Group x509_module

group x509_module

The X.509 module provides X.509 support for reading, writing and verification of certificates. In summary:

X.509 certificate (CRT) reading (see mbedtls_x509_crt_parse(), mbedtls_x509_crt_parse_der(), mbedtls_x509_crt_parse_file()).
X.509 certificate revocation list (CRL) reading (see mbedtls_x509_crl_parse(), mbedtls_x509_crl_parse_der(), and mbedtls_x509_crl_parse_file()).
X.509 certificate signature verification (see mbedtls_x509_crt_verify() and mbedtls_x509_crt_verify_with_profile().
X.509 certificate writing and certificate request writing (see mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der()).

This module can be used to build a certificate authority (CA) chain and verify its signature. It is also used to generate Certificate Signing Requests and X.509 certificates just as a CA would do.

X509 Error codes

MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE: Unavailable feature, e.g. RSA hashing/encryption combination.

MBEDTLS_ERR_X509_UNKNOWN_OID: Requested OID is unknown.

MBEDTLS_ERR_X509_INVALID_FORMAT: The CRT/CRL/CSR format is invalid, e.g. different type expected.

MBEDTLS_ERR_X509_INVALID_VERSION: The CRT/CRL/CSR version element is invalid.

MBEDTLS_ERR_X509_INVALID_SERIAL: The serial tag or value is invalid.

MBEDTLS_ERR_X509_INVALID_ALG: The algorithm tag or value is invalid.

MBEDTLS_ERR_X509_INVALID_NAME: The name tag or value is invalid.

MBEDTLS_ERR_X509_INVALID_DATE: The date tag or value is invalid.

MBEDTLS_ERR_X509_INVALID_SIGNATURE: The signature tag or value invalid.

MBEDTLS_ERR_X509_INVALID_EXTENSIONS: The extension tag or value is invalid.

MBEDTLS_ERR_X509_UNKNOWN_VERSION: CRT/CRL/CSR has an unsupported version number.

MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG: Signature algorithm (oid) is unsupported.

MBEDTLS_ERR_X509_SIG_MISMATCH: Signature algorithms do not match. (see mbedtls_x509_crt sig_oid)

MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: Certificate verification failed, e.g. CRL, CA or signature check failed.

MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT: Format not recognized as DER or PEM.

MBEDTLS_ERR_X509_BAD_INPUT_DATA: Input invalid.

MBEDTLS_ERR_X509_ALLOC_FAILED: Allocation of memory failed.

MBEDTLS_ERR_X509_FILE_IO_ERROR: Read/write of file failed.

MBEDTLS_ERR_X509_BUFFER_TOO_SMALL: Destination buffer is too small.

MBEDTLS_ERR_X509_FATAL_ERROR: A fatal error occurred, eg the chain is too long or the vrfy callback failed.

X509 Verify codes

MBEDTLS_X509_BADCERT_EXPIRED: The certificate validity has expired.

MBEDTLS_X509_BADCERT_REVOKED: The certificate has been revoked (is on a CRL).

MBEDTLS_X509_BADCERT_CN_MISMATCH: The certificate Common Name (CN) does not match with the expected CN.

MBEDTLS_X509_BADCERT_NOT_TRUSTED: The certificate is not correctly signed by the trusted CA.

MBEDTLS_X509_BADCRL_NOT_TRUSTED: The CRL is not correctly signed by the trusted CA.

MBEDTLS_X509_BADCRL_EXPIRED: The CRL is expired.

MBEDTLS_X509_BADCERT_MISSING: Certificate was missing.

MBEDTLS_X509_BADCERT_SKIP_VERIFY: Certificate verification was skipped.

MBEDTLS_X509_BADCERT_OTHER: Other reason (can be used by verify callback)

MBEDTLS_X509_BADCERT_FUTURE: The certificate validity starts in the future.

MBEDTLS_X509_BADCRL_FUTURE: The CRL is from the future

MBEDTLS_X509_BADCERT_KEY_USAGE: Usage does not match the keyUsage extension.

MBEDTLS_X509_BADCERT_EXT_KEY_USAGE: Usage does not match the extendedKeyUsage extension.

