Module X509.Extension

X.509v3 extensions

type key_usage = [
  1. | `Digital_signature
  2. | `Content_commitment
  3. | `Key_encipherment
  4. | `Data_encipherment
  5. | `Key_agreement
  6. | `Key_cert_sign
  7. | `CRL_sign
  8. | `Encipher_only
  9. | `Decipher_only
]

The polymorphic variant of key usages.

type extended_key_usage = [
  1. | `Any
  2. | `Server_auth
  3. | `Client_auth
  4. | `Code_signing
  5. | `Email_protection
  6. | `Ipsec_end
  7. | `Ipsec_tunnel
  8. | `Ipsec_user
  9. | `Time_stamping
  10. | `Ocsp_signing
  11. | `Other of Asn.oid
]

The polymorphic variant of extended key usages.

type authority_key_id = string option * General_name.t * string option

The authority key identifier, as present in the Authority Key Identifier extension.

type priv_key_usage_period = [
  1. | `Interval of Ptime.t * Ptime.t
  2. | `Not_after of Ptime.t
  3. | `Not_before of Ptime.t
]

The private key usage period, as defined in RFC 3280.

type name_constraint = (General_name.b * int * int option) list

Name constraints, as defined in RFC 5280.

type policy = [
  1. | `Any
  2. | `Something of Asn.oid
]

Certificate policies, the policy extension.

type reason = [
  1. | `Unspecified
  2. | `Key_compromise
  3. | `CA_compromise
  4. | `Affiliation_changed
  5. | `Superseded
  6. | `Cessation_of_operation
  7. | `Certificate_hold
  8. | `Remove_from_CRL
  9. | `Privilege_withdrawn
  10. | `AA_compromise
]

Type of revocation reasons for a given distribution point.

type distribution_point_name = [
  1. | `Full of General_name.t
  2. | `Relative of Distinguished_name.t
]

Distribution point name, either a full one using general names, or a relative one using a distinguished name.

type distribution_point = distribution_point_name option * reason list option * General_name.t option

Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.

type 'a extension = bool * 'a

The type of an extension: the critical flag and the value itself.

type _ k =
  1. | Unsupported : Asn.oid -> string extension k
  2. | Subject_alt_name : General_name.t extension k
  3. | Authority_key_id : authority_key_id extension k
  4. | Subject_key_id : string extension k
  5. | Issuer_alt_name : General_name.t extension k
  6. | Key_usage : key_usage list extension k
  7. | Ext_key_usage : extended_key_usage list extension k
  8. | Basic_constraints : (bool * int option) extension k
  9. | CRL_number : int extension k
  10. | Delta_CRL_indicator : int extension k
  11. | Priv_key_period : priv_key_usage_period extension k
  12. | Name_constraints : (name_constraint * name_constraint) extension k
  13. | CRL_distribution_points : distribution_point list extension k
  14. | Issuing_distribution_point : (distribution_point_name option * bool * bool * reason list option * bool * bool) extension k
  15. | Freshest_CRL : distribution_point list extension k
  16. | Reason : reason extension k
  17. | Invalidity_date : Ptime.t extension k
  18. | Certificate_issuer : General_name.t extension k
  19. | Policies : policy list extension k

The type of supported X509v3 and CRL extensions.

include Gmap.S with type 'a key = 'a k
type !'a key = 'a k
type t
val empty : t
val singleton : 'a key -> 'a -> t
val is_empty : t -> bool
val cardinal : t -> int
val mem : 'a key -> t -> bool
val find : 'a key -> t -> 'a option
val get : 'a key -> t -> 'a
val add_unless_bound : 'a key -> 'a -> t -> t option
val add : 'a key -> 'a -> t -> t
val remove : 'a key -> t -> t
val update : 'a key -> ('a option -> 'a option) -> t -> t
type b =
  1. | B : 'a key * 'a -> b
val min_binding : t -> b option
val max_binding : t -> b option
val any_binding : t -> b option
val bindings : t -> b list
type eq = {
  1. f : 'a. 'a key -> 'a -> 'a -> bool;
}
val equal : eq -> t -> t -> bool
type mapper = {
  1. f : 'a. 'a key -> 'a -> 'a;
}
val map : mapper -> t -> t
val iter : (b -> unit) -> t -> unit
val fold : (b -> 'a -> 'a) -> t -> 'a -> 'a
val for_all : (b -> bool) -> t -> bool
val exists : (b -> bool) -> t -> bool
val filter : (b -> bool) -> t -> t
type merger = {
  1. f : 'a. 'a key -> 'a option -> 'a option -> 'a option;
}
val merge : merger -> t -> t -> t
type unionee = {
  1. f : 'a. 'a key -> 'a -> 'a -> 'a option;
}
val union : unionee -> t -> t -> t
val critical : 'a key -> 'a -> bool

critical ext_key ext_value is the critical bit in ext_value.

val pp : t Fmt.t

pp ppf ext_map pretty-prints the extension map.

val pp' : (Asn.oid * string) Fmt.t -> t Fmt.t

pp' custom ppf ext_map pretty-prints the extension map using custom to print Unsupported _ extensions.