Module X509.Extension

module Extension: sig .. end

X.509v3 extensions


X.509v3 extension

type key_usage = [ `CRL_sign
| `Content_commitment
| `Data_encipherment
| `Decipher_only
| `Digital_signature
| `Encipher_only
| `Key_agreement
| `Key_cert_sign
| `Key_encipherment ]

The polymorphic variant of key usages.

val supports_usage : ?not_present:bool -> X509.t -> key_usage -> bool

supports_usage ~not_present certificate key_usage is result, whether the certificate supports the given key_usage (defaults to ~not_present if the certificate does not contain a keyUsage extension).

type extended_key_usage = [ `Any
| `Client_auth
| `Code_signing
| `Email_protection
| `Ipsec_end
| `Ipsec_tunnel
| `Ipsec_user
| `Ocsp_signing
| `Other of Asn.oid
| `Server_auth
| `Time_stamping ]

The polymorphic variant of extended key usages.

val supports_extended_usage : ?not_present:bool -> X509.t -> extended_key_usage -> bool

supports_extended_usage ~not_present certificate
      extended_key_usage
is result, whether the certificate supports the given extended_key_usage (defaults to ~not_present if the certificate does not contain an extendedKeyUsage extension.

val basic_constraints : X509.t -> (bool * int option) option

basic_constraints cert extracts the BasicConstraints extension, if present.

type general_name = [ `DNS of string
| `Directory of X509.distinguished_name
| `EDI_party of string option * string
| `IP of Cstruct.t
| `Other of Asn.oid * string
| `Registered_id of Asn.oid
| `Rfc_822 of string
| `URI of string
| `X400_address of unit ]

A list of general_names is the value of both subjectAltName and IssuerAltName extension.

type authority_key_id = Cstruct.t option * general_name list * Z.t option 

The authority key identifier, as present in the Authority Key Identifier extension.

type priv_key_usage_period = [ `Interval of Ptime.t * Ptime.t
| `Not_after of Ptime.t
| `Not_before of Ptime.t ]

The private key usage period, as defined in RFC 3280.

type name_constraint = (general_name * int * int option) list 

Name constraints, as defined in RFC 5280.

type policy = [ `Any | `Something of Asn.oid ] 

Certificate policies, the policy extension.

val unsupported : X509.t -> Asn.OID.t -> (bool * Cstruct.t) option

unsupported cert oid is None if oid is not present as extension, or Some (crit, data) if an extension with oid is present.

val subject_alt_names : X509.t -> general_name list

Returns subject_alt_names if extension if present, else  [] .

type reason = [ `AA_compromise
| `Affiliation_changed
| `CA_compromise
| `Certificate_hold
| `Cessation_of_operation
| `Key_compromise
| `Privilege_withdrawn
| `Superseded
| `Unused ]

Type of allowed revocation reasons for a given distribution point.

type distribution_point_name = [ `Full of general_name list
| `Relative of X509.distinguished_name ]

Distribution point name, either a full one using general names, or a relative one using a distinguished name.

type distribution_point = distribution_point_name option *
reason list option * X509.distinguished_name option

Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.

val crl_distribution_points : X509.t -> distribution_point list

Returns crl_distribution_points if extension if present, else  [] .

type reason_code = [ `AA_compromise
| `Affiliation_changed
| `CA_compromise
| `Certificate_hold
| `Cessation_of_operation
| `Key_compromise
| `Privilege_withdrawn
| `Remove_from_CRL
| `Superseded
| `Unspecified ]

The reason of a revoked certificate.

type t = [ `Authority_key_id of authority_key_id
| `Basic_constraints of bool * int option
| `CRL_distribution_points of distribution_point list
| `CRL_number of int
| `Certificate_issuer of general_name list
| `Delta_CRL_indicator of int
| `Ext_key_usage of extended_key_usage list
| `Freshest_CRL of distribution_point list
| `Invalidity_date of Ptime.t
| `Issuer_alt_name of general_name list
| `Issuing_distribution_point of
distribution_point_name option * bool * bool *
reason list option * bool * bool
| `Key_usage of key_usage list
| `Name_constraints of
name_constraint * name_constraint
| `Policies of policy list
| `Priv_key_period of priv_key_usage_period
| `Reason of reason_code
| `Subject_alt_name of general_name list
| `Subject_key_id of Cstruct.t
| `Unsupported of Asn.oid * Cstruct.t ]

The polymorphic variant of X509v3 extensions.