File x509_crl.h
X.509 certificate revocation list parsing.
Structures and functions for parsing CRLs
-
typedef struct mbedtls_x509_crl_entry mbedtls_x509_crl_entry
Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.
Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.
-
typedef struct mbedtls_x509_crl mbedtls_x509_crl
Certificate revocation list structure. Every CRL may have multiple entries.
-
int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse a DER-encoded CRL and append it to the chained list.
Note
If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.
- Parameters
chain – points to the start of the chain
buf – buffer holding the CRL data in DER format
buflen – size of the buffer (including the terminating null byte for PEM data)
- Returns
0 if successful, or a specific X509 or PEM error code
-
int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and append them to the chained list.
Note
Multiple CRLs are accepted only if using PEM format
Note
If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.
- Parameters
chain – points to the start of the chain
buf – buffer holding the CRL data in PEM or DER format
buflen – size of the buffer (including the terminating null byte for PEM data)
- Returns
0 if successful, or a specific X509 or PEM error code
-
int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)
Load one or more CRLs and append them to the chained list.
Note
Multiple CRLs are accepted only if using PEM format
Note
If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.
- Parameters
chain – points to the start of the chain
path – filename to read the CRLs from (in PEM or DER encoding)
- Returns
0 if successful, or a specific X509 or PEM error code
-
void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
Initialize a CRL (chain)
- Parameters
crl – CRL chain to initialize
-
void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
Unallocate all CRL data.
- Parameters
crl – CRL chain to free
-
struct mbedtls_x509_crl_entry
- #include <x509_crl.h>
Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.
Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.
Public Members
-
mbedtls_x509_buf raw
Direct access to the whole entry inside the containing buffer.
-
mbedtls_x509_buf serial
The serial number of the revoked certificate.
-
mbedtls_x509_time revocation_date
The revocation date of this entry.
-
mbedtls_x509_buf entry_ext
Direct access to the list of CRL entry extensions (an ASN.1 constructed sequence).
If there are no extensions,
entry_ext.len == 0
andentry_ext.p == NULL
.
-
struct mbedtls_x509_crl_entry *next
Next element in the linked list of entries.
NULL
indicates the end of the list. Do not modify this field directly.
-
mbedtls_x509_buf raw
-
struct mbedtls_x509_crl
- #include <x509_crl.h>
Certificate revocation list structure. Every CRL may have multiple entries.
Public Members
-
mbedtls_x509_buf raw
The raw certificate data (DER).
-
mbedtls_x509_buf tbs
The raw certificate body (DER). The part that is To Be Signed.
-
int version
CRL version (1=v1, 2=v2)
-
mbedtls_x509_buf sig_oid
CRL signature type identifier
-
mbedtls_x509_buf issuer_raw
The raw issuer data (DER).
-
mbedtls_x509_name issuer
The parsed issuer data (named information object).
-
mbedtls_x509_time this_update
-
mbedtls_x509_time next_update
-
mbedtls_x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
-
mbedtls_x509_buf crl_ext
-
mbedtls_x509_buf private_sig_oid2
-
mbedtls_x509_buf private_sig
-
mbedtls_md_type_t private_sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256
-
mbedtls_pk_type_t private_sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA
-
void *private_sig_opts
Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS
-
struct mbedtls_x509_crl *next
Next element in the linked list of CRL.
NULL
indicates the end of the list. Do not modify this field directly.
-
mbedtls_x509_buf raw