39 #if defined(POLARSSL_X509_PARSE_C)
45 #if defined(POLARSSL_MD2_C)
48 #if defined(POLARSSL_MD4_C)
51 #if defined(POLARSSL_MD5_C)
54 #if defined(POLARSSL_SHA1_C)
57 #if defined(POLARSSL_SHA2_C)
60 #if defined(POLARSSL_SHA4_C)
64 #if defined(POLARSSL_PKCS5_C)
67 #if defined(POLARSSL_PKCS12_C)
79 #if defined(POLARSSL_FS_IO)
82 #include <sys/types.h>
89 #define OID_CMP(oid_str, oid_buf) \
90 ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
91 memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
96 static int x509_get_version(
unsigned char **p,
97 const unsigned char *end,
130 static int x509_crl_get_version(
unsigned char **p,
131 const unsigned char *end,
153 static int x509_get_serial(
unsigned char **p,
154 const unsigned char *end,
159 if( ( end - *p ) < 1 )
168 serial->
tag = *(*p)++;
184 static int x509_get_alg(
unsigned char **p,
185 const unsigned char *end,
229 static int x509_get_attr_type_value(
unsigned char **p,
230 const unsigned char *end,
251 if( ( end - *p ) < 1 )
291 static int x509_get_name(
unsigned char **p,
292 const unsigned char *end,
297 const unsigned char *end_set;
306 end_set = *p + set_len;
308 if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
323 if( cur->
next == NULL )
328 return( x509_get_name( p, end, cur->
next ) );
336 static int x509_get_time(
unsigned char **p,
337 const unsigned char *end,
345 if( ( end - *p ) < 1 )
359 memset( date, 0,
sizeof( date ) );
360 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
361 len :
sizeof( date ) - 1 );
363 if( sscanf( date,
"%2d%2d%2d%2d%2d%2dZ",
368 time->
year += 100 * ( time->
year < 50 );
383 memset( date, 0,
sizeof( date ) );
384 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
385 len :
sizeof( date ) - 1 );
387 if( sscanf( date,
"%4d%2d%2d%2d%2d%2dZ",
406 static int x509_get_dates(
unsigned char **p,
407 const unsigned char *end,
420 if( ( ret = x509_get_time( p, end, from ) ) != 0 )
423 if( ( ret = x509_get_time( p, end, to ) ) != 0 )
438 static int x509_get_pubkey(
unsigned char **p,
439 const unsigned char *end,
447 if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
453 if( pk_alg_oid->
len != 9 ||
462 if( ( end - *p ) < 1 )
481 if( *p + len != end2 )
496 static int x509_get_sig(
unsigned char **p,
497 const unsigned char *end,
503 if( ( end - *p ) < 1 )
513 if( --len < 1 || *(*p)++ != 0 )
527 static int x509_get_uid(
unsigned char **p,
528 const unsigned char *end,
557 static int x509_get_ext(
unsigned char **p,
558 const unsigned char *end,
588 if( end != *p + len )
598 static int x509_get_crl_ext(
unsigned char **p,
599 const unsigned char *end,
606 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
633 static int x509_get_crl_entry_ext(
unsigned char **p,
634 const unsigned char *end,
664 if( end != *p + ext->
len )
684 static int x509_get_basic_constraints(
unsigned char **p,
685 const unsigned char *end,
715 if( *ca_istrue != 0 )
722 if( ( ret =
asn1_get_int( p, end, max_pathlen ) ) != 0 )
734 static int x509_get_ns_cert_type(
unsigned char **p,
735 const unsigned char *end,
736 unsigned char *ns_cert_type)
749 *ns_cert_type = *bs.
p;
753 static int x509_get_key_usage(
unsigned char **p,
754 const unsigned char *end,
755 unsigned char *key_usage)
777 static int x509_get_ext_key_usage(
unsigned char **p,
778 const unsigned char *end,
787 if( ext_key_usage->
buf.
p == NULL )
820 static int x509_get_subject_alt_name(
unsigned char **p,
821 const unsigned char *end,
835 if( *p + len != end )
841 if( ( end - *p ) < 1 )
854 if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
872 if( cur->
next == NULL )
898 static int x509_get_crt_ext(
unsigned char **p,
899 const unsigned char *end,
904 unsigned char *end_ext_data, *end_ext_octet;
906 if( ( ret = x509_get_ext( p, end, &crt->
v3_ext, 3 ) ) != 0 )
929 end_ext_data = *p + len;
940 if( ( end - *p ) < 1 )
945 if( ( ret =
asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
954 end_ext_octet = *p + len;
956 if( end_ext_octet != end_ext_data )
967 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
976 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
985 if( ( ret = x509_get_key_usage( p, end_ext_octet,
994 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1003 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1013 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1034 static int x509_get_entries(
unsigned char **p,
1035 const unsigned char *end,
1054 end = *p + entry_len;
1059 const unsigned char *end2;
1067 cur_entry->
raw.
