_parse_file (mbedtls_x509_crl chain, const char path)
	Load one or more CRLs and append them to the chained list. More...

void	mbedtls_x509_crl_init (mbedtls_x509_crl *crl)
	Initialize a CRL (chain) More...

void	mbedtls_x509_crl_free (mbedtls_x509_crl *crl)
	Unallocate all CRL data. More...

Structures and functions for parsing and writing X.509 certificates
typedef struct mbedtls_x509_crt	mbedtls_x509_crt

typedef struct mbedtls_x509_san_other_name	mbedtls_x509_san_other_name

typedef struct mbedtls_x509_subject_alternative_name	mbedtls_x509_subject_alternative_name

typedef struct mbedtls_x509_crt_profile	mbedtls_x509_crt_profile

typedef struct mbedtls_x509write_cert	mbedtls_x509write_cert

typedef int(*	mbedtls_x509_crt_ext_cb_t )(void p_ctx, mbedtls_x509_crt const crt, mbedtls_x509_buf const oid, int critical, const unsigned char p, const unsigned char *end)
	The type of certificate extension callbacks. More...

typedef int(*	mbedtls_x509_crt_ca_cb_t )(void p_ctx, mbedtls_x509_crt const child, mbedtls_x509_crt **candidate_cas)
	The type of trusted certificate callbacks. More...

const mbedtls_x509_crt_profile	mbedtls_x509_crt_profile_default

const mbedtls_x509_crt_profile	mbedtls_x509_crt_profile_next

const mbedtls_x509_crt_profile	mbedtls_x509_crt_profile_suiteb

const mbedtls_x509_crt_profile	mbedtls_x509_crt_profile_none

int	mbedtls_x509_crt_parse_der (mbedtls_x509_crt chain, const unsigned char buf, size_t buflen)
	Parse a single DER formatted certificate and add it to the end of the provided chained list. More...

int	mbedtls_x509_crt_parse_der_with_ext_cb (mbedtls_x509_crt chain, const unsigned char buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
	Parse a single DER formatted certificate and add it to the end of the provided chained list. More...

int	mbedtls_x509_crt_parse_der_nocopy (mbedtls_x509_crt chain, const unsigned char buf, size_t buflen)
	Parse a single DER formatted certificate and add it to the end of the provided chained list. This is a variant of mbedtls_x509_crt_parse_der() which takes temporary ownership of the CRT buffer until the CRT is destroyed. More...

int	mbedtls_x509_crt_parse (mbedtls_x509_crt chain, const unsigned char buf, size_t buflen)
	Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list. More...

int	mbedtls_x509_crt_parse_file (mbedtls_x509_crt chain, const char path)
	Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. More...

int	mbedtls_x509_crt_parse_path (mbedtls_x509_crt chain, const char path)
	Load one or more certificate files from a path and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned. More...

int	mbedtls_x509_parse_subject_alt_name (const mbedtls_x509_buf san_buf, mbedtls_x509_subject_alternative_name san)
	This function parses an item in the SubjectAlternativeNames extension. More...

int	mbedtls_x509_crt_verify (mbedtls_x509_crt crt, mbedtls_x509_crt trust_ca, mbedtls_x509_crl ca_crl, const char cn, uint32_t flags, int(f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ), void p_vrfy)
	Verify a chain of certificates. More...

int	mbedtls_x509_crt_verify_with_profile (mbedtls_x509_crt crt, mbedtls_x509_crt trust_ca, mbedtls_x509_crl ca_crl, const mbedtls_x509_crt_profile profile, const char cn, uint32_t flags, int(f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ), void *p_vrfy)
	Verify a chain of certificates with respect to a configurable security profile. More...

int	mbedtls_x509_crt_verify_restartable (mbedtls_x509_crt crt, mbedtls_x509_crt trust_ca, mbedtls_x509_crl ca_crl, const mbedtls_x509_crt_profile profile, const char cn, uint32_t flags, int(f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ), void p_vrfy, mbedtls_x509_crt_restart_ctx rs_ctx)
	Restartable version of `mbedtls_crt_verify_with_profile()` More...

int	mbedtls_x509_crt_verify_with_ca_cb (mbedtls_x509_crt crt, mbedtls_x509_crt_ca_cb_t f_ca_cb, void p_ca_cb, const mbedtls_x509_crt_profile profile, const char cn, uint32_t flags, int(f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ), void p_vrfy)
	Version of `mbedtls_x509_crt_verify_with_profile()` which uses a callback to acquire the list of trusted CA certificates. More...