MBEDTLS_X509_BADCERT_NS_CERT_TYPE: Usage does not match the nsCertType extension.

MBEDTLS_X509_BADCERT_BAD_MD: The certificate is signed with an unacceptable hash.

MBEDTLS_X509_BADCERT_BAD_PK: The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).

MBEDTLS_X509_BADCERT_BAD_KEY: The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

MBEDTLS_X509_BADCRL_BAD_MD: The CRL is signed with an unacceptable hash.

MBEDTLS_X509_BADCRL_BAD_PK: The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).

MBEDTLS_X509_BADCRL_BAD_KEY: The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

Structures for parsing X.509 certificates, CRLs and CSRs

typedef mbedtls_asn1_buf mbedtls_x509_buf: Type-length-value structure that allows for ASN1 using DER.

typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring: Container for ASN1 bit strings.

typedef mbedtls_asn1_named_data mbedtls_x509_name: Container for ASN1 named information objects. It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).

typedef mbedtls_asn1_sequence mbedtls_x509_sequence: Container for a sequence of ASN.1 items

typedef struct mbedtls_x509_authority mbedtls_x509_authority

typedef struct mbedtls_x509_time mbedtls_x509_time: Container for date and time (precision in seconds).

typedef struct mbedtls_x509_san_other_name mbedtls_x509_san_other_name

From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }

Future versions of the library may add new fields to this structure or to its embedded union and structure.

typedef struct mbedtls_x509_subject_alternative_name mbedtls_x509_subject_alternative_name

A structure for holding the parsed Subject Alternative Name, according to type.

Future versions of the library may add new fields to this structure or to its embedded union and structure.

typedef struct mbedtls_x509_san_list mbedtls_x509_san_list

Structures and functions for parsing CRLs

typedef struct mbedtls_x509_crl_entry mbedtls_x509_crl_entry

Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

typedef struct mbedtls_x509_crl mbedtls_x509_crl: Certificate revocation list structure. Every CRL may have multiple entries.

int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)

Parse a DER-encoded CRL and append it to the chained list.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

chain – points to the start of the chain
buf – buffer holding the CRL data in DER format
buflen – size of the buffer (including the terminating null byte for PEM data)

Returns

0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)

Parse one or more CRLs and append them to the chained list.

Note

Multiple CRLs are accepted only if using PEM format

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

chain – points to the start of the chain
buf – buffer holding the CRL data in PEM or DER format
buflen – size of the buffer (including the terminating null byte for PEM data)

Returns

0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)

Load one or more CRLs and append them to the chained list.

Note

Multiple CRLs are accepted only if using PEM format

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

chain – points to the start of the chain
path – filename to read the CRLs from (in PEM or DER encoding)

Returns

0 if successful, or a specific X509 or PEM error code

void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)

Initialize a CRL (chain)

Parameters: crl – CRL chain to initialize

void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)

Unallocate all CRL data.

Parameters: crl – CRL chain to free

Structures and functions for parsing and writing X.509 certificates

typedef struct mbedtls_x509_crt mbedtls_x509_crt

Container for an X.509 certificate. The certificate may be chained.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

typedef struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile

Security profile for certificate verification.

All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().

The fields of this structure are part of the public API and can be manipulated directly by applications. Future versions of the library may add extra fields or reorder existing fields.

You can create custom profiles by starting from a copy of an existing profile, such as mbedtls_x509_crt_profile_default or mbedtls_x509_ctr_profile_none and then tune it to your needs.

For example to allow SHA-224 in addition to the default:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );

Or to allow only RSA-3072+ with SHA-256:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); my_profile.rsa_min_bitlen = 3072;

typedef struct mbedtls_x509write_cert mbedtls_x509write_cert: Container for writing a certificate (CRT)

typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)

The type of certificate extension callbacks.

            Callbacks of this type are passed to and used by the
            mbedtls_x509_crt_parse_der_with_ext_cb() routine when
            it encounters either an unsupported extension or a
            "certificate policies" extension containing any
            unsupported certificate policies.
            Future versions of the library may invoke the callback
            in other cases, if and when the need arises.