tag = **p;
1068 cur_entry->
raw.
p = *p;
1069 cur_entry->
raw.
len = len2;
1072 if( ( ret = x509_get_serial( p, end2, &cur_entry->
serial ) ) != 0 )
1075 if( ( ret = x509_get_time( p, end2, &cur_entry->
revocation_date ) ) != 0 )
1078 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->
entry_ext ) ) != 0 )
1085 if( cur_entry->
next == NULL )
1088 cur_entry = cur_entry->
next;
1098 if( sig_oid->
len == 9 &&
1101 if( sig_oid->
p[8] >= 2 && sig_oid->
p[8] <= 5 )
1103 *sig_alg = sig_oid->
p[8];
1107 if ( sig_oid->
p[8] >= 11 && sig_oid->
p[8] <= 14 )
1109 *sig_alg = sig_oid->
p[8];
1115 if( sig_oid->
len == 5 &&
1128 static int x509parse_crt_der_core(
x509_cert *crt,
const unsigned char *buf,
1133 unsigned char *p, *end, *crt_end;
1138 if( crt == NULL || buf == NULL )
1141 p = (
unsigned char *) malloc( len = buflen );
1146 memcpy( p, buf, buflen );
1165 if( len > (
size_t) ( end - p ) )
1195 if( ( ret = x509_get_version( &p, end, &crt->
version ) ) != 0 ||
1196 ( ret = x509_get_serial( &p, end, &crt->
serial ) ) != 0 ||
1197 ( ret = x509_get_alg( &p, end, &crt->
sig_oid1 ) ) != 0 )
1211 if( ( ret = x509_get_sig_alg( &crt->
sig_oid1, &crt->
sig_alg ) ) != 0 )
1229 if( ( ret = x509_get_name( &p, p + len, &crt->
issuer ) ) != 0 )
1243 if( ( ret = x509_get_dates( &p, end, &crt->
valid_from,
1262 if( len && ( ret = x509_get_name( &p, p + len, &crt->
subject ) ) != 0 )
1282 if( ( ret = x509_get_pubkey( &p, p + len, &crt->
pk_oid,
1283 &crt->
rsa.
N, &crt->
rsa.
E ) ) != 0 )
1307 ret = x509_get_uid( &p, end, &crt->
issuer_id, 1 );
1317 ret = x509_get_uid( &p, end, &crt->
subject_id, 2 );
1327 ret = x509_get_crt_ext( &p, end, crt);
1348 if( ( ret = x509_get_alg( &p, end, &crt->
sig_oid2 ) ) != 0 )
1361 if( ( ret = x509_get_sig( &p, end, &crt->
sig ) ) != 0 )
1389 if( crt == NULL || buf == NULL )
1405 if( crt->
next == NULL )
1413 if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
1432 int ret, success = 0, first_error = 0, total_failed = 0;
1438 if( chain == NULL || buf == NULL )
1445 #if defined(POLARSSL_PEM_C)
1446 if( strstr( (
const char *) buf,
"-----BEGIN CERTIFICATE-----" ) != NULL )
1453 #if defined(POLARSSL_PEM_C)
1464 (
char *)
"-----BEGIN CERTIFICATE-----",
1465 (
char *)
"-----END CERTIFICATE-----",
1466 buf, NULL, 0, &use_len );
1490 if( first_error == 0 )
1511 if( first_error == 0 )
1524 return( total_failed );
1525 else if( first_error )
1526 return( first_error );
1538 unsigned char *p, *end;
1540 #if defined(POLARSSL_PEM_C)
1550 if( crl == NULL || buf == NULL )
1563 if( crl->
next == NULL )
1570 memset( crl, 0,
sizeof(
x509_crl ) );
1573 #if defined(POLARSSL_PEM_C)
1576 (
char *)
"-----BEGIN X509 CRL-----",
1577 (
char *)
"-----END X509 CRL-----",
1578 buf, NULL, 0, &use_len );
1606 p = (
unsigned char *) malloc( len = buflen );
1611 memcpy( p, buf, buflen );
1616 p = (
unsigned char *) malloc( len = buflen );
1621 memcpy( p, buf, buflen );
1643 if( len != (
size_t) ( end - p ) )
1671 if( ( ret = x509_crl_get_version( &p, end, &crl->
version ) ) != 0 ||
1672 ( ret = x509_get_alg( &p, end, &crl->
sig_oid1 ) ) != 0 )
1686 if( ( ret = x509_get_sig_alg( &crl->
sig_oid1, &crl->
sig_alg ) ) != 0 )
1704 if( ( ret = x509_get_name( &p, p + len, &crl->
issuer ) ) != 0 )
1716 if( ( ret = x509_get_time( &p, end, &crl->
this_update ) ) != 0 )
1722 if( ( ret = x509_get_time( &p, end, &crl->
next_update ) ) != 0 )
1742 if( ( ret = x509_get_entries( &p, end, &crl->
entry ) ) != 0 )
1754 ret = x509_get_crl_ext( &p, end, &crl->
