package x509

  1. Overview
  2. Docs
On This Page
  1. X.509v3 extension

X.509v3 extensions

X.509v3 extension

type key_usage = [
  1. | `Digital_signature
  2. | `Content_commitment
  3. | `Key_encipherment
  4. | `Data_encipherment
  5. | `Key_agreement
  6. | `Key_cert_sign
  7. | `CRL_sign
  8. | `Encipher_only
  9. | `Decipher_only
]

The polymorphic variant of key usages.

val supports_usage : ?not_present:bool -> t -> key_usage -> bool

supports_usage ~not_present certificate key_usage is result, whether the certificate supports the given key_usage (defaults to ~not_present if the certificate does not contain a keyUsage extension).

type extended_key_usage = [
  1. | `Any
  2. | `Server_auth
  3. | `Client_auth
  4. | `Code_signing
  5. | `Email_protection
  6. | `Ipsec_end
  7. | `Ipsec_tunnel
  8. | `Ipsec_user
  9. | `Time_stamping
  10. | `Ocsp_signing
  11. | `Other of Asn.OID.t
]

The polymorphic variant of extended key usages.

val supports_extended_usage : ?not_present:bool -> t -> extended_key_usage -> bool

supports_extended_usage ~not_present certificate extended_key_usage is result, whether the certificate supports the given extended_key_usage (defaults to ~not_present if the certificate does not contain an extendedKeyUsage extension.

type general_name = [
  1. | `Other of Asn.OID.t * string
  2. | `Rfc_822 of string
  3. | `DNS of string
  4. | `X400_address of unit
  5. | `Directory of distinguished_name
  6. | `EDI_party of string option * string
  7. | `URI of string
  8. | `IP of Cstruct.t
  9. | `Registered_id of Asn.OID.t
]

A list of general_names is the value of both subjectAltName and IssuerAltName extension.

type authority_key_id = Cstruct.t option * general_name list * Z.t option

The authority key identifier, as present in the Authority Key Identifier extension.

type priv_key_usage_period = [
  1. | `Interval of Asn.Time.t * Asn.Time.t
  2. | `Not_after of Asn.Time.t
  3. | `Not_before of Asn.Time.t
]

The private key usage period, as defined in RFC 3280.

type name_constraint = (general_name * int * int option) list

Name constraints, as defined in RFC 5280.

type policy = [
  1. | `Any
  2. | `Something of Asn.OID.t
]

Certificate policies, the policy extension.

type t = [
  1. | `Unsupported of Asn.OID.t * Cstruct.t
  2. | `Subject_alt_name of general_name list
  3. | `Authority_key_id of authority_key_id
  4. | `Subject_key_id of Cstruct.t
  5. | `Issuer_alt_name of general_name list
  6. | `Key_usage of key_usage list
  7. | `Ext_key_usage of extended_key_usage list
  8. | `Basic_constraints of bool * int option
  9. | `Priv_key_period of priv_key_usage_period
  10. | `Name_constraints of name_constraint * name_constraint
  11. | `Policies of policy list
]

The polymorphic variant of X509v3 extensions.