X.509 certificate signing request parsing and writing. More...
Include dependency graph for x509_csr.h:
Go to the source code of this file.
Data Structures | |
| struct | mbedtls_x509_csr |
| struct | mbedtls_x509write_csr |
Functions | |
| void | mbedtls_x509write_csr_init (mbedtls_x509write_csr *ctx) |
| Initialize a CSR context. More... | |
| int | mbedtls_x509write_csr_set_subject_name (mbedtls_x509write_csr *ctx, const char *subject_name) |
| Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1". More... | |
| void | mbedtls_x509write_csr_set_key (mbedtls_x509write_csr *ctx, mbedtls_pk_context *key) |
| Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it) More... | |
| void | mbedtls_x509write_csr_set_md_alg (mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg) |
| Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1) More... | |
| int | mbedtls_x509write_csr_set_key_usage (mbedtls_x509write_csr *ctx, unsigned char key_usage) |
| Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) More... | |
| int | mbedtls_x509write_csr_set_ns_cert_type (mbedtls_x509write_csr *ctx, unsigned char ns_cert_type) |
| Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) More... | |
| int | mbedtls_x509write_csr_set_extension (mbedtls_x509write_csr *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len) |
| Generic function to add to or replace an extension in the CSR. More... | |
| void | mbedtls_x509write_csr_free (mbedtls_x509write_csr *ctx) |
| Free the contents of a CSR context. More... | |
| int | mbedtls_x509write_csr_der (mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. More... | |
| int | mbedtls_x509write_csr_pem (mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Write a CSR (Certificate Signing Request) to a PEM string. More... | |
Structures and functions for X.509 Certificate Signing Requests (CSR) | |
| typedef struct mbedtls_x509_csr | mbedtls_x509_csr |
| typedef struct mbedtls_x509write_csr | mbedtls_x509write_csr |
| int | mbedtls_x509_csr_parse_der (mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen) |
| Load a Certificate Signing Request (CSR) in DER format. More... | |
| int | mbedtls_x509_csr_parse (mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen) |
| Load a Certificate Signing Request (CSR), DER or PEM format. More... | |
| int | mbedtls_x509_csr_parse_file (mbedtls_x509_csr *csr, const char *path) |
| Load a Certificate Signing Request (CSR) More... | |
| void | mbedtls_x509_csr_init (mbedtls_x509_csr *csr) |
| Initialize a CSR. More... | |
| void | mbedtls_x509_csr_free (mbedtls_x509_csr *csr) |
| Unallocate all CSR data. More... | |
Detailed Description
X.509 certificate signing request parsing and writing.
Definition in file x509_csr.h.
Function Documentation
| int mbedtls_x509write_csr_der | ( | mbedtls_x509write_csr * | ctx, |
| unsigned char * | buf, | ||
| size_t | size, | ||
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
- Parameters
-
ctx CSR to write away buf buffer to write to size size of the buffer f_rng RNG function. This must not be NULL.p_rng RNG parameter
- Returns
- length of data written if successful, or a specific error code
- Note
f_rngis used for the signature operation.
| void mbedtls_x509write_csr_free | ( | mbedtls_x509write_csr * | ctx | ) |
Free the contents of a CSR context.
- Parameters
-
ctx CSR context to free
| void mbedtls_x509write_csr_init | ( | mbedtls_x509write_csr * | ctx | ) |
Initialize a CSR context.
- Parameters
-
ctx CSR context to initialize
| int mbedtls_x509write_csr_pem | ( | mbedtls_x509write_csr * | ctx, |
| unsigned char * | buf, | ||
| size_t | size, | ||
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Write a CSR (Certificate Signing Request) to a PEM string.
- Parameters
-
ctx CSR to write away buf buffer to write to size size of the buffer f_rng RNG function. This must not be NULL.p_rng RNG parameter
- Returns
- 0 if successful, or a specific error code
- Note
f_rngis used for the signature operation.
| int mbedtls_x509write_csr_set_extension | ( | mbedtls_x509write_csr * | ctx, |
| const char * | oid, | ||
| size_t | oid_len, | ||
| int | critical, | ||
| const unsigned char * | val, | ||
| size_t | val_len | ||
| ) |
Generic function to add to or replace an extension in the CSR.
- Parameters
-
ctx CSR context to use oid OID of the extension oid_len length of the OID critical Set to 1 to mark the extension as critical, 0 otherwise. val value of the extension OCTET STRING val_len length of the value data
- Returns
- 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
| void mbedtls_x509write_csr_set_key | ( | mbedtls_x509write_csr * | ctx, |
| mbedtls_pk_context * | key | ||
| ) |
Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it)
- Parameters
-
ctx CSR context to use key Asymetric key to include
| int mbedtls_x509write_csr_set_key_usage | ( | mbedtls_x509write_csr * | ctx, |
| unsigned char | key_usage | ||
| ) |
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- Parameters
-
ctx CSR context to use key_usage key usage flags to set
- Returns
- 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- Note
- The
decipherOnlyflag from the Key Usage extension is represented by bit 8 (i.e.0x8000), which cannot typically be represented in an unsigned char. Therefore, the flagdecipherOnly(i.e. MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this function.
| void mbedtls_x509write_csr_set_md_alg | ( | mbedtls_x509write_csr * | ctx, |
| mbedtls_md_type_t | md_alg | ||
| ) |
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
- Parameters
-
ctx CSR context to use md_alg MD algorithm to use
| int mbedtls_x509write_csr_set_ns_cert_type | ( | mbedtls_x509write_csr * | ctx, |
| unsigned char | ns_cert_type | ||
| ) |
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- Parameters
-
ctx CSR context to use ns_cert_type Netscape Cert Type flags to set
- Returns
- 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
| int mbedtls_x509write_csr_set_subject_name | ( | mbedtls_x509write_csr * | ctx, |
| const char * | subject_name | ||
| ) |
Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1".
- Parameters
-
ctx CSR context to use subject_name subject name to set
- Returns
- 0 if subject name was parsed successfully, or a specific error code
