/home/dko/projects/mobilec/trunk/src/security/xyssl-0.9/include/xyssl/x509.h File Reference
#include "xyssl/rsa.h"
Go to the source code of this file.
Data Structures
Defines
#define
OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
#define
OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
Typedefs
Functions
Parse one or more certificates and add them to the chained list.
Load one or more certificates and add them to the chained list.
Parse a private RSA key.
Load and parse a private RSA key.
Store the certificate DN in printable form into buf; no more than (end - buf) characters will be written.
Returns an informational string about the certificate.
Return 0 if the certificate is still valid, or BADCERT_EXPIRED.
Verify the certificate signature.
Unallocate all certificate data.
Checkup routine.
Detailed Description
Definition in file x509.h.
Define Documentation
#define ASN1_BIT_STRING 0x03
#define ASN1_BMP_STRING 0x1E
#define ASN1_BOOLEAN 0x01
#define ASN1_CONSTRUCTED 0x20
#define ASN1_CONTEXT_SPECIFIC 0x80
#define ASN1_IA5_STRING 0x16
#define ASN1_INTEGER 0x02
#define ASN1_OCTET_STRING 0x04
#define ASN1_PRIMITIVE 0x00
#define ASN1_PRINTABLE_STRING 0x13
#define ASN1_SEQUENCE 0x10
#define ASN1_T61_STRING 0x14
#define ASN1_UNIVERSAL_STRING 0x1C
#define ASN1_UTC_TIME 0x17
#define ASN1_UTF8_STRING 0x0C
#define BADCERT_CN_MISMATCH 4
#define BADCERT_EXPIRED 1
#define BADCERT_NOT_TRUSTED 8
#define BADCERT_REVOKED 2
#define OID_CN "\x55\x04\x03"
#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
#define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
#define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
#define OID_X520 "\x55\x04"
#define PEM_LINE_LENGTH 72
#define X509_OUTPUT_DER 0x01
#define X509_OUTPUT_PEM 0x02
#define X509_SUBJECT 0x02
#define X520_COMMON_NAME 3
#define X520_ORGANIZATION 10
#define XYSSL_ERR_ASN1_INVALID_DATA -0x001C
#define XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018
#define XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A
#define XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014
Definition at line 9 of file x509.h.
#define XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016
#define XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
#define XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100
#define XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
#define XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
#define XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
#define XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040
#define XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
#define XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
#define XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
#define XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
#define XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
#define XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
#define XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
#define XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
#define XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
#define XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
#define XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
#define XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
#define XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220
#define XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
#define XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
#define XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
#define XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
#define XYSSL_ERR_X509_POINT_ERROR -0x0300
#define XYSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
Typedef Documentation
Function Documentation
int x509_self_test
(
int
verbose
)
Checkup routine.
- Returns:
- 0 if successful, or 1 if the test failed
Referenced by main().
char* x509parse_cert_info
(
char *
prefix,
)
Returns an informational string about the certificate.
Referenced by main().
Parse one or more certificates and add them to the chained list.
- Parameters:
-
chain points to the start of the chain
buf buffer holding the certificate data
buflen size of the buffer
- Returns:
- 0 if successful, or a specific X509 error code
Referenced by main(), and ssl_test().
Load one or more certificates and add them to the chained list.
- Parameters:
-
chain points to the start of the chain
path filename to read the certificates from
- Returns:
- 0 if successful, or a specific X509 error code
int x509parse_dn_gets
(
char *
buf,
char *
end,
)
Store the certificate DN in printable form into buf; no more than (end - buf) characters will be written.
Return 0 if the certificate is still valid, or BADCERT_EXPIRED.
unsigned char *
buf,
unsigned char *
pwd,
)
Parse a private RSA key.
- Parameters:
-
rsa RSA context to be initialized
buf input buffer
buflen size of the buffer
pwd password for decryption (optional)
pwdlen size of the password
- Returns:
- 0 if successful, or a specific X509 error code
Referenced by main(), and ssl_test().
char *
path,
char *
password
)
Load and parse a private RSA key.
- Parameters:
-
rsa RSA context to be initialized
path filename to read the private key from
pwd password to decrypt the file (can be NULL)
- Returns:
- 0 if successful, or a specific X509 error code
Verify the certificate signature.
- Parameters:
-
crt a certificate to be verified
trust_ca the trusted CA chain
cn expected Common Name (can be set to NULL if the CN must not be verified)
flags result of the verification
- Returns:
- 0 if successful or XYSSL_ERR_X509_SIG_VERIFY_FAILED, in which case *flags will have one or more of the following values set: BADCERT_EXPIRED -- BADCERT_REVOKED -- BADCERT_CN_MISMATCH -- BADCERT_NOT_TRUSTED
- Note:
- TODO: add two arguments, depth and crl