PolarSSL v1.3.7
Data Structures | Functions
x509_csr.h File Reference

X.509 certificate signing request parsing and writing. More...

#include "config.h"
#include "x509.h"
Include dependency graph for x509_csr.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _x509_csr
 Certificate Signing Request (CSR) structure. More...
 
struct  _x509write_csr
 Container for writing a CSR. More...
 

Functions

void x509write_csr_init (x509write_csr *ctx)
 Initialize a CSR context. More...
 
int x509write_csr_set_subject_name (x509write_csr *ctx, const char *subject_name)
 Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. More...
 
void x509write_csr_set_key (x509write_csr *ctx, pk_context *key)
 Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it) More...
 
void x509write_csr_set_md_alg (x509write_csr *ctx, md_type_t md_alg)
 Set the MD algorithm to use for the signature (e.g. More...
 
int x509write_csr_set_key_usage (x509write_csr *ctx, unsigned char key_usage)
 Set the Key Usage Extension flags (e.g. More...
 
int x509write_csr_set_ns_cert_type (x509write_csr *ctx, unsigned char ns_cert_type)
 Set the Netscape Cert Type flags (e.g. More...
 
int x509write_csr_set_extension (x509write_csr *ctx, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len)
 Generic function to add to or replace an extension in the CSR. More...
 
void x509write_csr_free (x509write_csr *ctx)
 Free the contents of a CSR context. More...
 
int x509write_csr_der (x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. More...
 
int x509write_csr_pem (x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a PEM string. More...
 

Structures and functions for X.509 Certificate Signing Requests (CSR)

typedef struct _x509_csr x509_csr
 Certificate Signing Request (CSR) structure. More...
 
typedef struct _x509write_csr x509write_csr
 Container for writing a CSR. More...
 
int x509_csr_parse (x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR) More...
 
int x509_csr_parse_file (x509_csr *csr, const char *path)
 Load a Certificate Signing Request (CSR) More...
 
int x509_csr_info (char *buf, size_t size, const char *prefix, const x509_csr *csr)
 Returns an informational string about the CSR. More...
 
void x509_csr_init (x509_csr *csr)
 Initialize a CSR. More...
 
void x509_csr_free (x509_csr *csr)
 Unallocate all CSR data. More...
 

Detailed Description

X.509 certificate signing request parsing and writing.

Copyright (C) 2006-2014, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file x509_csr.h.

Function Documentation

int x509write_csr_der ( x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters
ctxCSR to write away
bufbuffer to write to
sizesize of the buffer
f_rngRNG function (for signature, see note)
p_rngRNG parameter
Returns
length of data written if successful, or a specific error code
Note
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.
void x509write_csr_free ( x509write_csr ctx)

Free the contents of a CSR context.

Parameters
ctxCSR context to free
void x509write_csr_init ( x509write_csr ctx)

Initialize a CSR context.

Parameters
ctxCSR context to initialize
int x509write_csr_pem ( x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a PEM string.

Parameters
ctxCSR to write away
bufbuffer to write to
sizesize of the buffer
f_rngRNG function (for signature, see note)
p_rngRNG parameter
Returns
0 successful, or a specific error code
Note
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for couermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.
int x509write_csr_set_extension ( x509write_csr ctx,
const char *  oid,
size_t  oid_len,
const unsigned char *  val,
size_t  val_len 
)

Generic function to add to or replace an extension in the CSR.

Parameters
ctxCSR context to use
oidOID of the extension
oid_lenlength of the OID
valvalue of the extension OCTET STRING
val_lenlength of the value data
Returns
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
void x509write_csr_set_key ( x509write_csr ctx,
pk_context key 
)

Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it)

Parameters
ctxCSR context to use
keyAsymetric key to include
int x509write_csr_set_key_usage ( x509write_csr ctx,
unsigned char  key_usage 
)

Set the Key Usage Extension flags (e.g.

KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)

Parameters
ctxCSR context to use
key_usagekey usage flags to set
Returns
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
void x509write_csr_set_md_alg ( x509write_csr ctx,
md_type_t  md_alg 
)

Set the MD algorithm to use for the signature (e.g.

POLARSSL_MD_SHA1)

Parameters
ctxCSR context to use
md_algMD algorithm to use
int x509write_csr_set_ns_cert_type ( x509write_csr ctx,
unsigned char  ns_cert_type 
)

Set the Netscape Cert Type flags (e.g.

NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)

Parameters
ctxCSR context to use
ns_cert_typeNetscape Cert Type flags to set
Returns
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
int x509write_csr_set_subject_name ( x509write_csr ctx,
const char *  subject_name 
)

Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL Server 1"

Parameters
ctxCSR context to use
subject_namesubject name to set
Returns
0 if subject name was parsed successfully, or a specific error code