Note

The callback must fail and return a negative error code if it can not parse or does not support the extension. When the callback fails to parse a critical extension mbedtls_x509_crt_parse_der_with_ext_cb() also fails. When the callback fails to parse a non critical extension mbedtls_x509_crt_parse_der_with_ext_cb() simply skips the extension and continues parsing.

Param p_ctx: An opaque context passed to the callback.
Param crt: The certificate being parsed.
Param oid: The OID of the extension.
Param critical: Whether the extension is critical.
Param p: Pointer to the start of the extension value (the content of the OCTET STRING).
Param end: End of extension value.
Return: 0 on success.
Return: A negative error code on failure.

typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)

The type of trusted certificate callbacks.

                 Callbacks of this type are passed to and used by the CRT
                 verification routine mbedtls_x509_crt_verify_with_ca_cb()
                 when looking for trusted signers of a given certificate.

                 On success, the callback returns a list of trusted
                 certificates to be considered as potential signers
                 for the input certificate.

Note

The callback must only return a non-zero value on a fatal error. If, in contrast, the search for a potential signer completes without a single candidate, the callback must return 0 and set *candidate_cas to NULL.

Param p_ctx: An opaque context passed to the callback.
Param child: The certificate for which to search a potential signer. This will point to a readable certificate.
Param candidate_cas: The address at which to store the address of the first entry in the generated linked list of candidate signers. This will not be NULL.
Return: 0 on success. In this case, *candidate_cas points to a heap-allocated linked list of instances of mbedtls_x509_crt, and ownership of this list is passed to the caller.
Return: A negative error code on failure.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default

Default security profile. Should provide a good balance between security and compatibility with current deployments.

This profile permits:

SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
Elliptic curves with 255 bits and above except secp256k1.
RSA with 2048 bits and above.

New minor versions of Mbed TLS may extend this profile, for example if new algorithms are added to the library. New minor versions of Mbed TLS will not reduce this profile unless serious security concerns require it.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next: Expected next default profile. Recommended for new deployments. Currently targets a 128-bit security level, except for allowing RSA-2048. This profile may change at any time.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb: NSA Suite B profile.

const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none: Empty profile that allows nothing. Useful as a basis for constructing custom profiles.

int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list)

Set Subject Alternative Name.

Note

“dnsName”, “uniformResourceIdentifier”, “IP address”, “otherName”, and “DirectoryName”, as defined in RFC 5280, are supported.

Parameters

ctx – Certificate context to use
san_list – List of SAN values

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)

Parse a single DER formatted certificate and add it to the end of the provided chained list.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Note

This function makes an internal copy of the CRT buffer buf. In particular, buf may be destroyed or reused after this call returns. To avoid duplicating the CRT buffer (at the cost of stricter lifetime constraints), use mbedtls_x509_crt_parse_der_nocopy() instead.

Parameters

chain – The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of mbedtls_x509_crt initialized through mbedtls_x509_crt_init().
buf – The buffer holding the DER encoded certificate.
buflen – The size in Bytes of buf.

Returns

0 if successful.

Returns

A negative error code on failure.

int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)

Parse a single DER formatted certificate and add it to the end of the provided chained list.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Note

This call is functionally equivalent to mbedtls_x509_crt_parse_der(), and/or mbedtls_x509_crt_parse_der_nocopy() but it calls the callback with every unsupported certificate extension and additionally the “certificate policies” extension if it contains any unsupported certificate policies. The callback must return a negative error code if it does not know how to handle such an extension. When the callback fails to parse a critical extension mbedtls_x509_crt_parse_der_with_ext_cb() also fails. When the callback fails to parse a non critical extension mbedtls_x509_crt_parse_der_with_ext_cb() simply skips the extension and continues parsing. Future versions of the library may invoke the callback in other cases, if and when the need arises.

Parameters

chain – The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of mbedtls_x509_crt initialized through mbedtls_x509_crt_init().
buf – The buffer holding the DER encoded certificate.
buflen – The size in Bytes of buf.
make_copy – When not zero this function makes an internal copy of the CRT buffer buf. In particular, buf may be destroyed or reused after this call returns. When zero this function avoids duplicating the CRT buffer by taking temporary ownership thereof until the CRT is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
cb – A callback invoked for every unsupported certificate extension.
p_ctx – An opaque context passed to the callback.