int	mbedtls_x509_crt_check_key_usage (const mbedtls_x509_crt *crt, unsigned int usage)
	Check usage of certificate against keyUsage extension. More...

int	mbedtls_x509_crt_check_extended_key_usage (const mbedtls_x509_crt crt, const char usage_oid, size_t usage_len)
	Check usage of certificate against extendedKeyUsage. More...

int	mbedtls_x509_crt_is_revoked (const mbedtls_x509_crt crt, const mbedtls_x509_crl crl)
	Verify the certificate revocation status. More...

void	mbedtls_x509_crt_init (mbedtls_x509_crt *crt)
	Initialize a certificate (chain) More...

void	mbedtls_x509_crt_free (mbedtls_x509_crt *crt)
	Unallocate all certificate data. More...

void	mbedtls_x509_crt_restart_init (mbedtls_x509_crt_restart_ctx *ctx)
	Initialize a restart context. More...

void	mbedtls_x509_crt_restart_free (mbedtls_x509_crt_restart_ctx *ctx)
	Free the components of a restart context. More...

#define	MBEDTLS_X509_ID_FLAG(id) ( 1 << ( (id) - 1 ) )

#define	MBEDTLS_X509_CRT_VERSION_1 0

#define	MBEDTLS_X509_CRT_VERSION_2 1

#define	MBEDTLS_X509_CRT_VERSION_3 2

#define	MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32

#define	MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15

#define	MBEDTLS_X509_MAX_FILE_PATH_LEN 512

#define	MBEDTLS_X509_CRT_ERROR_INFO_LIST

#define	MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )

Structures and functions for X.509 Certificate Signing Requests (CSR)
typedef struct mbedtls_x509_csr	mbedtls_x509_csr

typedef struct mbedtls_x509write_csr	mbedtls_x509write_csr

int	mbedtls_x509_csr_parse_der (mbedtls_x509_csr csr, const unsigned char buf, size_t buflen)
	Load a Certificate Signing Request (CSR) in DER format. More...

int	mbedtls_x509_csr_parse (mbedtls_x509_csr csr, const unsigned char buf, size_t buflen)
	Load a Certificate Signing Request (CSR), DER or PEM format. More...

int	mbedtls_x509_csr_parse_file (mbedtls_x509_csr csr, const char path)
	Load a Certificate Signing Request (CSR) More...

void	mbedtls_x509_csr_init (mbedtls_x509_csr *csr)
	Initialize a CSR. More...

void	mbedtls_x509_csr_free (mbedtls_x509_csr *csr)
	Unallocate all CSR data. More...

Detailed Description

The X.509 module provides X.509 support for reading, writing and verification of certificates. In summary:

X.509 certificate (CRT) reading (see mbedtls_x509_crt_parse(), mbedtls_x509_crt_parse_der(), mbedtls_x509_crt_parse_file()).
X.509 certificate revocation list (CRL) reading (see mbedtls_x509_crl_parse(), mbedtls_x509_crl_parse_der(), and mbedtls_x509_crl_parse_file()).
X.509 certificate signature verification (see mbedtls_x509_crt_verify() and mbedtls_x509_crt_verify_with_profile().
X.509 certificate writing and certificate request writing (see mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der()).

This module can be used to build a certificate authority (CA) chain and verify its signature. It is also used to generate Certificate Signing Requests and X.509 certificates just as a CA would do.

Macro Definition Documentation

#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880

Allocation of memory failed.

Definition at line 89 of file x509.h.

#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800

Input invalid.

Definition at line 87 of file x509.h.

#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980

Destination buffer is too small.

Definition at line 93 of file x509.h.

#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780

Format not recognized as DER or PEM.

Definition at line 85 of file x509.h.

#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700

Certificate verification failed, e.g. CRL, CA or signature check failed.

Definition at line 83 of file x509.h.

#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000

A fatal error occurred, eg the chain is too long or the vrfy callback failed.

Definition at line 95 of file x509.h.

#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080

Unavailable feature, e.g. RSA hashing/encryption combination.

Definition at line 57 of file x509.h.

#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900

Read/write of file failed.