crl_ext );
1776 if( ( ret = x509_get_alg( &p, end, &crl->
sig_oid2 ) ) != 0 )
1789 if( ( ret = x509_get_sig( &p, end, &crl->
sig ) ) != 0 )
1806 if( crl->
next == NULL )
1813 memset( crl, 0,
sizeof(
x509_crl ) );
1821 #if defined(POLARSSL_FS_IO)
1825 static int load_file(
const char *path,
unsigned char **buf,
size_t *n )
1830 if( ( f = fopen( path,
"rb" ) ) == NULL )
1833 fseek( f, 0, SEEK_END );
1834 if( ( size = ftell( f ) ) == -1 )
1839 fseek( f, 0, SEEK_SET );
1844 ( *buf = (
unsigned char *) malloc( *n + 1 ) ) == NULL )
1850 if( fread( *buf, 1, *n, f ) != *n )
1873 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1878 memset( buf, 0, n + 1 );
1889 WCHAR szDir[MAX_PATH];
1890 char filename[MAX_PATH];
1892 int len = strlen( path );
1894 WIN32_FIND_DATAW file_data;
1897 if( len > MAX_PATH - 3 )
1900 memset( szDir, 0,
sizeof(szDir) );
1901 memset( filename, 0, MAX_PATH );
1902 memcpy( filename, path, len );
1903 filename[len++] =
'\\';
1905 filename[len++] =
'*';
1907 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, MAX_PATH - 3 );
1909 hFind = FindFirstFileW( szDir, &file_data );
1910 if (hFind == INVALID_HANDLE_VALUE)
1913 len = MAX_PATH - len;
1916 memset( p, 0, len );
1918 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1921 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1922 lstrlenW(file_data.cFileName),
1932 while( FindNextFileW( hFind, &file_data ) != 0 );
1934 if (GetLastError() != ERROR_NO_MORE_FILES)
1939 #if defined(POLARSSL_HAVE_READDIR_R)
1942 struct dirent entry, *result = NULL;
1943 char entry_name[255];
1944 DIR *dir = opendir( path );
1949 while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1951 if( result == NULL )
1954 snprintf( entry_name,
sizeof(entry_name),
"%s/%s", path, entry.d_name );
1956 i = stat( entry_name, &sb );
1964 if( !S_ISREG( sb.st_mode ) )
1995 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2000 memset( buf, 0, n + 1 );
2015 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2022 (
unsigned char *) pwd, strlen( pwd ) );
2024 memset( buf, 0, n + 1 );
2039 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2044 memset( buf, 0, n + 1 );
2054 static int x509parse_key_pkcs1_der(
rsa_context *rsa,
2055 const unsigned char *key,
2060 unsigned char *p, *end;
2062 p = (
unsigned char *) key;
2133 static int x509parse_key_pkcs8_unencrypted_der(
2135 const unsigned char *key,
2140 unsigned char *p, *end;
2143 p = (
unsigned char *) key;
2180 if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
2188 if( pk_alg_oid.
len != 9 ||
2200 if( ( end - p ) < 1 )
2208 if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
2217 static int x509parse_key_pkcs8_encrypted_der(
2219 const unsigned char *key,
2221 const unsigned char *pwd,
2226 unsigned char *p, *end, *end2;
2228 unsigned char buf[2048];
2230 memset(buf, 0, 2048);
2232 p = (
unsigned char *) key;
2272 p += pbe_alg_oid.
len;
2278 pbe_params.
len = end2 - p;
2279 p += pbe_params.
len;
2291 #if defined(POLARSSL_PKCS12_C)
2296 pwd, pwdlen, p, len, buf ) ) != 0 )
2308 pwd, pwdlen, p, len, buf ) ) != 0 )
2321 p, len, buf ) ) != 0 )
2334 #if defined(POLARSSL_PKCS5_C)
2338 p, len, buf ) ) != 0 )
2350 return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
2357 const unsigned char *pwd,
size_t pwdlen )
2361 #if defined(POLARSSL_PEM_C)
2367 (
char *)
"-----BEGIN RSA PRIVATE KEY-----",
2368 (
char *)
"-----END RSA PRIVATE KEY-----",
2369 key, pwd, pwdlen, &len );
2372 if( ( ret = x509parse_key_pkcs1_der( rsa, pem.
buf, pem.