Returns

0 if successful.

Returns

A negative error code on failure.

int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)

Parse a single DER formatted certificate and add it to the end of the provided chained list. This is a variant of mbedtls_x509_crt_parse_der() which takes temporary ownership of the CRT buffer until the CRT is destroyed.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Note

This call is functionally equivalent to mbedtls_x509_crt_parse_der(), but it avoids creating a copy of the input buffer at the cost of stronger lifetime constraints. This is useful in constrained environments where duplication of the CRT cannot be tolerated.

Parameters

chain – The pointer to the start of the CRT chain to attach to. When parsing the first CRT in a chain, this should point to an instance of mbedtls_x509_crt initialized through mbedtls_x509_crt_init().
buf – The address of the readable buffer holding the DER encoded certificate to use. On success, this buffer must be retained and not be changed for the lifetime of the CRT chain chain, that is, until chain is destroyed through a call to mbedtls_x509_crt_free().
buflen – The size in Bytes of buf.

Returns

0 if successful.

Returns

A negative error code on failure.

int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)

Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list.

For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence 0 if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing.

PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific ‘–—{BEGIN/END} CERTIFICATE–—’ delimiters.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

chain – The chain to which to add the parsed certificates.
buf – The buffer holding the certificate data in PEM or DER format. For certificates in PEM encoding, this may be a concatenation of multiple certificates; for DER encoding, the buffer must comprise exactly one certificate.
buflen – The size of buf, including the terminating NULL byte in case of PEM encoded data.

Returns

0 if all certificates were parsed successfully.

Returns

The (positive) number of certificates that couldn’t be parsed if parsing was partly successful (see above).

Returns

A negative X509 or PEM error code otherwise.

int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)

Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

chain – points to the start of the chain
path – filename to read the certificates from

Returns

0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)

Load one or more certificate files from a path and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.

Parameters

chain – points to the start of the chain
path – directory / folder to read the certificate files from

Returns

0 if all certificates parsed successfully, a positive number if partly successful or a specific X509 or PEM error code

int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int (*f_vrfy)(void*, mbedtls_x509_crt*, int, uint32_t*), void *p_vrfy)

Verify a chain of certificates.

            The verify callback is a user-supplied callback that
            can clear / modify / add flags for a certificate. If set,
            the verification callback is called for each
            certificate in the chain (from the trust-ca down to the
            presented crt). The parameters for the callback are:
            (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
            int *flags). With the flags representing current flags for
            that specific certificate and the certificate depth from
            the bottom (Peer cert depth = 0).

            All flags left after returning from the callback
            are also returned to the application. The function should
            return 0 for anything (including invalid certificates)
            other than fatal error, as a non-zero return code
            immediately aborts the verification process. For fatal
            errors, a specific error code should be used (different
            from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
            be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
            can be used if no better code is available.

Note

In case verification failed, the results can be displayed using mbedtls_x509_crt_verify_info()

Note

Same as mbedtls_x509_crt_verify_with_profile() with the default security profile.

Note

It is your responsibility to provide up-to-date CRLs for all trusted CAs. If no CRL is provided for the CA that was used to sign the certificate, CRL verification is skipped silently, that is without setting any flag.

Note

The trust_ca list can contain two types of certificates: (1) those of trusted root CAs, so that certificates chaining up to those CAs will be trusted, and (2) self-signed end-entity certificates to be trusted (for specific peers you know) - in that case, the self-signed certificate doesn’t need to have the CA bit set.

Parameters

crt – The certificate chain to be verified.
trust_ca – The list of trusted CAs.
ca_crl – The list of CRLs for trusted CAs.
cn – The expected Common Name. This will be checked to be present in the certificate’s subjectAltNames extension or, if this extension is absent, as a CN component in its Subject name. DNS names and IP addresses are fully supported, while the URI subtype is partially supported: only exact matching, without any normalization procedures described in 7.4 of RFC5280, will result in a positive URI verification. This may be NULL if the CN need not be verified.
flags – The address at which to store the result of the verification. If the verification couldn’t be completed, the flag value is set to (uint32_t) -1.
f_vrfy – The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy – The context to be passed to f_vrfy.

