package x509

  1. Overview
  2. Docs

X.509v3 extensions

X.509v3 extension

type key_usage = [
  1. | `Digital_signature
  2. | `Content_commitment
  3. | `Key_encipherment
  4. | `Data_encipherment
  5. | `Key_agreement
  6. | `Key_cert_sign
  7. | `CRL_sign
  8. | `Encipher_only
  9. | `Decipher_only
]

The polymorphic variant of key usages.

val supports_usage : ?not_present:bool -> t -> key_usage -> bool

supports_usage ~not_present certificate key_usage is result, whether the certificate supports the given key_usage (defaults to ~not_present if the certificate does not contain a keyUsage extension).

type extended_key_usage = [
  1. | `Any
  2. | `Server_auth
  3. | `Client_auth
  4. | `Code_signing
  5. | `Email_protection
  6. | `Ipsec_end
  7. | `Ipsec_tunnel
  8. | `Ipsec_user
  9. | `Time_stamping
  10. | `Ocsp_signing
  11. | `Other of Asn.oid
]

The polymorphic variant of extended key usages.

val supports_extended_usage : ?not_present:bool -> t -> extended_key_usage -> bool

supports_extended_usage ~not_present certificate extended_key_usage is result, whether the certificate supports the given extended_key_usage (defaults to ~not_present if the certificate does not contain an extendedKeyUsage extension.

val basic_constraints : t -> (bool * int option) option

basic_constraints cert extracts the BasicConstraints extension, if present.

type general_name = [
  1. | `Other of Asn.oid * string
  2. | `Rfc_822 of string
  3. | `DNS of string
  4. | `X400_address of unit
  5. | `Directory of distinguished_name
  6. | `EDI_party of string option * string
  7. | `URI of string
  8. | `IP of Cstruct.t
  9. | `Registered_id of Asn.oid
]

A list of general_names is the value of both subjectAltName and IssuerAltName extension.

type authority_key_id = Cstruct.t option * general_name list * Z.t option

The authority key identifier, as present in the Authority Key Identifier extension.

type priv_key_usage_period = [
  1. | `Interval of Ptime.t * Ptime.t
  2. | `Not_after of Ptime.t
  3. | `Not_before of Ptime.t
]

The private key usage period, as defined in RFC 3280.

type name_constraint = (general_name * int * int option) list

Name constraints, as defined in RFC 5280.

type policy = [
  1. | `Any
  2. | `Something of Asn.oid
]

Certificate policies, the policy extension.

val unsupported : t -> Asn.OID.t -> (bool * Cstruct.t) option

unsupported cert oid is None if oid is not present as extension, or Some (crit, data) if an extension with oid is present.

val subject_alt_names : t -> general_name list

Returns subject_alt_names if extension if present, else [] .

type reason = [
  1. | `Unused
  2. | `Key_compromise
  3. | `CA_compromise
  4. | `Affiliation_changed
  5. | `Superseded
  6. | `Cessation_of_operation
  7. | `Certificate_hold
  8. | `Privilege_withdrawn
  9. | `AA_compromise
]

Type of allowed revocation reasons for a given distribution point.

type distribution_point_name = [
  1. | `Full of general_name list
  2. | `Relative of X509_types.distinguished_name
]

Distribution point name, either a full one using general names, or a relative one using a distinguished name.

type distribution_point = distribution_point_name option * reason list option * X509_types.distinguished_name option

Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.

val crl_distribution_points : t -> distribution_point list

Returns crl_distribution_points if extension if present, else [] .

type reason_code = [
  1. | `Unspecified
  2. | `Key_compromise
  3. | `CA_compromise
  4. | `Affiliation_changed
  5. | `Superseded
  6. | `Cessation_of_operation
  7. | `Certificate_hold
  8. | `Remove_from_CRL
  9. | `Privilege_withdrawn
  10. | `AA_compromise
]

The reason of a revoked certificate.

type t = [
  1. | `Unsupported of Asn.oid * Cstruct.t
  2. | `Subject_alt_name of general_name list
  3. | `Authority_key_id of authority_key_id
  4. | `Subject_key_id of Cstruct.t
  5. | `Issuer_alt_name of general_name list
  6. | `Key_usage of key_usage list
  7. | `Ext_key_usage of extended_key_usage list
  8. | `Basic_constraints of bool * int option
  9. | `CRL_number of int
  10. | `Delta_CRL_indicator of int
  11. | `Priv_key_period of priv_key_usage_period
  12. | `Name_constraints of name_constraint * name_constraint
  13. | `CRL_distribution_points of distribution_point list
  14. | `Issuing_distribution_point of distribution_point_name option * bool * bool * reason list option * bool * bool
  15. | `Freshest_CRL of distribution_point list
  16. | `Reason of reason_code
  17. | `Invalidity_date of Ptime.t
  18. | `Certificate_issuer of general_name list
  19. | `Policies of policy list
]

The polymorphic variant of X509v3 extensions.

OCaml

Innovation. Community. Security.