buflen ) ) != 0 )
2388 (
char *)
"-----BEGIN PRIVATE KEY-----",
2389 (
char *)
"-----END PRIVATE KEY-----",
2390 key, NULL, 0, &len );
2393 if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
2406 (
char *)
"-----BEGIN ENCRYPTED PRIVATE KEY-----",
2407 (
char *)
"-----END ENCRYPTED PRIVATE KEY-----",
2408 key, NULL, 0, &len );
2411 if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
2413 pwd, pwdlen ) ) != 0 )
2434 if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
2435 pwd, pwdlen ) ) == 0 )
2447 if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
2452 if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
2467 unsigned char *p, *end;
2469 #if defined(POLARSSL_PEM_C)
2474 (
char *)
"-----BEGIN PUBLIC KEY-----",
2475 (
char *)
"-----END PUBLIC KEY-----",
2476 key, NULL, 0, &len );
2491 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) key;
2493 p = (
unsigned char *) key;
2517 #if defined(POLARSSL_PEM_C)
2524 if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->
N, &rsa->
E ) ) != 0 )
2526 #if defined(POLARSSL_PEM_C)
2535 #if defined(POLARSSL_PEM_C)
2544 #if defined(POLARSSL_PEM_C)
2551 #if defined(POLARSSL_DHM_C)
2559 unsigned char *p, *end;
2560 #if defined(POLARSSL_PEM_C)
2566 (
char *)
"-----BEGIN DH PARAMETERS-----",
2567 (
char *)
"-----END DH PARAMETERS-----",
2568 dhmin, NULL, 0, &dhminlen );
2583 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) dhmin;
2585 p = (
unsigned char *) dhmin;
2600 #if defined(POLARSSL_PEM_C)
2611 #if defined(POLARSSL_PEM_C)
2620 #if defined(POLARSSL_PEM_C)
2628 #if defined(POLARSSL_PEM_C)
2635 #if defined(POLARSSL_FS_IO)
2645 if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2650 memset( buf, 0, n + 1 );
2658 #if defined _MSC_VER && !defined snprintf
2661 #if !defined vsnprintf
2662 #define vsnprintf _vsnprintf
2672 int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
2677 va_start( ap, format );
2679 res = vsnprintf( str, size, format, ap );
2685 return( (
int) size + 20 );
2690 #define snprintf compat_snprintf
2693 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2695 #define SAFE_SNPRINTF() \
2700 if ( (unsigned int) ret > n ) { \
2702 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2705 n -= (unsigned int) ret; \
2706 p += (unsigned int) ret; \
2721 memset( s, 0,
sizeof( s ) );
2727 while( name != NULL )
2737 ret = snprintf( p, n,
", " );
2741 if( name->
oid.
len == 3 &&
2744 switch( name->
oid.
p[2] )
2747 ret = snprintf( p, n,
"CN=" );
break;
2750 ret = snprintf( p, n,
"C=" );
break;
2753 ret = snprintf( p, n,
"L=" );
break;
2756 ret = snprintf( p, n,
"ST=" );
break;
2759 ret = snprintf( p, n,
"O=" );
break;
2762 ret = snprintf( p, n,
"OU=" );
break;
2765 ret = snprintf( p, n,
"0x%02X=",
2771 else if( name->
oid.
len == 9 &&
2774 switch( name->
oid.
p[8] )
2777 ret = snprintf( p, n,
"emailAddress=" );
break;
2780 ret = snprintf( p, n,
"0x%02X=",
2788 ret = snprintf( p, n,
"\?\?=" );
2792 for( i = 0; i < name->
val.
len; i++ )
2794 if( i >=
sizeof( s ) - 1 )
2798 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2803 ret = snprintf( p, n,
"%s", s );
2808 return( (
int) ( size - n ) );
2824 nr = ( serial->
len <= 32 )
2827 for( i = 0; i < nr; i++ )
2829 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
2832 ret = snprintf( p, n,
"%02X%s",
2833 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
2837 if( nr != serial->
len )
2839 ret = snprintf( p, n,
"...." );
2843 return( (
int) ( size - n ) );
2859 ret = snprintf( p, n,
"%scert. version : %d\n",
2862 ret = snprintf( p, n,
"%sserial number : ",
2869 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
2874 ret = snprintf( p, n,
"\n%ssubject name : ", prefix );
2879 ret = snprintf( p, n,
"\n%sissued on : " \
2880 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2886 ret = snprintf( p, n,
"\n%sexpires on : " \
2887 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2893 ret = snprintf( p, n,
"\n%ssigned using : RSA+", prefix );
2898 case SIG_RSA_MD2 : ret = snprintf( p, n,
"MD2" );
break;
2899 case SIG_RSA_MD4 : ret = snprintf( p, n,
"MD4" );
break;
2900 case SIG_RSA_MD5 : ret = snprintf( p, n,
"MD5" );
break;
2901 case SIG_RSA_SHA1 : ret = snprintf( p, n,
"SHA1" );
break;
2906 default: ret = snprintf( p, n,
"???" );
break;
2910 ret = snprintf( p, n,
"\n%sRSA key size : %d bits\n", prefix,
2911 (
int) crt->
rsa.