Returns

0 if the chain is valid with respect to the passed CN, CAs, CRLs and security profile.

Returns

MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the certificate chain verification failed. In this case, *flags will have one or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags set.

Returns

Another negative error code in case of a fatal error encountered during the verification process.

int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int (*f_vrfy)(void*, mbedtls_x509_crt*, int, uint32_t*), void *p_vrfy)

Verify a chain of certificates with respect to a configurable security profile.

Note

Same as mbedtls_x509_crt_verify(), but with explicit security profile.

Note

The restrictions on keys (RSA minimum size, allowed curves for ECDSA) apply to all certificates: trusted root, intermediate CAs if any, and end entity certificate.

Parameters

crt – The certificate chain to be verified.
trust_ca – The list of trusted CAs.
ca_crl – The list of CRLs for trusted CAs.
profile – The security profile to use for the verification.
cn – The expected Common Name. This may be NULL if the CN need not be verified.
flags – The address at which to store the result of the verification. If the verification couldn’t be completed, the flag value is set to (uint32_t) -1.
f_vrfy – The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy – The context to be passed to f_vrfy.

Returns

0 if the chain is valid with respect to the passed CN, CAs, CRLs and security profile.

Returns

MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the certificate chain verification failed. In this case, *flags will have one or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags set.

Returns

Another negative error code in case of a fatal error encountered during the verification process.

int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int (*f_vrfy)(void*, mbedtls_x509_crt*, int, uint32_t*), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)

Restartable version of mbedtls_crt_verify_with_profile()

Note

Performs the same job as mbedtls_crt_verify_with_profile() but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking.

Parameters

crt – The certificate chain to be verified.
trust_ca – The list of trusted CAs.
ca_crl – The list of CRLs for trusted CAs.
profile – The security profile to use for the verification.
cn – The expected Common Name. This may be NULL if the CN need not be verified.
flags – The address at which to store the result of the verification. If the verification couldn’t be completed, the flag value is set to (uint32_t) -1.
f_vrfy – The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy – The context to be passed to f_vrfy.
rs_ctx – The restart context to use. This may be set to NULL to disable restartable ECC.

Returns

See mbedtls_crt_verify_with_profile(), or

Returns

MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see mbedtls_ecp_set_max_ops().

int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int (*f_vrfy)(void*, mbedtls_x509_crt*, int, uint32_t*), void *p_vrfy)

Version of mbedtls_x509_crt_verify_with_profile() which uses a callback to acquire the list of trusted CA certificates.

Parameters

crt – The certificate chain to be verified.
f_ca_cb – The callback to be used to query for potential signers of a given child certificate. See the documentation of mbedtls_x509_crt_ca_cb_t for more information.
p_ca_cb – The opaque context to be passed to f_ca_cb.
profile – The security profile for the verification.
cn – The expected Common Name. This may be NULL if the CN need not be verified.
flags – The address at which to store the result of the verification. If the verification couldn’t be completed, the flag value is set to (uint32_t) -1.
f_vrfy – The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information.
p_vrfy – The context to be passed to f_vrfy.

Returns

See mbedtls_crt_verify_with_profile().

int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)

Check usage of certificate against keyUsage extension.

Note

Except for decipherOnly and encipherOnly, a bit set in the usage argument means this bit MUST be set in the certificate. For decipherOnly and encipherOnly, it means that bit MAY be set.

Note

You should only call this function on leaf certificates, on (intermediate) CAs the keyUsage extension is automatically checked by mbedtls_x509_crt_verify().

Parameters

crt – Leaf certificate used.
usage – Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the certificate to perform an RSA key exchange).

Returns

0 is these uses of the certificate are allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension is present but does not match the usage argument.

int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)

Check usage of certificate against extendedKeyUsage.

Note

Usually only makes sense on leaf certificates.

Parameters

crt – Leaf certificate used.
usage_oid – Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
usage_len – Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).

Returns

0 if this use of the certificate is allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.

int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)

Verify the certificate revocation status.

Parameters

crt – a certificate to be verified
crl – the CRL to verify against

Returns

1 if the certificate is revoked, 0 otherwise

void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)

Initialize a certificate (chain)

Parameters: crt – Certificate chain to initialize

void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)

Unallocate all certificate data.

