Library
Module
Module type
Parameter
Class
Class type
X.509v3 extensions
type key_usage = [
| `Digital_signature
| `Content_commitment
| `Key_encipherment
| `Data_encipherment
| `Key_agreement
| `Key_cert_sign
| `CRL_sign
| `Encipher_only
| `Decipher_only
]
The polymorphic variant of key usages.
supports_usage ~not_present certificate key_usage
is result
, whether the certificate
supports the given key_usage
(defaults to ~not_present
if the certificate does not contain a keyUsage extension).
type extended_key_usage = [
| `Any
| `Server_auth
| `Client_auth
| `Code_signing
| `Email_protection
| `Ipsec_end
| `Ipsec_tunnel
| `Ipsec_user
| `Time_stamping
| `Ocsp_signing
| `Other of Asn.oid
]
The polymorphic variant of extended key usages.
val supports_extended_usage :
?not_present:bool ->
t ->
extended_key_usage ->
bool
supports_extended_usage ~not_present certificate
extended_key_usage
is result
, whether the certificate
supports the given extended_key_usage
(defaults to ~not_present
if the certificate does not contain an extendedKeyUsage extension.
val basic_constraints : t -> (bool * int option) option
basic_constraints cert
extracts the BasicConstraints extension, if present.
type general_name = [
| `Other of Asn.oid * string
| `Rfc_822 of string
| `DNS of string
| `X400_address of unit
| `Directory of distinguished_name
| `EDI_party of string option * string
| `URI of string
| `IP of Cstruct.t
| `Registered_id of Asn.oid
]
A list of general_name
s is the value of both subjectAltName and IssuerAltName extension.
type authority_key_id = Cstruct.t option * general_name list * Z.t option
The authority key identifier, as present in the Authority Key Identifier extension.
The private key usage period, as defined in RFC 3280.
type name_constraint = (general_name * int * int option) list
Name constraints, as defined in RFC 5280.
Certificate policies, the policy extension.
unsupported cert oid
is None
if oid
is not present as extension, or Some (crit, data)
if an extension with oid
is present.
val subject_alt_names : t -> general_name list
Returns subject_alt_names
if extension if present, else []
.
type reason = [
| `Unused
| `Key_compromise
| `CA_compromise
| `Affiliation_changed
| `Superseded
| `Cessation_of_operation
| `Certificate_hold
| `Privilege_withdrawn
| `AA_compromise
]
Type of allowed revocation reasons for a given distribution point.
type distribution_point_name = [
| `Full of general_name list
| `Relative of X509_types.distinguished_name
]
Distribution point name, either a full one using general names, or a relative one using a distinguished name.
type distribution_point =
distribution_point_name option
* reason list option
* X509_types.distinguished_name option
Distribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.
val crl_distribution_points : t -> distribution_point list
Returns crl_distribution_points
if extension if present, else []
.
type reason_code = [
| `Unspecified
| `Key_compromise
| `CA_compromise
| `Affiliation_changed
| `Superseded
| `Cessation_of_operation
| `Certificate_hold
| `Remove_from_CRL
| `Privilege_withdrawn
| `AA_compromise
]
The reason of a revoked certificate.
type t = [
| `Unsupported of Asn.oid * Cstruct.t
| `Subject_alt_name of general_name list
| `Authority_key_id of authority_key_id
| `Subject_key_id of Cstruct.t
| `Issuer_alt_name of general_name list
| `Key_usage of key_usage list
| `Ext_key_usage of extended_key_usage list
| `Basic_constraints of bool * int option
| `CRL_number of int
| `Delta_CRL_indicator of int
| `Priv_key_period of priv_key_usage_period
| `Name_constraints of name_constraint * name_constraint
| `CRL_distribution_points of distribution_point list
| `Issuing_distribution_point of
distribution_point_name option
* bool
* bool
* reason list option
* bool
* bool
| `Freshest_CRL of distribution_point list
| `Reason of reason_code
| `Invalidity_date of Ptime.t
| `Certificate_issuer of general_name list
| `Policies of policy list
]
The polymorphic variant of X509v3 extensions.