Definition at line 91 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300

The algorithm tag or value is invalid.

Definition at line 67 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400

The date tag or value is invalid.

Definition at line 71 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500

The extension tag or value is invalid.

Definition at line 75 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180

The CRT/CRL/CSR format is invalid, e.g. different type expected.

Definition at line 61 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380

The name tag or value is invalid.

Definition at line 69 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280

The serial tag or value is invalid.

Definition at line 65 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480

The signature tag or value invalid.

Definition at line 73 of file x509.h.

#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200

The CRT/CRL/CSR version element is invalid.

Definition at line 63 of file x509.h.

#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680

Signature algorithms do not match. (see mbedtls_x509_crt sig_oid)

Definition at line 81 of file x509.h.

#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100

Requested OID is unknown.

Definition at line 59 of file x509.h.

#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600

Signature algorithm (oid) is unsupported.

Definition at line 79 of file x509.h.

#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580

CRT/CRL/CSR has an unsupported version number.

Definition at line 77 of file x509.h.

#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000

The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

Definition at line 119 of file x509.h.

#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000

The certificate is signed with an unacceptable hash.

Definition at line 117 of file x509.h.

#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000

The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).

Definition at line 118 of file x509.h.

#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04

The certificate Common Name (CN) does not match with the expected CN.

Definition at line 105 of file x509.h.

#define MBEDTLS_X509_BADCERT_EXPIRED 0x01

The certificate validity has expired.

Definition at line 103 of file x509.h.

#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000

Usage does not match the extendedKeyUsage extension.

Definition at line 115 of file x509.h.

#define MBEDTLS_X509_BADCERT_FUTURE 0x0200

The certificate validity starts in the future.

Definition at line 112 of file x509.h.

#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800

Usage does not match the keyUsage extension.

Definition at line 114 of file x509.h.

#define MBEDTLS_X509_BADCERT_MISSING 0x40

Certificate was missing.

Definition at line 109 of file x509.h.

#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08

The certificate is not correctly signed by the trusted CA.

Definition at line 106 of file x509.h.

#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000

Usage does not match the nsCertType extension.

Definition at line 116 of file x509.h.

#define MBEDTLS_X509_BADCERT_OTHER 0x0100

Other reason (can be used by verify callback)

Definition at line 111 of file x509.h.

#define MBEDTLS_X509_BADCERT_REVOKED 0x02

The certificate has been revoked (is on a CRL).

Definition at line 104 of file x509.h.

#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80

Certificate verification was skipped.

Definition at line 110 of file x509.h.

#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000

The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

Definition at line 122 of file x509.h.

#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000

The CRL is signed with an unacceptable hash.

Definition at line 120 of file x509.h.

#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000

The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).

Definition at line 121 of file x509.h.

#define MBEDTLS_X509_BADCRL_EXPIRED 0x20

The CRL is expired.

Definition at line 108 of file x509.h.

#define MBEDTLS_X509_BADCRL_FUTURE 0x0400

The CRL is from the future

Definition at line 113 of file x509.h.

#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10

The CRL is not correctly signed by the trusted CA.

Definition at line 107 of file x509.h.

#define MBEDTLS_X509_CRT_ERROR_INFO_LIST

Definition at line 216 of file x509_crt.h.

#define MBEDTLS_X509_CRT_VERSION_1 0

Definition at line 199 of file x509_crt.h.

#define MBEDTLS_X509_CRT_VERSION_2 1

Definition at line 200 of file x509_crt.h.

#define MBEDTLS_X509_CRT_VERSION_3 2

Definition at line 201 of file x509_crt.h.

#define MBEDTLS_X509_ID_FLAG ( id ) ( 1 << ( (id) - 1 ) )

Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.

Definition at line 163 of file x509_crt.h.

#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512

Definition at line 207 of file x509_crt.h.

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8

Maximum number of intermediate CAs in a verification chain. That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate.

Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.

Definition at line 49 of file x509.h.

#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )

Max size of verification chain: end-entity + intermediates + trusted root

Definition at line 307 of file x509_crt.h.

#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32

Definition at line 203 of file x509_crt.h.

#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15

Definition at line 204 of file x509_crt.h.

Typedef Documentation

typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring

Container for ASN1 bit strings.