Parameters: crt – Certificate chain to free

void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx): Initialize a restart context.

void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx): Free the components of a restart context.

static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, int ext_type)

Query certificate for given extension type.

Parameters

ctx – [in] Certificate context to be queried, must not be NULL
ext_type – Extension type being queried for, must be a valid extension type. Must be one of the MBEDTLS_X509_EXT_XXX values

Returns

0 if the given extension type is not present, non-zero otherwise

int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt)

Access the ca_istrue field.

Parameters: crt – [in] Certificate to be queried, must not be NULL
Returns: 1 if this a CA certificate 0 otherwise.
Returns: MBEDTLS_ERR_X509_INVALID_EXTENSIONS if the certificate does not contain the Optional Basic Constraint extension.

MBEDTLS_X509_ID_FLAG(id): Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.

MBEDTLS_X509_CRT_VERSION_1

MBEDTLS_X509_CRT_VERSION_2

MBEDTLS_X509_CRT_VERSION_3

MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN

MBEDTLS_X509_RFC5280_UTC_TIME_LEN

MBEDTLS_X509_MAX_FILE_PATH_LEN

MBEDTLS_X509_CRT_ERROR_INFO_LIST

MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE: Max size of verification chain: end-entity + intermediates + trusted root

Structures and functions for X.509 Certificate Signing Requests (CSR)

typedef struct mbedtls_x509_csr mbedtls_x509_csr

Certificate Signing Request (CSR) structure.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields point to is unspecified.

typedef struct mbedtls_x509write_csr mbedtls_x509write_csr: Container for writing a CSR

typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)

The type of certificate extension callbacks.

            Callbacks of this type are passed to and used by the
            mbedtls_x509_csr_parse_der_with_ext_cb() routine when
            it encounters either an unsupported extension.
            Future versions of the library may invoke the callback
            in other cases, if and when the need arises.

Note

The callback must fail and return a negative error code if it can not parse or does not support the extension. When the callback fails to parse a critical extension mbedtls_x509_csr_parse_der_with_ext_cb() also fails. When the callback fails to parse a non critical extension mbedtls_x509_csr_parse_der_with_ext_cb() simply skips the extension and continues parsing.

Param p_ctx: An opaque context passed to the callback.
Param csr: The CSR being parsed.
Param oid: The OID of the extension.
Param critical: Whether the extension is critical.
Param p: Pointer to the start of the extension value (the content of the OCTET STRING).
Param end: End of extension value.
Return: 0 on success.
Return: A negative error code on failure.

int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)

Load a Certificate Signing Request (CSR) in DER format.

Note

Any unsupported requested extensions are silently ignored, unless the critical flag is set, in which case the CSR is rejected.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

csr – CSR context to fill
buf – buffer holding the CRL data
buflen – size of the buffer

Returns

0 if successful, or a specific X509 error code

int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen, mbedtls_x509_csr_ext_cb_t cb, void *p_ctx)

Load a Certificate Signing Request (CSR) in DER format.

Note

Any unsupported requested extensions are silently ignored, unless the critical flag is set, in which case the result of the callback function decides whether CSR is rejected.

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

csr – CSR context to fill
buf – buffer holding the CRL data
buflen – size of the buffer
cb – A callback invoked for every unsupported certificate extension.
p_ctx – An opaque context passed to the callback.

Returns

0 if successful, or a specific X509 error code

int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)

Load a Certificate Signing Request (CSR), DER or PEM format.

Note

See notes for mbedtls_x509_csr_parse_der()

Note

If MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto subsystem must have been initialized by calling psa_crypto_init() before calling this function.

Parameters

csr – CSR context to fill
buf – buffer holding the CRL data
buflen – size of the buffer (including the terminating null byte for PEM data)

Returns

0 if successful, or a specific X509 or PEM error code

int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path)

Load a Certificate Signing Request (CSR)

Note

See notes for mbedtls_x509_csr_parse()

Parameters

csr – CSR context to fill
path – filename to read the CSR from

Returns

0 if successful, or a specific X509 or PEM error code

void mbedtls_x509_csr_init(mbedtls_x509_csr *csr)

Initialize a CSR.

