X509.Extension
X.509v3 extensions
type key_usage = [
|
`Digital_signature
|
`Content_commitment
|
`Key_encipherment
|
`Data_encipherment
|
`Key_agreement
|
`Key_cert_sign
|
`CRL_sign
|
`Encipher_only
|
`Decipher_only
]
The polymorphic variant of key usages.
type extended_key_usage = [
|
`Any
|
`Server_auth
|
`Client_auth
|
`Code_signing
|
`Email_protection
|
`Ipsec_end
|
`Ipsec_tunnel
|
`Ipsec_user
|
`Time_stamping
|
`Ocsp_signing
|
`Other of Asn.oid
]
The polymorphic variant of extended key usages.
type authority_key_id = Cstruct.t option * General_name.t * Z.t option
The authority key identifier, as present in the Authority Key Identifier extension.
The private key usage period, as defined in RFC 3280.
type name_constraint = (General_name.b * int * int option) list
Name constraints, as defined in RFC 5280.
Certificate policies, the policy extension.
type reason = [
|
`Unspecified
|
`Key_compromise
|
`CA_compromise
|
`Affiliation_changed
|
`Superseded
|
`Cessation_of_operation
|
`Certificate_hold
|
`Remove_from_CRL
|
`Privilege_withdrawn
|
`AA_compromise
]
Type of revocation reasons for a given distribution point.
Distribution point name, either a full one using general names, or a relative one using a distinguished name.
type distribution_point =
distribution_point_name option * reason list option * General_name.t option
Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.
type _ k =
| Unsupported : Asn.oid -> Cstruct.t extension k
| Subject_alt_name : General_name.t extension k
| Authority_key_id : authority_key_id extension k
| Subject_key_id : Cstruct.t extension k
| Issuer_alt_name : General_name.t extension k
| Key_usage : key_usage list extension k
| Ext_key_usage : extended_key_usage list extension k
| Basic_constraints : (bool * int option) extension k
| CRL_number : int extension k
| Delta_CRL_indicator : int extension k
| Priv_key_period : priv_key_usage_period extension k
| Name_constraints : (name_constraint * name_constraint) extension k
| CRL_distribution_points : distribution_point list extension k
| Issuing_distribution_point : (distribution_point_name option
* bool
* bool
* reason list option
* bool
* bool)
extension
k
| Freshest_CRL : distribution_point list extension k
| Reason : reason extension k
| Invalidity_date : Ptime.t extension k
| Certificate_issuer : General_name.t extension k
| Policies : policy list extension k
val critical : 'a key -> 'a -> bool
critical ext_key ext_value
is the critical bit in ext_value
.
val pp : t Fmt.t
pp ppf ext_map
pretty-prints the extension map.