Index of values


A
a_of_sexp [X509.Authenticator]
a_of_sexp sexp is authenticator, the unmarshalled sexp.

B
build_paths [X509.Validation]
build_paths server rest is paths, which are all possible certificate paths starting with server.

C
ca_error_of_sexp [X509.Validation]
ca_error_of_sexp sexp is ca_error, the unmarshalled sexp.
ca_error_to_string [X509.Validation]
ca_error_to_string validation_error is string, the string representation of the ca_error.
chain_error_of_sexp [X509.Validation]
chain_error_of_sexp sexp is chain_error, the unmarshalled sexp.
chain_error_to_string [X509.Validation]
chain_error_to_string validation_error is string, the string representation of the chain_error.
chain_of_trust [X509.Authenticator]
chain_of_trust ?time trust_anchors is authenticator, which uses the given time and list of trust_anchors to verify the certificate chain.
common_name_to_string [X509]
common_name_to_string certificate is common_name, the common name of the subject of the certificate.
cs_of_cert [X509.Encoding]
cs_of_cert certificate is cstruct, the ASN.1 encoded representation of the certificate.

D
distinguished_name_to_string [X509]
distinguished_name_to_string dn is string, the string representation of the dn.

F
fingerprint [X509]
fingerprint hash cert is digest, the digest of cert using the specified hash algorithm

H
hostnames [X509]
hostnames certficate are hostnames, the list of hostnames this certificate is valid for.

I
info [X509.CA]
info signing_request is X509.CA.request_info, the information inside the X509.CA.signing_request.
issuer [X509]
issuer certificate is dn, the issuer as dn of the certificate.

K
key_fingerprint [X509]
key_fingerprint ?hash public_key is result, the hash (by default SHA256) of the DER encoded public key (equivalent to `openssl x509 -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -HASH`).
key_id [X509]
key_id public_key is result, the 160-bit `SHA1 hash of the BIT STRING subjectPublicKey (excluding tag, length, and number of unused bits) for publicKeyInfo of public_key.

N
null [X509.Authenticator]
null is authenticator, which always returns `Ok.

O
of_pem_cstruct [X509.Encoding.Pem.Private_key]
of_pem_cstruct pem is t list, where all private keys of pem are extracted
of_pem_cstruct [X509.Encoding.Pem.Public_key]
of_pem_cstruct pem is t list, where all public keys of pem are extracted
of_pem_cstruct [X509.Encoding.Pem.Certificate_signing_request]
of_pem_cstruct pem is t list, where all signing requests of the pem are extracted
of_pem_cstruct [X509.Encoding.Pem.Certificate]
of_pem_cstruct pem is t list, where all certificates of the pem are extracted
of_pem_cstruct1 [X509.Encoding.Pem.Private_key]
of_pem_cstruct1 pem is t, where the private key of pem is extracted
of_pem_cstruct1 [X509.Encoding.Pem.Public_key]
of_pem_cstruct1 pem is t, where the public key of pem is extracted
of_pem_cstruct1 [X509.Encoding.Pem.Certificate_signing_request]
of_pem_cstruct1 pem is t, where the single signing request of the pem is extracted
of_pem_cstruct1 [X509.Encoding.Pem.Certificate]
of_pem_cstruct1 pem is t, where the single certificate of the pem is extracted

P
parse [X509.Encoding.Pem]
parse pem is (name * data) list, in which the pem is parsed into its components, each surrounded by BEGIN name and END name.
parse [X509.Encoding]
parse cstruct is certificate option, the ASN.1 decoded certificate or None.
pkcs1_digest_info_of_cstruct [X509.Encoding]
pkcs1_digest_info_of_cstruct data is hash, signature option, the hash and raw signature.
pkcs1_digest_info_to_cstruct [X509.Encoding]
pkcs1_digest_info_to_cstruct (hash, signature) is data, the encoded hash and signature.
public_key [X509]
public_key certificate is pubkey, the public key of the certificate.

R
request [X509.CA]
request subject ~digest ~extensions private creates signing_request, a certification request using the given subject, digest (defaults to `SHA256) and list of extensions.
rsa_public_of_cstruct [X509.Encoding]
rsa_public_of_cstruct buffer is pubkey, the public key of the ASN.1 encoded buffer.
rsa_public_to_cstruct [X509.Encoding]
rsa_public_to_cstruct pk is buffer, the ASN.1 encoding of the given public key.