N.
n * (
int)
sizeof(
t_uint ) * 8 );
2914 return( (
int) ( size - n ) );
2960 ret = snprintf( p, n,
"%d.%d", oid->
p[0]/40, oid->
p[0]%40 );
2966 for( i = 1; i < oid->
len; i++ )
2969 value += oid->
p[i] & 0x7F;
2971 if( !( oid->
p[i] & 0x80 ) )
2974 ret = snprintf( p, n,
".%d", value );
2980 return( (
int) ( size - n ) );
2997 ret = snprintf( p, n,
"%sCRL version : %d",
3001 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
3006 ret = snprintf( p, n,
"\n%sthis update : " \
3007 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3013 ret = snprintf( p, n,
"\n%snext update : " \
3014 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3020 entry = &crl->
entry;
3022 ret = snprintf( p, n,
"\n%sRevoked certificates:",
3026 while( entry != NULL && entry->
raw.
len != 0 )
3028 ret = snprintf( p, n,
"\n%sserial number: ",
3035 ret = snprintf( p, n,
" revocation date: " \
3036 "%04d-%02d-%02d %02d:%02d:%02d",
3042 entry = entry->
next;
3045 ret = snprintf( p, n,
"\n%ssigned using : RSA+", prefix );
3050 case SIG_RSA_MD2 : ret = snprintf( p, n,
"MD2" );
break;
3051 case SIG_RSA_MD4 : ret = snprintf( p, n,
"MD4" );
break;
3052 case SIG_RSA_MD5 : ret = snprintf( p, n,
"MD5" );
break;
3053 case SIG_RSA_SHA1 : ret = snprintf( p, n,
"SHA1" );
break;
3058 default: ret = snprintf( p, n,
"???" );
break;
3062 ret = snprintf( p, n,
"\n" );
3065 return( (
int) ( size - n ) );
3071 static void x509_get_current_time(
x509_time *now )
3078 now->
year = st.wYear;
3079 now->
mon = st.wMonth;
3081 now->
hour = st.wHour;
3082 now->
min = st.wMinute;
3083 now->
sec = st.wSecond;
3089 gmtime_r( &tt, < );
3091 now->
year = lt.tm_year + 1900;
3092 now->
mon = lt.tm_mon + 1;
3093 now->
day = lt.tm_mday;
3094 now->
hour = lt.tm_hour;
3095 now->
min = lt.tm_min;
3096 now->
sec = lt.tm_sec;
3109 before->
mon > after->
mon )
3113 before->
mon == after->
mon &&
3114 before->
day > after->
day )
3118 before->
mon == after->
mon &&
3119 before->
day == after->
day &&
3124 before->
mon == after->
mon &&
3125 before->
day == after->
day &&
3127 before->
min > after->
min )
3131 before->
mon == after->
mon &&
3132 before->
day == after->
day &&
3134 before->
min == after->
min &&
3135 before->
sec > after->
sec )
3145 x509_get_current_time( &now );
3147 return( x509_check_time( &now, to ) );
3154 x509_get_current_time( &now );
3156 return( x509_check_time( from, &now ) );
3166 while( cur != NULL && cur->
serial.
len != 0 )
3184 static void x509_hash(
const unsigned char *in,
size_t len,
int alg,
3185 unsigned char *out )
3189 #if defined(POLARSSL_MD2_C)
3192 #if defined(POLARSSL_MD4_C)
3195 #if defined(POLARSSL_MD5_C)
3198 #if defined(POLARSSL_SHA1_C)
3201 #if defined(POLARSSL_SHA2_C)
3205 #if defined(POLARSSL_SHA4_C)
3210 memset( out,
'\xFF', 64 );
3223 unsigned char hash[64];
3234 while( crl_list != NULL )
3241 crl_list = crl_list->
next;
3250 x509_hash( crl_list->
tbs.
p, crl_list->
tbs.
len, hash_id, hash );
3253 0, hash, crl_list->
sig.
p ) == 0 )
3280 crl_list = crl_list->
next;
3286 static int x509_name_cmp(
const void *s1,
const void *s2,
size_t len )
3290 const unsigned char *n1 = s1, *n2 = s2;
3292 for( i = 0; i < len; i++ )
3294 diff = n1[i] ^ n2[i];
3300 ( ( n1[i] >=
'a' && n1[i] <=
'z' ) ||
3301 ( n1[i] >=
'A' && n1[i] <=
'Z' ) ) )
3312 static int x509_wildcard_verify(
const char *cn,
x509_buf *name )
3317 if( name->
len < 3 || name->
p[0] !=
'*' || name->
p[1] !=
'.' )
3320 for( i = 0; i < strlen( cn ); ++i )
3332 if( strlen( cn ) - cn_idx == name->
len - 1 &&
3333 x509_name_cmp( name->
p + 1, cn + cn_idx, name->
len - 1 ) == 0 )
3341 static int x509parse_verify_top(
3343 x509_crl *ca_crl,
int path_cnt,
int *flags,
3344 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3348 int ca_flags = 0, check_path_cnt = path_cnt + 1;
3349 unsigned char hash[64];
3362 while( trust_ca != NULL )
3369 trust_ca = trust_ca->
next;
3387 trust_ca = trust_ca->
next;
3393 x509_hash( child->
tbs.