Definition at line 233 of file x509.h.

typedef mbedtls_asn1_buf mbedtls_x509_buf

Type-length-value structure that allows for ASN1 using DER.

Definition at line 228 of file x509.h.

typedef struct mbedtls_x509_crl mbedtls_x509_crl

Certificate revocation list structure. Every CRL may have multiple entries.

typedef struct mbedtls_x509_crl_entry mbedtls_x509_crl_entry

Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

typedef struct mbedtls_x509_crt mbedtls_x509_crt

Container for an X.509 certificate. The certificate may be chained.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

typedef int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)

The type of trusted certificate callbacks.

Callbacks of this type are passed to and used by the CRT verification routine mbedtls_x509_crt_verify_with_ca_cb() when looking for trusted signers of a given certificate.

On success, the callback returns a list of trusted certificates to be considered as potential signers for the input certificate.

Parameters

p_ctx	An opaque context passed to the callback.
child	The certificate for which to search a potential signer. This will point to a readable certificate.
candidate_cas	The address at which to store the address of the first entry in the generated linked list of candidate signers. This will not be `NULL`.

Note: The callback must only return a non-zero value on a fatal error. If, in contrast, the search for a potential signer completes without a single candidate, the callback must return 0 and set *candidate_cas to NULL.

Returns: 0 on success. In this case, *candidate_cas points to a heap-allocated linked list of instances of mbedtls_x509_crt, and ownership of this list is passed to the caller.; A negative error code on failure.

Definition at line 840 of file x509_crt.h.

typedef int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)

The type of certificate extension callbacks.

Callbacks of this type are passed to and used by the mbedtls_x509_crt_parse_der_with_ext_cb() routine when it encounters either an unsupported extension or a "certificate policies" extension containing any unsupported certificate policies. Future versions of the library may invoke the callback in other cases, if and when the need arises.

Parameters

p_ctx	An opaque context passed to the callback.
crt	The certificate being parsed.
oid	The OID of the extension.
critical	Whether the extension is critical.
p	Pointer to the start of the extension value (the content of the OCTET STRING).
end	End of extension value.

Note: The callback must fail and return a negative error code if it can not parse or does not support the extension. When the callback fails to parse a critical extension mbedtls_x509_crt_parse_der_with_ext_cb() also fails. When the callback fails to parse a non critical extension mbedtls_x509_crt_parse_der_with_ext_cb() simply skips the extension and continues parsing.

Returns: 0 on success.; A negative error code on failure.

Definition at line 449 of file x509_crt.h.

typedef struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile

Security profile for certificate verification.

All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().

The fields of this structure are part of the public API and can be manipulated directly by applications. Future versions of the library may add extra fields or reorder existing fields.

You can create custom profiles by starting from a copy of an existing profile, such as mbedtls_x509_crt_profile_default or mbedtls_x509_ctr_profile_none and then tune it to your needs.

For example to allow SHA-224 in addition to the default:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );

Or to allow only RSA-3072+ with SHA-256:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); my_profile.rsa_min_bitlen = 3072;

typedef struct mbedtls_x509_csr mbedtls_x509_csr

Certificate Signing Request (CSR) structure.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields point to is unspecified.

typedef mbedtls_asn1_named_data mbedtls_x509_name

Container for ASN1 named information objects. It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).

Definition at line 239 of file x509.h.

typedef struct mbedtls_x509_san_other_name mbedtls_x509_san_other_name

From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }

Future versions of the library may add new fields to this structure or to its embedded union and structure.

typedef mbedtls_asn1_sequence mbedtls_x509_sequence

Container for a sequence of ASN.1 items

Definition at line 244 of file x509.h.

typedef struct mbedtls_x509_subject_alternative_name mbedtls_x509_subject_alternative_name

A structure for holding the parsed Subject Alternative Name, according to type.

Future versions of the library may add new fields to this structure or to its embedded union and structure.

typedef struct mbedtls_x509_time mbedtls_x509_time

Container for date and time (precision in seconds).

typedef struct mbedtls_x509write_cert mbedtls_x509write_cert

Container for writing a certificate (CRT)

typedef struct mbedtls_x509write_csr mbedtls_x509write_csr

Container for writing a CSR

Function Documentation

void mbedtls_x509_crl_free ( mbedtls_x509_crl * crl )

Unallocate all CRL data.

