Module X509.Certificate

X509v3 certificate

val decode_pkcs1_digest_info : Cstruct.t -> ( Mirage_crypto.Hash.hash * Cstruct.t, [> `Msg of string ] ) Stdlib.result

decode_pkcs1_digest_info buffer is hash, signature, the hash and raw signature of the given buffer in ASN.1 DER encoding, or an error.

val encode_pkcs1_digest_info : (Mirage_crypto.Hash.hash * Cstruct.t) -> Cstruct.t

encode_pkcs1_digest_info (hash, signature) is data, the ASN.1 DER encoded hash and signature.

Abstract certificate type

type t

The abstract type of a certificate.

val pp : t Fmt.t

pp ppf cert pretty-prints the certificate.

Encoding and decoding in ASN.1 DER and PEM format

val decode_der : Cstruct.t -> ( t, [> `Msg of string ] ) Stdlib.result

decode_der cstruct is certificate, the ASN.1 decoded certificate or an error.

val encode_der : t -> Cstruct.t

encode_der certificate is cstruct, the ASN.1 encoded representation of the certificate.

val decode_pem_multiple : Cstruct.t -> ( t list, [> `Msg of string ] ) Stdlib.result

decode_pem_multiple pem is t list, where all certificates of the pem are extracted

val decode_pem : Cstruct.t -> ( t, [> `Msg of string ] ) Stdlib.result

decode_pem pem is t, where the single certificate of the pem is extracted

val encode_pem_multiple : t list -> Cstruct.t

encode_pem_multiple certificates is pem, the pem encoded certificates.

val encode_pem : t -> Cstruct.t

encode_pem certificate is pem, the pem encoded certificate.

Operations on certificates

val supports_keytype : t -> Key_type.t -> bool

supports_keytype certificate key_type is result, whether public key of the certificate matches the given key_type.

val public_key : t -> Public_key.t

public_key certificate is pk, the public key of the certificate.

val signature_algorithm : t -> (Key_type.signature_scheme * Mirage_crypto.Hash.hash) option

signature_algorithm certificate is the algorithm used for the signature.

val hostnames : t -> Host.Set.t

hostnames certficate is the set of domain names this certificate is valid for. Currently, these are the DNS names of the Subject Alternative Name extension, if present, or otherwise the singleton set containing the common name of the certificate subject.

val supports_hostname : t -> [ `host ] Domain_name.t -> bool

supports_hostname certificate hostname is result, whether the certificate contains the given hostname, using hostnames.

val ips : t -> Ipaddr.Set.t

ips certificate are the IP addresses the certificate is valid for (as specified in SubjectAlternativeName extensioni).

val supports_ip : t -> Ipaddr.t -> bool

supports_ip cert ip is true if the ip is mentioned in the SubjectAlternativeName extension, false otherwise.

val fingerprint : Mirage_crypto.Hash.hash -> t -> Cstruct.t

fingerprint hash cert is digest, the digest of cert using the specified hash algorithm

val subject : t -> Distinguished_name.t

subject certificate is dn, the subject as distinguished name of the certificate.

val issuer : t -> Distinguished_name.t

issuer certificate is dn, the issuer as distinguished name of the certificate.

val serial : t -> Z.t

serial certificate is sn, the serial number of the certificate.

val validity : t -> Ptime.t * Ptime.t

validity certificate is from, until, the validity of the certificate.

val extensions : t -> Extension.t

extensions certificate is the extension map of certificate.