p, child->
tbs.
len, hash_id, hash );
3396 0, hash, child->
sig.
p ) != 0 )
3398 trust_ca = trust_ca->
next;
3414 if( trust_ca != NULL &&
3420 *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3428 if( NULL != f_vrfy )
3430 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3436 if( NULL != f_vrfy )
3438 if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3447 static int x509parse_verify_child(
3449 x509_crl *ca_crl,
int path_cnt,
int *flags,
3450 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3454 int parent_flags = 0;
3455 unsigned char hash[64];
3466 x509_hash( child->
tbs.
p, child->
tbs.
len, hash_id, hash );
3469 hash, child->
sig.
p ) != 0 )
3473 *flags |= x509parse_verifycrl(child, parent, ca_crl);
3475 grandparent = parent->
next;
3477 while( grandparent != NULL )
3479 if( grandparent->
version == 0 ||
3485 grandparent = grandparent->
next;
3491 if( grandparent != NULL )
3496 ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3502 ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3508 if( NULL != f_vrfy )
3509 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3512 *flags |= parent_flags;
3523 const char *cn,
int *flags,
3524 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3539 cn_len = strlen( cn );
3545 while( cur != NULL )
3547 if( cur->
buf.
len == cn_len &&
3548 x509_name_cmp( cn, cur->
buf.
p, cn_len ) == 0 )
3552 memcmp( cur->
buf.
p,
"*.", 2 ) == 0 &&
3553 x509_wildcard_verify( cn, &cur->
buf ) )
3564 while( name != NULL )
3566 if( name->
oid.
len == 3 &&
3569 if( name->
val.
len == cn_len &&
3570 x509_name_cmp( name->
val.
p, cn, cn_len ) == 0 )
3574 memcmp( name->
val.
p,
"*.", 2 ) == 0 &&
3575 x509_wildcard_verify( cn, &name->
val ) )
3593 while( parent != NULL && parent->
version != 0 )
3600 parent = parent->
next;
3606 if( parent != NULL )
3611 ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3617 ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3648 while( name_cur != NULL )
3650 name_prv = name_cur;
3651 name_cur = name_cur->
next;
3652 memset( name_prv, 0,
sizeof(
x509_name ) );
3657 while( name_cur != NULL )
3659 name_prv = name_cur;
3660 name_cur = name_cur->
next;
3661 memset( name_prv, 0,
sizeof(
x509_name ) );
3666 while( seq_cur != NULL )
3669 seq_cur = seq_cur->
next;
3675 while( seq_cur != NULL )
3678 seq_cur = seq_cur->
next;
3683 if( cert_cur->
raw.
p != NULL )
3685 memset( cert_cur->
raw.
p, 0, cert_cur->
raw.
len );
3686 free( cert_cur->
raw.
p );
3689 cert_cur = cert_cur->
next;
3691 while( cert_cur != NULL );
3696 cert_prv = cert_cur;
3697 cert_cur = cert_cur->
next;
3699 memset( cert_prv, 0,
sizeof(
x509_cert ) );
3700 if( cert_prv != crt )
3703 while( cert_cur != NULL );
3724 while( name_cur != NULL )
3726 name_prv = name_cur;
3727 name_cur = name_cur->
next;
3728 memset( name_prv, 0,
sizeof(
x509_name ) );
3733 while( entry_cur != NULL )
3735 entry_prv = entry_cur;
3736 entry_cur = entry_cur->
next;
3741 if( crl_cur->
raw.
p != NULL )
3743 memset( crl_cur->
raw.
p, 0, crl_cur->
raw.
len );
3744 free( crl_cur->
raw.
p );
3747 crl_cur = crl_cur->
next;
3749 while( crl_cur != NULL );
3755 crl_cur = crl_cur->
next;
3757 memset( crl_prv, 0,
sizeof(
x509_crl ) );
3758 if( crl_prv != crl )
3761 while( crl_cur != NULL );
3764 #if defined(POLARSSL_SELF_TEST)
3773 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3780 #if defined(POLARSSL_DHM_C)
3785 printf(
" X.509 certificate load: " );
3787 memset( &clicert, 0,
sizeof(
x509_cert ) );
3794 printf(
"failed\n" );
3799 memset( &cacert, 0,
sizeof(
x509_cert ) );
3806 printf(
"failed\n" );
3812 printf(
"passed\n X.509 private key load: " );
3824 printf(
"failed\n" );
3830 printf(
"passed\n X.509 signature verify: ");
3832 ret =
x509parse_verify( &clicert, &cacert, NULL,
"PolarSSL Client 2", &flags, NULL, NULL );
3836 printf(
"failed\n" );
3841 #if defined(POLARSSL_DHM_C)
3843 printf(
"passed\n X.509 DHM parameter load: " );
3851 printf(
"failed\n" );
3857 printf(
"passed\n\n" );
3863 #if defined(POLARSSL_DHM_C)
x509_time valid_to
End time of certificate validity.