Parameters

crl	CRL chain to free

void mbedtls_x509_crl_init ( mbedtls_x509_crl * crl )

Initialize a CRL (chain)

Parameters

crl	CRL chain to initialize

int mbedtls_x509_crl_parse	(	mbedtls_x509_crl *	chain,
		const unsigned char *	buf,
		size_t	buflen
	)

Parse one or more CRLs and append them to the chained list.

Note: Multiple CRLs are accepted only if using PEM format

Parameters

chain	points to the start of the chain
buf	buffer holding the CRL data in PEM or DER format
buflen	size of the buffer (including the terminating null byte for PEM data)

Returns: 0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_crl_parse_der	(	mbedtls_x509_crl *	chain,
		const unsigned char *	buf,
		size_t	buflen
	)

Parse a DER-encoded CRL and append it to the chained list.

Parameters

chain	points to the start of the chain
buf	buffer holding the CRL data in DER format
buflen	size of the buffer (including the terminating null byte for PEM data)

Returns: 0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_crl_parse_file	(	mbedtls_x509_crl *	chain,
		const char *	path
	)

Load one or more CRLs and append them to the chained list.

Note: Multiple CRLs are accepted only if using PEM format

Parameters

chain	points to the start of the chain
path	filename to read the CRLs from (in PEM or DER encoding)

Returns: 0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_crt_check_extended_key_usage	(	const mbedtls_x509_crt *	crt,
		const char *	usage_oid,
		size_t	usage_len
	)

Check usage of certificate against extendedKeyUsage.

Parameters

crt	Leaf certificate used.
usage_oid	Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
usage_len	Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).

Returns: 0 if this use of the certificate is allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.

Note: Usually only makes sense on leaf certificates.

int mbedtls_x509_crt_check_key_usage	(	const mbedtls_x509_crt *	crt,
		unsigned int	usage
	)

Check usage of certificate against keyUsage extension.

Parameters

crt	Leaf certificate used.
usage	Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the certificate to perform an RSA key exchange).

Note: Except for decipherOnly and encipherOnly, a bit set in the usage argument means this bit MUST be set in the certificate. For decipherOnly and encipherOnly, it means that bit MAY be set.

Returns: 0 is these uses of the certificate are allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension is present but does not match the usage argument.

Note: You should only call this function on leaf certificates, on (intermediate) CAs the keyUsage extension is automatically checked by mbedtls_x509_crt_verify().

void mbedtls_x509_crt_free ( mbedtls_x509_crt * crt )

Unallocate all certificate data.

Parameters

crt	Certificate chain to free

void mbedtls_x509_crt_init ( mbedtls_x509_crt * crt )

Initialize a certificate (chain)

Parameters

crt	Certificate chain to initialize

int mbedtls_x509_crt_is_revoked	(	const mbedtls_x509_crt *	crt,
		const mbedtls_x509_crl *	crl
	)

Verify the certificate revocation status.

Parameters

crt	a certificate to be verified
crl	the CRL to verify against

Returns: 1 if the certificate is revoked, 0 otherwise

int mbedtls_x509_crt_parse	(	mbedtls_x509_crt *	chain,
		const unsigned char *	buf,
		size_t	buflen
	)

Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list.

For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence 0 if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing.

PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific '--—{BEGIN/END} CERTIFICATE--—' delimiters.

Parameters

chain	The chain to which to add the parsed certificates.
buf	The buffer holding the certificate data in PEM or DER format. For certificates in PEM encoding, this may be a concatenation of multiple certificates; for DER encoding, the buffer must comprise exactly one certificate.
buflen	The size of `buf`, including the terminating `NULL` byte in case of PEM encoded data.

Returns: 0 if all certificates were parsed successfully.; The (positive) number of certificates that couldn't be parsed if parsing was partly successful (see above).; A negative X509 or PEM error code otherwise.

int mbedtls_x509_crt_parse_der	(	mbedtls_x509_crt *	chain,
		const unsigned char *	buf,
		size_t	buflen
	)

Parse a single DER formatted certificate and add it to the end of the provided chained list.

Parameters

chain	The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of mbedtls_x509_crt initialized through mbedtls_x509_crt_init().
buf	The buffer holding the DER encoded certificate.
buflen	The size in Bytes of `buf`.