Parameters: csr – CSR to initialize

void mbedtls_x509_csr_free(mbedtls_x509_csr *csr)

Unallocate all CSR data.

Parameters: csr – CSR to free

Defines

MBEDTLS_X509_MAX_INTERMEDIATE_CA

Maximum number of intermediate CAs in a verification chain. That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate.

Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.

Functions

void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)

Initialize a CRT writing context.

Parameters: ctx – CRT context to initialize

void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)

Set the version for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.

Parameters

ctx – CRT context to use
version – version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or MBEDTLS_X509_CRT_VERSION_3)

int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, unsigned char *serial, size_t serial_len)

Set the serial number for a Certificate.

Parameters

ctx – CRT context to use
serial – A raw array of bytes containing the serial number in big endian format
serial_len – Length of valid bytes (expressed in bytes) in serial input buffer

Returns

0 if successful, or MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)

int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)

Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e. “YYYYMMDDhhmmss” e.g. “20131231235959” for December 31st 2013 at 23:59:59.

Parameters

ctx – CRT context to use
not_before – not_before timestamp
not_after – not_after timestamp

Returns

0 if timestamp was parsed successfully, or a specific error code

int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)

Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g. “C=UK,O=ARM,CN=Mbed TLS CA”.

Parameters

ctx – CRT context to use
issuer_name – issuer name to set

Returns

0 if issuer name was parsed successfully, or a specific error code

int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)

Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g. “C=UK,O=ARM,CN=Mbed TLS Server 1”.

Parameters

ctx – CRT context to use
subject_name – subject name to set

Returns

0 if subject name was parsed successfully, or a specific error code

void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)

Set the subject public key for the certificate.

Parameters

ctx – CRT context to use
key – public key to include

void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)

Set the issuer key used for signing the certificate.

Parameters

ctx – CRT context to use
key – private key to sign with

void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)

Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)

Parameters

ctx – CRT context to use
md_alg – MD algorithm to use

int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)

Generic function to add to or replace an extension in the CRT.

Parameters

ctx – CRT context to use
oid – OID of the extension
oid_len – length of the OID
critical – if the extension is critical (per the RFC’s definition)
val – value of the extension OCTET STRING
val_len – length of the value data

Returns

0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)

Set the basicConstraints extension for a CRT.

Parameters

ctx – CRT context to use
is_ca – is this a CA certificate
max_pathlen – maximum length of certificate chains below this certificate (only for CA certificates, -1 is unlimited)

Returns

0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)

Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key() has been called before.

Parameters: ctx – CRT context to use
Returns: 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)

Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key() has been called before.

Parameters: ctx – CRT context to use
Returns: 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)

Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)

Parameters

ctx – CRT context to use
key_usage – key usage flags to set

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts)

Set the Extended Key Usage Extension (e.g. MBEDTLS_OID_SERVER_AUTH)

Parameters

ctx – CRT context to use
exts – extended key usage extensions to set, a sequence of MBEDTLS_ASN1_OID objects

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)

Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)

Parameters

ctx – CRT context to use
ns_cert_type – Netscape Cert Type flags to set

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)

Free the contents of a CRT write context.

Parameters: ctx – CRT context to free

int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Note

f_rng is used for the signature operation.

Parameters

ctx – certificate to write away
buf – buffer to write to
size – size of the buffer
f_rng – RNG function. This must not be NULL.
p_rng – RNG parameter

Returns

length of data written if successful, or a specific error code

int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Write a built up certificate to a X509 PEM string.

Note

f_rng is used for the signature operation.

Parameters

ctx – certificate to write away
buf – buffer to write to
size – size of the buffer
f_rng – RNG function. This must not be NULL.
p_rng – RNG parameter

Returns

0 if successful, or a specific error code

void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx)

Initialize a CSR context.

Parameters: ctx – CSR context to initialize

int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, const char *subject_name)

Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. “C=UK,O=ARM,CN=Mbed TLS Server 1”.

