Library
Module
Module type
Parameter
Class
Class type
X509v3 certificate
val decode_pkcs1_digest_info :
string ->
([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] * string,
[> `Msg of string ])
Stdlib.result
decode_pkcs1_digest_info buffer
is hash, signature
, the hash and raw signature of the given buffer
in ASN.1 DER encoding, or an error.
val encode_pkcs1_digest_info :
([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] * string) ->
string
encode_pkcs1_digest_info (hash, signature)
is data
, the ASN.1 DER encoded hash and signature.
type t = X509.Certificate.t
The abstract type of a certificate.
val pp : t Fmt.t
pp ppf cert
pretty-prints the certificate.
val pp' : (Asn.oid * string) Fmt.t -> t Fmt.t
pp' pp_custom_extensions ppf cert
pretty-prints the certificate using pp_custom_extensions
for Extension.Unsupported _
extension.
val encode_der : t -> string
encode_der certificate
is octets
, the ASN.1 encoded representation of the certificate
.
val fold_decode_pem_multiple :
('a -> (t, [> `Msg of string ]) Stdlib.result -> 'a) ->
'a ->
string ->
'a
fold_decode_pem_multiple fn acc pem
is a fold of the function fn
, with the initial accumulator acc
, over the certificates extracted (and potential parsing errors) from the pem
.
val encode_pem_multiple : t list -> string
encode_pem_multiple certificates
is pem
, the pem encoded certificates.
val encode_pem : t -> string
encode_pem certificate
is pem
, the pem encoded certificate.
val supports_keytype : t -> X509.Key_type.t -> bool
supports_keytype certificate key_type
is result
, whether public key of the certificate
matches the given key_type
.
val public_key : t -> X509.Public_key.t
public_key certificate
is pk
, the public key of the certificate
.
val signature_algorithm :
t ->
(X509.Key_type.signature_scheme * Digestif.hash') option
signature_algorithm certificate
is the algorithm used for the signature.
val hostnames : t -> X509.Host.Set.t
hostnames certficate
is the set of domain names this certificate
is valid for. Currently, these are the DNS names of the Subject Alternative Name extension, if present, or otherwise the singleton set containing the common name of the certificate subject.
val supports_hostname : t -> [ `host ] Domain_name.t -> bool
supports_hostname certificate hostname
is result
, whether the certificate
contains the given hostname
, using hostnames
.
val ips : t -> Ipaddr.Set.t
ips certificate
are the IP addresses the certificate is valid for (as specified in SubjectAlternativeName extensioni).
val supports_ip : t -> Ipaddr.t -> bool
supports_ip cert ip
is true
if the ip
is mentioned in the SubjectAlternativeName extension, false
otherwise.
val fingerprint : Digestif.hash' -> t -> string
fingerprint hash cert
is digest
, the digest of cert
using the specified hash
algorithm
val subject : t -> X509.Distinguished_name.t
subject certificate
is dn
, the subject as distinguished name of the certificate
.
val issuer : t -> X509.Distinguished_name.t
issuer certificate
is dn
, the issuer as distinguished name of the certificate
.
val serial : t -> string
serial certificate
is sn
, the serial number of the certificate
. A serial is a positive number of at most 20 octets. 0 is supported. A negative serial number is supported when decoding a certificate, but when encoding, an octet of 0 is prepended making it positive.
val validity : t -> Ptime.t * Ptime.t
validity certificate
is from, until
, the validity of the certificate.
val extensions : t -> X509.Extension.t
extensions certificate
is the extension map of certificate
.
val decode_pem_multiple : contents:string -> t list Core.Or_error.t
val decode_pem : contents:string -> t Core.Or_error.t
val decode_der : contents:string -> t Core.Or_error.t
val of_pem_file : Core.Filename.t -> t list Async.Deferred.Or_error.t
val of_pem_directory :
directory:Core.Filename.t ->
t list Async.Deferred.Or_error.t