Mbed OS Reference
Loading...
Searching...
No Matches
Data Fields
mbedtls_x509_crt Struct Reference
Public API » Cryptography » Mbed TLS » X.509

Container for an X.509 certificate. More...

#include <x509_crt.h>

Data Fields

int own_buffer
 Indicates if raw is owned by the structure or not. More...
 
mbedtls_x509_buf raw
 The raw certificate data (DER). More...
 
mbedtls_x509_buf tbs
 The raw certificate body (DER). More...
 
int version
 The X.509 version. More...
 
mbedtls_x509_buf serial
 Unique id for certificate issued by a specific CA. More...
 
mbedtls_x509_buf sig_oid
 Signature algorithm, e.g. More...
 
mbedtls_x509_buf issuer_raw
 The raw issuer data (DER). More...
 
mbedtls_x509_buf subject_raw
 The raw subject data (DER). More...
 
mbedtls_x509_name issuer
 The parsed issuer data (named information object). More...
 
mbedtls_x509_name subject
 The parsed subject data (named information object). More...
 
mbedtls_x509_time valid_from
 Start time of certificate validity. More...
 
mbedtls_x509_time valid_to
 End time of certificate validity. More...
 
mbedtls_pk_context pk
 Container for the public key context. More...
 
mbedtls_x509_buf issuer_id
 Optional X.509 v2/v3 issuer unique identifier. More...
 
mbedtls_x509_buf subject_id
 Optional X.509 v2/v3 subject unique identifier. More...
 
mbedtls_x509_buf v3_ext
 Optional X.509 v3 extensions. More...
 
mbedtls_x509_sequence subject_alt_names
 Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). More...
 
mbedtls_x509_sequence certificate_policies
 Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). More...
 
int ext_types
 Bit string containing detected and parsed extensions. More...
 
int ca_istrue
 Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. More...
 
int max_pathlen
 Optional Basic Constraint extension value: The maximum path length to the root certificate. More...
 
unsigned int key_usage
 Optional key usage extension value: See the values in x509.h. More...
 
mbedtls_x509_sequence ext_key_usage
 Optional list of extended key usage OIDs. More...
 
unsigned char ns_cert_type
 Optional Netscape certificate type extension value: See the values in x509.h. More...
 
mbedtls_x509_buf sig
 Signature: hash of the tbs part signed with the private key. More...
 
mbedtls_md_type_t sig_md
 Internal representation of the MD algorithm of the signature algorithm, e.g. More...
 
mbedtls_pk_type_t sig_pk
 Internal representation of the Public Key algorithm of the signature algorithm, e.g. More...
 
void * sig_opts
 Signature options to be passed to mbedtls_pk_verify_ext(), e.g. More...
 
struct mbedtls_x509_crtnext
 Next certificate in the CA-chain. More...
 

Detailed Description

Container for an X.509 certificate.

The certificate may be chained.

Definition at line 52 of file x509_crt.h.

Field Documentation

◆ own_buffer

int own_buffer

Indicates if raw is owned by the structure or not.


Definition at line 54 of file x509_crt.h.

◆ raw

mbedtls_x509_buf raw

The raw certificate data (DER).

Definition at line 56 of file x509_crt.h.

◆ tbs

mbedtls_x509_buf tbs

The raw certificate body (DER).

The part that is To Be Signed.

Definition at line 57 of file x509_crt.h.

◆ version

int version

The X.509 version.

(1=v1, 2=v2, 3=v3)

Definition at line 59 of file x509_crt.h.

◆ serial

mbedtls_x509_buf serial

Unique id for certificate issued by a specific CA.

Definition at line 60 of file x509_crt.h.

◆ sig_oid

mbedtls_x509_buf sig_oid

Signature algorithm, e.g.

sha1RSA

Definition at line 61 of file x509_crt.h.

◆ issuer_raw

mbedtls_x509_buf issuer_raw

The raw issuer data (DER).

Used for quick comparison.

Definition at line 63 of file x509_crt.h.

◆ subject_raw

mbedtls_x509_buf subject_raw

The raw subject data (DER).

Used for quick comparison.

Definition at line 64 of file x509_crt.h.

◆ issuer

mbedtls_x509_name issuer

The parsed issuer data (named information object).

Definition at line 66 of file x509_crt.h.

◆ subject

mbedtls_x509_name subject

The parsed subject data (named information object).

Definition at line 67 of file x509_crt.h.

◆ valid_from

mbedtls_x509_time valid_from

Start time of certificate validity.

Definition at line 69 of file x509_crt.h.

◆ valid_to

mbedtls_x509_time valid_to

End time of certificate validity.

Definition at line 70 of file x509_crt.h.

◆ pk

mbedtls_pk_context pk

Container for the public key context.

Definition at line 73 of file x509_crt.h.

◆ issuer_id

mbedtls_x509_buf issuer_id

Optional X.509 v2/v3 issuer unique identifier.

Definition at line 75 of file x509_crt.h.

◆ subject_id

mbedtls_x509_buf subject_id

Optional X.509 v2/v3 subject unique identifier.

Definition at line 76 of file x509_crt.h.

◆ v3_ext

mbedtls_x509_buf v3_ext

Optional X.509 v3 extensions.


Definition at line 77 of file x509_crt.h.

◆ subject_alt_names

mbedtls_x509_sequence subject_alt_names

Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed).

Definition at line 78 of file x509_crt.h.

◆ certificate_policies

mbedtls_x509_sequence certificate_policies

Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).

Definition at line 80 of file x509_crt.h.

◆ ext_types

int ext_types

Bit string containing detected and parsed extensions.

Definition at line 82 of file x509_crt.h.

◆ ca_istrue

int ca_istrue

Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.

Definition at line 83 of file x509_crt.h.

◆ max_pathlen

int max_pathlen

Optional Basic Constraint extension value: The maximum path length to the root certificate.

Path length is 1 higher than RFC 5280 'meaning', so 1+

Definition at line 84 of file x509_crt.h.

◆ key_usage

unsigned int key_usage

Optional key usage extension value: See the values in x509.h.

Definition at line 86 of file x509_crt.h.

◆ ext_key_usage

mbedtls_x509_sequence ext_key_usage

Optional list of extended key usage OIDs.

Definition at line 88 of file x509_crt.h.

◆ ns_cert_type

unsigned char ns_cert_type

Optional Netscape certificate type extension value: See the values in x509.h.

Definition at line 90 of file x509_crt.h.

◆ sig

mbedtls_x509_buf sig

Signature: hash of the tbs part signed with the private key.

Definition at line 92 of file x509_crt.h.

◆ sig_md

mbedtls_md_type_t sig_md

Internal representation of the MD algorithm of the signature algorithm, e.g.

MBEDTLS_MD_SHA256

Definition at line 93 of file x509_crt.h.

◆ sig_pk

mbedtls_pk_type_t sig_pk

Internal representation of the Public Key algorithm of the signature algorithm, e.g.

MBEDTLS_PK_RSA

Definition at line 94 of file x509_crt.h.

◆ sig_opts

void* sig_opts

Signature options to be passed to mbedtls_pk_verify_ext(), e.g.

for RSASSA-PSS

Definition at line 95 of file x509_crt.h.

◆ next

struct mbedtls_x509_crt* next

Next certificate in the CA-chain.

Definition at line 97 of file x509_crt.h.