Note: This function makes an internal copy of the CRT buffer buf. In particular, buf may be destroyed or reused after this call returns. To avoid duplicating the CRT buffer (at the cost of stricter lifetime constraints), use mbedtls_x509_crt_parse_der_nocopy() instead.

Returns: 0 if successful.; A negative error code on failure.

int mbedtls_x509_crt_parse_der_nocopy	(	mbedtls_x509_crt *	chain,
		const unsigned char *	buf,
		size_t	buflen
	)

Parse a single DER formatted certificate and add it to the end of the provided chained list. This is a variant of mbedtls_x509_crt_parse_der() which takes temporary ownership of the CRT buffer until the CRT is destroyed.

Parameters

chain	The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of mbedtls_x509_crt initialized through mbedtls_x509_crt_init().
buf	The address of the readable buffer holding the DER encoded certificate to use. On success, this buffer must be retained and not be changed for the liftetime of the CRT chain `chain`, that is, until `chain` is destroyed through a call to mbedtls_x509_crt_free().
buflen	The size in Bytes of `buf`.

Note: This call is functionally equivalent to mbedtls_x509_crt_parse_der(), but it avoids creating a copy of the input buffer at the cost of stronger lifetime constraints. This is useful in constrained environments where duplication of the CRT cannot be tolerated.

Returns: 0 if successful.; A negative error code on failure.

int mbedtls_x509_crt_parse_der_with_ext_cb	(	mbedtls_x509_crt *	chain,
		const unsigned char *	buf,
		size_t	buflen,
		int	make_copy,
		mbedtls_x509_crt_ext_cb_t	cb,
		void *	p_ctx
	)

Parse a single DER formatted certificate and add it to the end of the provided chained list.

Parameters

chain	The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of mbedtls_x509_crt initialized through mbedtls_x509_crt_init().
buf	The buffer holding the DER encoded certificate.
buflen	The size in Bytes of `buf`.
make_copy	When not zero this function makes an internal copy of the CRT buffer `buf`. In particular, `buf` may be destroyed or reused after this call returns. When zero this function avoids duplicating the CRT buffer by taking temporary ownership thereof until the CRT is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
cb	A callback invoked for every unsupported certificate extension.
p_ctx	An opaque context passed to the callback.

Note: This call is functionally equivalent to mbedtls_x509_crt_parse_der(), and/or mbedtls_x509_crt_parse_der_nocopy() but it calls the callback with every unsupported certificate extension and additionally the "certificate policies" extension if it contains any unsupported certificate policies. The callback must return a negative error code if it does not know how to handle such an extension. When the callback fails to parse a critical extension mbedtls_x509_crt_parse_der_with_ext_cb() also fails. When the callback fails to parse a non critical extension mbedtls_x509_crt_parse_der_with_ext_cb() simply skips the extension and continues parsing. Future versions of the library may invoke the callback in other cases, if and when the need arises.

Returns: 0 if successful.; A negative error code on failure.

int mbedtls_x509_crt_parse_file	(	mbedtls_x509_crt *	chain,
		const char *	path
	)

Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters

chain	points to the start of the chain
path	filename to read the certificates from

Returns: 0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

int mbedtls_x509_crt_parse_path	(	mbedtls_x509_crt *	chain,
		const char *	path
	)

Load one or more certificate files from a path and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters

chain	points to the start of the chain
path	directory / folder to read the certificate files from

Returns: 0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

void mbedtls_x509_crt_restart_free ( mbedtls_x509_crt_restart_ctx * ctx )

Free the components of a restart context.

void mbedtls_x509_crt_restart_init ( mbedtls_x509_crt_restart_ctx * ctx )

Initialize a restart context.

int mbedtls_x509_crt_verify	(	mbedtls_x509_crt *	crt,
		mbedtls_x509_crt *	trust_ca,
		mbedtls_x509_crl *	ca_crl,
		const char *	cn,
		uint32_t *	flags,
		int()(void , mbedtls_x509_crt , int, uint32_t )	f_vrfy,
		void *	p_vrfy
	)

Verify a chain of certificates.

The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0).

All flags left after returning from the callback are also returned to the application. The function should return 0 for anything (including invalid certificates) other than fatal error, as a non-zero return code immediately aborts the verification process. For fatal errors, a specific error code should be used (different from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR can be used if no better code is available.