#define OID_CLIENT_AUTH
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT
Invalid RSA key tag or value.
x509_buf issuer_raw
The raw issuer data (DER).
#define ASN1_PRINTABLE_STRING
int x509parse_crt_der(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
#define STRING_SERVER_AUTH
x509_name issuer
The parsed issuer data (named information object).
x509_buf tbs
The raw certificate body (DER).
x509_buf val
The named value.
int asn1_get_sequence_of(unsigned char **p, const unsigned char *end, asn1_sequence *cur, int tag)
Parses and splits an ASN.1 "SEQUENCE OF <tag>" Updated the pointer to immediately behind the full seq...
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
#define ASN1_GENERALIZED_TIME
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values below.
int rsa_check_privkey(const rsa_context *ctx)
Check a private RSA key.
asn1_buf buf
Buffer containing the given ASN.1 item.
#define POLARSSL_ERR_X509_PASSWORD_REQUIRED
Private key password can't be empty.
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int pkcs12_pbe(asn1_buf *pbe_params, int mode, cipher_type_t cipher_type, md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for cipher-based and md-based PBE's...
int x509parse_crtfile(x509_cert *chain, const char *path)
Load one or more certificates and add them to the chained list.
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
Certificate revocation list entry.
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS
The extension tag or value is invalid.
x509_buf sig
Signature: hash of the tbs part signed with the private key.
#define POLARSSL_ERR_X509_INVALID_INPUT
Input invalid.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT
Format not recognized as DER or PEM.
#define EXT_BASIC_CONSTRAINTS
x509_name subject
The parsed subject data (named information object).
#define OID_SERVER_AUTH
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
size_t len
ASN1 length, e.g.
x509_buf raw
The raw certificate data (DER).
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
Container for date and time (precision in seconds).
#define STRING_EMAIL_PROTECTION
#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION
The certificate version element is invalid.
void x509_free(x509_cert *crt)
Unallocate all certificate data.
x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Configuration options (set of defines)
int rsa_check_pubkey(const rsa_context *ctx)
Check a public RSA key.
void md2(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD2( input buffer )
int pem_read_buffer(pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len)
Read a buffer for PEM information and store the resulting data into the specified context buffers...
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG
Key algorithm is unsupported (only RSA is supported).
Container for ASN1 named information objects.
int x509parse_cert_info(char *buf, size_t size, const char *prefix, const x509_cert *crt)
Returns an informational string about the certificate.
#define STRING_TIME_STAMPING
Container for an X.509 certificate.
int x509parse_dhmfile(dhm_context *dhm, const char *path)
Load and parse DHM parameters.
#define BADCRL_NOT_TRUSTED
CRL is not correctly signed by the trusted CA.
void md4(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD4( input buffer )
#define POLARSSL_ERR_ASN1_INVALID_LENGTH
Error when trying to determine the length or invalid length.
Container for ASN1 bit strings.
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL
The serial tag or value is invalid.
x509_name issuer
The parsed issuer data (named information object).
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION
Unsupported RSA key version.
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
int x509parse_time_future(const x509_time *time)
Check a given x509_time against the system time and check if it is not from the future.
#define OID_KEY_USAGE
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
x509_buf sig_oid2
Signature algorithm.
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH
Certificate signature algorithms do not match.
#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
Container for a sequence of ASN.1 items.
#define OID_SUBJECT_ALT_NAME
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Private key password can't be empty.
#define BADCERT_EXPIRED
The certificate validity has expired.
void rsa_free(rsa_context *ctx)
Free the components of an RSA key.
int sig_alg
Internal representation of the signature algorithm, e.g.
#define BADCERT_FUTURE
The certificate validity starts in the future.
unsigned char * p
Raw ASN1 data for the bit string.
void pem_init(pem_context *ctx)
PEM context setup.
int x509parse_crt(x509_cert *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
SHA-384 and SHA-512 cryptographic hash function.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g.
int x509parse_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is not expired.
Privacy Enhanced Mail (PEM) decoding.
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
The signature tag or value invalid.
int pkcs5_pbes2(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
PKCS#5 PBES2 function.
#define OID_EXTENDED_KEY_USAGE
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
#define OID_BASIC_CONSTRAINTS
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
SHA-224 and SHA-256 cryptographic hash function.
void x509_crl_free(x509_crl *crl)
Unallocate all CRL data.
int x509parse_dhm(dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
Parse DHM parameters.
unsigned char * p
ASN1 data, e.g.
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT
The certificate format is invalid, e.g.
int x509parse_crtpath(x509_cert *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list.
int x509parse_crl(x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and add them to the chained list.
int x509parse_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
int x509parse_key(rsa_context *rsa, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen)
Parse a private RSA key.
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
void pem_free(pem_context *ctx)
PEM context memory freeing.
x509_buf tbs
The raw certificate body (DER).
int asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value.
