package tls-async

  1. Overview
  2. Docs

X509v3 certificate

val decode_pkcs1_digest_info : string -> ([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] * string, [> `Msg of string ]) Stdlib.result

decode_pkcs1_digest_info buffer is hash, signature, the hash and raw signature of the given buffer in ASN.1 DER encoding, or an error.

val encode_pkcs1_digest_info : ([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] * string) -> string

encode_pkcs1_digest_info (hash, signature) is data, the ASN.1 DER encoded hash and signature.

Abstract certificate type

The abstract type of a certificate.

val pp : t Fmt.t

pp ppf cert pretty-prints the certificate.

val pp' : (Asn.oid * string) Fmt.t -> t Fmt.t

pp' pp_custom_extensions ppf cert pretty-prints the certificate using pp_custom_extensions for Extension.Unsupported _ extension.

Encoding and decoding in ASN.1 DER and PEM format

val encode_der : t -> string

encode_der certificate is octets, the ASN.1 encoded representation of the certificate.

val fold_decode_pem_multiple : ('a -> (t, [> `Msg of string ]) Stdlib.result -> 'a) -> 'a -> string -> 'a

fold_decode_pem_multiple fn acc pem is a fold of the function fn, with the initial accumulator acc, over the certificates extracted (and potential parsing errors) from the pem.

val encode_pem_multiple : t list -> string

encode_pem_multiple certificates is pem, the pem encoded certificates.

val encode_pem : t -> string

encode_pem certificate is pem, the pem encoded certificate.

Operations on certificates

val supports_keytype : t -> X509.Key_type.t -> bool

supports_keytype certificate key_type is result, whether public key of the certificate matches the given key_type.

val public_key : t -> X509.Public_key.t

public_key certificate is pk, the public key of the certificate.

val signature_algorithm : t -> (X509.Key_type.signature_scheme * Digestif.hash') option

signature_algorithm certificate is the algorithm used for the signature.

val hostnames : t -> X509.Host.Set.t

hostnames certficate is the set of domain names this certificate is valid for. Currently, these are the DNS names of the Subject Alternative Name extension, if present, or otherwise the singleton set containing the common name of the certificate subject.

val supports_hostname : t -> [ `host ] Domain_name.t -> bool

supports_hostname certificate hostname is result, whether the certificate contains the given hostname, using hostnames.

val ips : t -> Ipaddr.Set.t

ips certificate are the IP addresses the certificate is valid for (as specified in SubjectAlternativeName extensioni).

val supports_ip : t -> Ipaddr.t -> bool

supports_ip cert ip is true if the ip is mentioned in the SubjectAlternativeName extension, false otherwise.

val fingerprint : Digestif.hash' -> t -> string

fingerprint hash cert is digest, the digest of cert using the specified hash algorithm

val subject : t -> X509.Distinguished_name.t

subject certificate is dn, the subject as distinguished name of the certificate.

issuer certificate is dn, the issuer as distinguished name of the certificate.

val serial : t -> string

serial certificate is sn, the serial number of the certificate. A serial is a positive number of at most 20 octets. 0 is supported. A negative serial number is supported when decoding a certificate, but when encoding, an octet of 0 is prepended making it positive.

val validity : t -> Ptime.t * Ptime.t

validity certificate is from, until, the validity of the certificate.

val extensions : t -> X509.Extension.t

extensions certificate is the extension map of certificate.

val decode_pem_multiple : contents:string -> t list Core.Or_error.t
val decode_pem : contents:string -> t Core.Or_error.t
val decode_der : contents:string -> t Core.Or_error.t
val of_pem_file : Core.Filename.t -> t list Async.Deferred.Or_error.t
val of_pem_directory : directory:Core.Filename.t -> t list Async.Deferred.Or_error.t
OCaml

Innovation. Community. Security.