Note: In case verification failed, the results can be displayed using mbedtls_x509_crt_verify_info(); Same as mbedtls_x509_crt_verify_with_profile() with the default security profile.; It is your responsibility to provide up-to-date CRLs for all trusted CAs. If no CRL is provided for the CA that was used to sign the certificate, CRL verification is skipped silently, that is without setting any flag.; The trust_ca list can contain two types of certificates: (1) those of trusted root CAs, so that certificates chaining up to those CAs will be trusted, and (2) self-signed end-entity certificates to be trusted (for specific peers you know) - in that case, the self-signed certificate doesn't need to have the CA bit set.

Parameters

crt	The certificate chain to be verified.
trust_ca	The list of trusted CAs.
ca_crl	The list of CRLs for trusted CAs.
cn	The expected Common Name. This will be checked to be present in the certificate's subjectAltNames extension or, if this extension is absent, as a CN component in its Subject name. Currently only DNS names are supported. This may be `NULL` if the CN need not be verified.
flags	The address at which to store the result of the verification. If the verification couldn't be completed, the flag value is set to (uint32_t) -1.
f_vrfy	The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy	The context to be passed to `f_vrfy`.

Returns: 0 if the chain is valid with respect to the passed CN, CAs, CRLs and security profile.; MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the certificate chain verification failed. In this case, *flags will have one or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags set.; Another negative error code in case of a fatal error encountered during the verification process.

int mbedtls_x509_crt_verify_restartable	(	mbedtls_x509_crt *	crt,
		mbedtls_x509_crt *	trust_ca,
		mbedtls_x509_crl *	ca_crl,
		const mbedtls_x509_crt_profile *	profile,
		const char *	cn,
		uint32_t *	flags,
		int()(void , mbedtls_x509_crt , int, uint32_t )	f_vrfy,
		void *	p_vrfy,
		mbedtls_x509_crt_restart_ctx *	rs_ctx
	)

Restartable version of mbedtls_crt_verify_with_profile()

Note: Performs the same job as mbedtls_crt_verify_with_profile() but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking.

Parameters

crt	The certificate chain to be verified.
trust_ca	The list of trusted CAs.
ca_crl	The list of CRLs for trusted CAs.
profile	The security profile to use for the verification.
cn	The expected Common Name. This may be `NULL` if the CN need not be verified.
flags	The address at which to store the result of the verification. If the verification couldn't be completed, the flag value is set to (uint32_t) -1.
f_vrfy	The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy	The context to be passed to `f_vrfy`.
rs_ctx	The restart context to use. This may be set to `NULL` to disable restartable ECC.

Returns: See mbedtls_crt_verify_with_profile(), or; MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see mbedtls_ecp_set_max_ops().

int mbedtls_x509_crt_verify_with_ca_cb	(	mbedtls_x509_crt *	crt,
		mbedtls_x509_crt_ca_cb_t	f_ca_cb,
		void *	p_ca_cb,
		const mbedtls_x509_crt_profile *	profile,
		const char *	cn,
		uint32_t *	flags,
		int()(void , mbedtls_x509_crt , int, uint32_t )	f_vrfy,
		void *	p_vrfy
	)

Version of mbedtls_x509_crt_verify_with_profile() which uses a callback to acquire the list of trusted CA certificates.

Parameters

crt	The certificate chain to be verified.
f_ca_cb	The callback to be used to query for potential signers of a given child certificate. See the documentation of mbedtls_x509_crt_ca_cb_t for more information.
p_ca_cb	The opaque context to be passed to `f_ca_cb`.
profile	The security profile for the verification.
cn	The expected Common Name. This may be `NULL` if the CN need not be verified.
flags	The address at which to store the result of the verification. If the verification couldn't be completed, the flag value is set to (uint32_t) -1.
f_vrfy	The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy	The context to be passed to `f_vrfy`.

Returns: See mbedtls_crt_verify_with_profile().

int mbedtls_x509_crt_verify_with_profile	(	mbedtls_x509_crt *	crt,
		mbedtls_x509_crt *	trust_ca,
		mbedtls_x509_crl *	ca_crl,
		const mbedtls_x509_crt_profile *	profile,
		const char *	cn,
		uint32_t *	flags,
		int()(void , mbedtls_x509_crt , int, uint32_t )	f_vrfy,
		void *	p_vrfy
	)

Verify a chain of certificates with respect to a configurable security profile.

