Module X509.Certificate

X509v3 certificate

val decode_pkcs1_digest_info : string -> ([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] * string, [> `Msg of string ]) Stdlib.result

decode_pkcs1_digest_info buffer is hash, signature, the hash and raw signature of the given buffer in ASN.1 DER encoding, or an error.

val encode_pkcs1_digest_info : ([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] * string) -> string

encode_pkcs1_digest_info (hash, signature) is data, the ASN.1 DER encoded hash and signature.

Abstract certificate type

type t

The abstract type of a certificate.

val pp : t Fmt.t

pp ppf cert pretty-prints the certificate.

val pp' : (Asn.oid * string) Fmt.t -> t Fmt.t

pp' pp_custom_extensions ppf cert pretty-prints the certificate using pp_custom_extensions for Extension.Unsupported _ extension.

Encoding and decoding in ASN.1 DER and PEM format

val decode_der : string -> (t, [> `Msg of string ]) Stdlib.result

decode_der octets is certificate, the ASN.1 decoded certificate or an error.

val encode_der : t -> string

encode_der certificate is octets, the ASN.1 encoded representation of the certificate.

val decode_pem_multiple : string -> (t list, [> `Msg of string ]) Stdlib.result

decode_pem_multiple pem is t list, where all certificates of the pem are extracted

val fold_decode_pem_multiple : ('a -> (t, [> `Msg of string ]) Stdlib.result -> 'a) -> 'a -> string -> 'a

fold_decode_pem_multiple fn acc pem is a fold of the function fn, with the initial accumulator acc, over the certificates extracted (and potential parsing errors) from the pem.

val decode_pem : string -> (t, [> `Msg of string ]) Stdlib.result

decode_pem pem is t, where the single certificate of the pem is extracted

val encode_pem_multiple : t list -> string

encode_pem_multiple certificates is pem, the pem encoded certificates.

val encode_pem : t -> string

encode_pem certificate is pem, the pem encoded certificate.

Operations on certificates

val supports_keytype : t -> Key_type.t -> bool

supports_keytype certificate key_type is result, whether public key of the certificate matches the given key_type.

val public_key : t -> Public_key.t

public_key certificate is pk, the public key of the certificate.

val signature_algorithm : t -> (Key_type.signature_scheme * Digestif.hash') option

signature_algorithm certificate is the algorithm used for the signature.

val hostnames : t -> Host.Set.t

hostnames certficate is the set of domain names this certificate is valid for. Currently, these are the DNS names of the Subject Alternative Name extension, if present, or otherwise the singleton set containing the common name of the certificate subject.

val supports_hostname : t -> [ `host ] Domain_name.t -> bool

supports_hostname certificate hostname is result, whether the certificate contains the given hostname, using hostnames.

val ips : t -> Ipaddr.Set.t

ips certificate are the IP addresses the certificate is valid for (as specified in SubjectAlternativeName extensioni).

val supports_ip : t -> Ipaddr.t -> bool

supports_ip cert ip is true if the ip is mentioned in the SubjectAlternativeName extension, false otherwise.

val fingerprint : Digestif.hash' -> t -> string

fingerprint hash cert is digest, the digest of cert using the specified hash algorithm

val subject : t -> Distinguished_name.t

subject certificate is dn, the subject as distinguished name of the certificate.

val issuer : t -> Distinguished_name.t

issuer certificate is dn, the issuer as distinguished name of the certificate.

val serial : t -> string

serial certificate is sn, the serial number of the certificate. A serial is a positive number of at most 20 octets. 0 is supported. A negative serial number is supported when decoding a certificate, but when encoding, an octet of 0 is prepended making it positive.

val validity : t -> Ptime.t * Ptime.t

validity certificate is from, until, the validity of the certificate.

val extensions : t -> Extension.t

extensions certificate is the extension map of certificate.