S
serial [X509]
serial certificate is sn, the serial number of the certificate.
server_cert_fingerprint [X509.Authenticator]
server_cert_fingerprint ~time hash fingerprints is an authenticator which uses the given time and list of fingerprints to verify the first element of the certificate chain, using X509.Validation.trust_cert_fingerprint.
server_key_fingerprint [X509.Authenticator]
server_key_fingerprint ~time hash fingerprints is an authenticator which uses the given time and list of fingerprints to verify that the fingerprint of the first element of the certificate chain matches the given fingerprint, using X509.Validation.trust_key_fingerprint.
sexp_of_a [X509.Authenticator]
sexp_of_a authenticator is sexp, the marshalled authenticator.
sexp_of_ca_error [X509.Validation]
sexp_of_ca_error ca_error is sexp, the marshalled ca_error.
sexp_of_chain_error [X509.Validation]
sexp_of_chain_error chain_error is sexp, the marshalled chain_error.
sexp_of_t [X509]
sexp_of_t certificate is sexp, the marshalled certificate.
sexp_of_validation_error [X509.Validation]
sexp_of_validation_error validation_error is sexp, the marshalled validation_error.
sign [X509.CA]
sign signing_request ~digest ~valid_from ~valid_until ~serial ~extensions private issuer creates certificate, a signed certificate.
subject [X509]
subject certificate is dn, the subject as dn of the certificate.
supports_extended_usage [X509.Extension]
supports_extended_usage ~not_present certificate extended_key_usage is result, whether the certificate supports the given extended_key_usage (defaults to ~not_present if the certificate does not contain an extendedKeyUsage extension.
supports_hostname [X509]
supports_hostname certificate host is result, whether the certificate contains the given host, using X509.hostnames.
supports_keytype [X509]
supports_keytype certificate key_type is result, whether public key of the certificate matches the given key_type.
supports_usage [X509.Extension]
supports_usage ~not_present certificate key_usage is result, whether the certificate supports the given key_usage (defaults to ~not_present if the certificate does not contain a keyUsage extension).

T
t_of_sexp [X509]
t_of_sexp sexp is certificate, the unmarshalled sexp.
to_pem_cstruct [X509.Encoding.Pem.Private_key]
to_pem_cstruct private_keys is pem, the pem encoded private keys.
to_pem_cstruct [X509.Encoding.Pem.Public_key]
to_pem_cstruct public_keys is pem, the pem encoded public keys.
to_pem_cstruct [X509.Encoding.Pem.Certificate_signing_request]
to_pem_cstruct signing_requests is pem, the pem encoded signing requests.
to_pem_cstruct [X509.Encoding.Pem.Certificate]
to_pem_cstruct certificates is pem, the pem encoded certificates.
to_pem_cstruct1 [X509.Encoding.Pem.Private_key]
to_pem_cstruct1 private_key is pem, the pem encoded private key.
to_pem_cstruct1 [X509.Encoding.Pem.Public_key]
to_pem_cstruct1 public_key is pem, the pem encoded public key.
to_pem_cstruct1 [X509.Encoding.Pem.Certificate_signing_request]
to_pem_cstruct1 signing_request is pem, the pem encoded signing_request.
to_pem_cstruct1 [X509.Encoding.Pem.Certificate]
to_pem_cstruct1 certificate is pem, the pem encoded certificate.
trust_cert_fingerprint [X509.Validation]
trust_cert_fingerprint ~time ~hash ~fingerprints certificates is result, the first element of certificates is verified to match the given fingerprints map (hostname to fingerprint) using X509.fingerprint.
trust_key_fingerprint [X509.Validation]
trust_key_fingerprint ~time ~hash ~fingerprints certificates is result, the first element of certificates is verified against the given fingerprints map (hostname to public key fingerprint) using X509.key_fingerprint.

V
valid_ca [X509.Validation]
valid_ca ~time certificate is result, which is `Ok if the given certificate is self-signed, it is valid at time, its extensions are not present (if X.509 version 1 certificate), or are appropriate for a CA (BasicConstraints is present and true, KeyUsage extension contains keyCertSign).
valid_cas [X509.Validation]
valid_cas ~time certificates is valid_certificates, only those certificates which pass the X509.Validation.valid_ca check.
validation_error_of_sexp [X509.Validation]
validation_error_of_sexp sexp is validation_error, the unmarshalled sexp.
validation_error_to_string [X509.Validation]
validation_error_to_string validation_error is string, the string representation of the validation_error.
verify_chain [X509.Validation]
verify_chain ~host ~time ~anchors chain is result, either Ok and the trust anchor used to verify the chain, or Fail and the chain error.
verify_chain_of_trust [X509.Validation]
verify_chain_of_trust ~host ~time ~anchors certificates is result.