Note: Same as mbedtls_x509_crt_verify(), but with explicit security profile.; The restrictions on keys (RSA minimum size, allowed curves for ECDSA) apply to all certificates: trusted root, intermediate CAs if any, and end entity certificate.

Parameters

crt	The certificate chain to be verified.
trust_ca	The list of trusted CAs.
ca_crl	The list of CRLs for trusted CAs.
profile	The security profile to use for the verification.
cn	The expected Common Name. This may be `NULL` if the CN need not be verified.
flags	The address at which to store the result of the verification. If the verification couldn't be completed, the flag value is set to (uint32_t) -1.
f_vrfy	The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy	The context to be passed to `f_vrfy`.

Returns: 0 if the chain is valid with respect to the passed CN, CAs, CRLs and security profile.; MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the certificate chain verification failed. In this case, *flags will have one or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags set.; Another negative error code in case of a fatal error encountered during the verification process.

void mbedtls_x509_csr_free ( mbedtls_x509_csr * csr )

Unallocate all CSR data.

Parameters

csr	CSR to free

void mbedtls_x509_csr_init ( mbedtls_x509_csr * csr )

Initialize a CSR.

Parameters

csr	CSR to initialize

int mbedtls_x509_csr_parse	(	mbedtls_x509_csr *	csr,
		const unsigned char *	buf,
		size_t	buflen
	)

Load a Certificate Signing Request (CSR), DER or PEM format.

Note: See notes for mbedtls_x509_csr_parse_der()

Parameters

csr	CSR context to fill
buf	buffer holding the CRL data
buflen	size of the buffer (including the terminating null byte for PEM data)

Returns: 0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_csr_parse_der	(	mbedtls_x509_csr *	csr,
		const unsigned char *	buf,
		size_t	buflen
	)

Load a Certificate Signing Request (CSR) in DER format.

Note: CSR attributes (if any) are currently silently ignored.

Parameters

csr	CSR context to fill
buf	buffer holding the CRL data
buflen	size of the buffer

Returns: 0 if successful, or a specific X509 error code

int mbedtls_x509_csr_parse_file	(	mbedtls_x509_csr *	csr,
		const char *	path
	)

Load a Certificate Signing Request (CSR)

Note: See notes for mbedtls_x509_csr_parse()

Parameters

csr	CSR context to fill
path	filename to read the CSR from

Returns: 0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_parse_subject_alt_name	(	const mbedtls_x509_buf *	san_buf,
		mbedtls_x509_subject_alternative_name *	san
	)

This function parses an item in the SubjectAlternativeNames extension.

Parameters

san_buf	The buffer holding the raw data item of the subject alternative name.
san	The target structure to populate with the parsed presentation of the subject alternative name encoded in `san_raw`.

Note: Only "dnsName" and "otherName" of type hardware_module_name as defined in RFC 4180 is supported.; This function should be called on a single raw data of subject alternative name. For example, after successful certificate parsing, one must iterate on every item in the crt->subject_alt_names sequence, and pass it to this function.

Warning: The target structure contains pointers to the raw data of the parsed certificate, and its lifetime is restricted by the lifetime of the certificate.

Returns: 0 on success; MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported SAN type.; Another negative value for any other failure.

Variable Documentation

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default

Default security profile. Should provide a good balance between security and compatibility with current deployments.

This profile permits:

SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
Elliptic curves with 255 bits and above except secp256k1.
RSA with 2048 bits and above.

New minor versions of Mbed TLS may extend this profile, for example if new algorithms are added to the library. New minor versions of Mbed TLS will not reduce this profile unless serious security concerns require it.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next

Expected next default profile. Recommended for new deployments. Currently targets a 128-bit security level, except for allowing RSA-2048. This profile may change at any time.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none

Empty profile that allows nothing. Useful as a basis for constructing custom profiles.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb

NSA Suite B profile.

Data Structures

Macros

X509 Error codes

X509 Verify codes

Structures for parsing X.509 certificates, CRLs and CSRs

Structures and functions for parsing CRLs

Structures and functions for parsing and writing X.509 certificates

Structures and functions for X.509 Certificate Signing Requests (CSR)

Detailed Description

Macro Definition Documentation

Typedef Documentation

Function Documentation

Variable Documentation