Parameters

ctx – CSR context to use
subject_name – subject name to set

Returns

0 if subject name was parsed successfully, or a specific error code

void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key)

Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it)

Parameters

ctx – CSR context to use
key – Asymmetric key to include

void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg)

Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)

Parameters

ctx – CSR context to use
md_alg – MD algorithm to use

int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)

Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)

Note

The decipherOnly flag from the Key Usage extension is represented by bit 8 (i.e. 0x8000), which cannot typically be represented in an unsigned char. Therefore, the flag decipherOnly (i.e. MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this function.

Parameters

ctx – CSR context to use
key_usage – key usage flags to set

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx, const mbedtls_x509_san_list *san_list)

Set Subject Alternative Name.

Note

Only “dnsName”, “uniformResourceIdentifier” and “otherName”, as defined in RFC 5280, are supported.

Parameters

ctx – CSR context to use
san_list – List of SAN values

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, unsigned char ns_cert_type)

Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)

Parameters

ctx – CSR context to use
ns_cert_type – Netscape Cert Type flags to set

Returns

0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)

Generic function to add to or replace an extension in the CSR.

Parameters

ctx – CSR context to use
oid – OID of the extension
oid_len – length of the OID
critical – Set to 1 to mark the extension as critical, 0 otherwise.
val – value of the extension OCTET STRING
val_len – length of the value data

Returns

0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)

Free the contents of a CSR context.

Parameters: ctx – CSR context to free

int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Note

f_rng is used for the signature operation.

Parameters

ctx – CSR to write away
buf – buffer to write to
size – size of the buffer
f_rng – RNG function. This must not be NULL.
p_rng – RNG parameter

Returns

length of data written if successful, or a specific error code

int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Write a CSR (Certificate Signing Request) to a PEM string.

Note

f_rng is used for the signature operation.

Parameters

ctx – CSR to write away
buf – buffer to write to
size – size of the buffer
f_rng – RNG function. This must not be NULL.
p_rng – RNG parameter

Returns

0 if successful, or a specific error code

struct mbedtls_x509_authority: #include <x509.h>

struct mbedtls_x509_time: #include <x509.h>

Container for date and time (precision in seconds).

struct mbedtls_x509_san_other_name

#include <x509.h>

From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }

Future versions of the library may add new fields to this structure or to its embedded union and structure.

struct mbedtls_x509_subject_alternative_name

#include <x509.h>

A structure for holding the parsed Subject Alternative Name, according to type.

Future versions of the library may add new fields to this structure or to its embedded union and structure.

struct mbedtls_x509_san_list: #include <x509.h>

struct mbedtls_x509_crl_entry

#include <x509_crl.h>

Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

struct mbedtls_x509_crl: #include <x509_crl.h>

Certificate revocation list structure. Every CRL may have multiple entries.

struct mbedtls_x509_crt

#include <x509_crt.h>

Container for an X.509 certificate. The certificate may be chained.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields points to is unspecified.

struct mbedtls_x509_crt_profile

#include <x509_crt.h>

Security profile for certificate verification.

All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().

The fields of this structure are part of the public API and can be manipulated directly by applications. Future versions of the library may add extra fields or reorder existing fields.

You can create custom profiles by starting from a copy of an existing profile, such as mbedtls_x509_crt_profile_default or mbedtls_x509_ctr_profile_none and then tune it to your needs.

For example to allow SHA-224 in addition to the default:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );

Or to allow only RSA-3072+ with SHA-256:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); my_profile.rsa_min_bitlen = 3072;

struct mbedtls_x509write_cert: #include <x509_crt.h>

Container for writing a certificate (CRT)

struct mbedtls_x509_crt_verify_chain_item: #include <x509_crt.h>

Item in a verification chain: cert and flags for it

struct mbedtls_x509_crt_verify_chain: #include <x509_crt.h>

Verification chain as built by mbedtls_crt_verify_chain()

struct mbedtls_x509_crt_restart_ctx: #include <x509_crt.h>

Context for resuming X.509 verify operations.

struct mbedtls_x509_csr

#include <x509_csr.h>

Certificate Signing Request (CSR) structure.

Some fields of this structure are publicly readable. Do not modify them except via Mbed TLS library functions: the effect of modifying those fields or the data that those fields point to is unspecified.

struct mbedtls_x509write_csr: #include <x509_csr.h>

Container for writing a CSR