#define STRING_OCSP_SIGNING
int x509parse_public_keyfile(rsa_context *rsa, const char *path)
Load and parse a public RSA key.
x509_buf serial
Unique id for certificate issued by a specific CA.
struct _x509_crl_entry * next
x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Diffie-Hellman-Merkle key exchange.
x509_time valid_from
Start time of certificate validity.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
#define EXT_EXTENDED_KEY_USAGE
x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
unsigned char key_usage
Optional key usage extension value: See the values below.
X.509 certificate and private key decoding.
int x509parse_crl_info(char *buf, size_t size, const char *prefix, const x509_crl *crl)
Returns an informational string about the CRL.
int x509parse_public_key(rsa_context *rsa, const unsigned char *key, size_t keylen)
Parse a public RSA key.
#define POLARSSL_ERR_ASN1_MALLOC_FAILED
Memory allocation failed.
#define ASN1_CONTEXT_SPECIFIC
#define BADCERT_NOT_TRUSTED
The certificate is not correctly signed by the trusted CA.
struct _x509_cert * next
Next certificate in the CA-chain.
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
#define STRING_CODE_SIGNING
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
#define POLARSSL_ERR_X509_CERT_INVALID_DATE
The date tag or value is invalid.
Type-length-value structure that allows for ASN1 using DER.
#define ASN1_UNIVERSAL_STRING
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
Certificate or CRL has an unsupported version number.
int pkcs12_pbe_sha1_rc4_128(asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *input, size_t len, unsigned char *output)
PKCS12 Password Based function (encryption / decryption) for pbeWithSHAAnd128BitRC4.
size_t len
ASN1 length, e.g.
#define BADCRL_FUTURE
The CRL is from the future.
void sha4(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
Output = SHA-512( input buffer )
Sample certificates and DHM parameters for testing.
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
The pubkey tag or value is invalid (only RSA is supported).
#define OID_PKCS12_PBE_SHA1_RC4_128
SHA-1 cryptographic hash function.
#define BADCERT_REVOKED
The certificate has been revoked (is on a CRL).
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int x509parse_revoked(const x509_cert *crt, const x509_crl *crl)
Verify the certificate signature.
#define BADCRL_EXPIRED
CRL is expired.
x509_buf subject_raw
The raw subject data (DER).
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
void rsa_init(rsa_context *ctx, int padding, int hash_id)
Initialize an RSA context.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
#define X520_ORGANIZATION
Certificate revocation list structure.
int asn1_get_bitstring(unsigned char **p, const unsigned char *end, asn1_bitstring *bs)
Retrieve a bitstring ASN.1 tag and its value.
#define POLARSSL_ERR_X509_CERT_INVALID_ALG
The algorithm tag or value is invalid.
#define OID_TIME_STAMPING
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
#define POLARSSL_ERR_X509_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
#define OID_OCSP_SIGNING
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
x509_buf v3_ext
Optional X.509 v3 extensions.
void dhm_free(dhm_context *ctx)
Free the components of a DHM key.
#define OID_EMAIL_PROTECTION
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
x509_buf pk_oid
Subject public key info.
#define ASN1_OCTET_STRING
void sha2(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
#define STRING_CLIENT_AUTH
#define OID_CODE_SIGNING
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
x509_buf raw
The raw certificate data (DER).
#define BADCERT_CN_MISMATCH
The certificate Common Name (CN) does not match with the expected CN.
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
const char test_dhm_params[]
MD4 message digest algorithm (hash function)
x509_time revocation_date
int x509parse_verify(x509_cert *crt, x509_cert *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy)
Verify the certificate signature.
x509_buf issuer_raw
The raw issuer data (DER).
const char test_cli_crt[]
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
int version
The X.509 version.
rsa_context rsa
Container for the RSA context.
MD5 message digest algorithm (hash function)
#define PKCS12_PBE_DECRYPT
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
void md5(const unsigned char *input, size_t ilen, unsigned char output[16])
Output = MD5( input buffer )
MD2 message digest algorithm (hash function)
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
PKCS#12 Personal Information Exchange Syntax.
int x509parse_keyfile(rsa_context *rsa, const char *path, const char *password)
Load and parse a private RSA key.
int rsa_pkcs1_verify(rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, int hash_id, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Generic wrapper to perform a PKCS#1 verification using the mode from the context. ...
int x509parse_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
struct _asn1_sequence * next
The next entry in the sequence.
int x509parse_crlfile(x509_crl *chain, const char *path)
Load one or more CRLs and add them to the chained list.
x509_buf sig_oid1
Signature algorithm, e.g.
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise...
struct _x509_name * next
The next named information object.
#define POLARSSL_ERR_X509_CERT_INVALID_NAME
The name tag or value is invalid.
#define EXT_SUBJECT_ALT_NAME
x509_buf oid
The object identifier.
int ext_types
Bit string containing detected and parsed extensions.