On This Page
Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
package x509
X.509v3 extensions
X.509v3 extension
type key_usage = [ | `Digital_signature| `Content_commitment| `Key_encipherment| `Data_encipherment| `Key_agreement| `Key_cert_sign| `CRL_sign| `Encipher_only| `Decipher_only
]The polymorphic variant of key usages.
supports_usage ~not_present certificate key_usage is result, whether the certificate supports the given key_usage (defaults to ~not_present if the certificate does not contain a keyUsage extension).
type extended_key_usage = [ | `Any| `Server_auth| `Client_auth| `Code_signing| `Email_protection| `Ipsec_end| `Ipsec_tunnel| `Ipsec_user| `Time_stamping| `Ocsp_signing| `Other of Asn.oid
]The polymorphic variant of extended key usages.
val supports_extended_usage :
?not_present:bool ->
t ->
extended_key_usage ->
boolsupports_extended_usage ~not_present certificate
extended_key_usage is result, whether the certificate supports the given extended_key_usage (defaults to ~not_present if the certificate does not contain an extendedKeyUsage extension.
val basic_constraints : t -> (bool * int option) optionbasic_constraints cert extracts the BasicConstraints extension, if present.
type general_name = [ | `Other of Asn.oid * string| `Rfc_822 of string| `DNS of string| `X400_address of unit| `Directory of distinguished_name| `EDI_party of string option * string| `URI of string| `IP of Cstruct.t| `Registered_id of Asn.oid
]A list of general_names is the value of both subjectAltName and IssuerAltName extension.
type authority_key_id = Cstruct.t option * general_name list * Z.t optionThe authority key identifier, as present in the Authority Key Identifier extension.
The private key usage period, as defined in RFC 3280.
type name_constraint = (general_name * int * int option) listName constraints, as defined in RFC 5280.
Certificate policies, the policy extension.
val unsupported : t -> Asn.OID.t -> (bool * Cstruct.t) optionunsupported cert oid is None if oid is not present as extension, or Some (crit, data) if an extension with oid is present.
val subject_alt_names : t -> general_name listReturns subject_alt_names if extension if present, else [] .
type reason = [ | `Unused| `Key_compromise| `CA_compromise| `Affiliation_changed| `Superseded| `Cessation_of_operation| `Certificate_hold| `Privilege_withdrawn| `AA_compromise
]Type of allowed revocation reasons for a given distribution point.
Distribution point name, either a full one using general names, or a relative one using a distinguished name.
type distribution_point =
distribution_point_name option
* reason list option
* distinguished_name optionDistribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.
val crl_distribution_points : t -> distribution_point listReturns crl_distribution_points if extension if present, else [] .
type reason_code = [ | `Unspecified| `Key_compromise| `CA_compromise| `Affiliation_changed| `Superseded| `Cessation_of_operation| `Certificate_hold| `Remove_from_CRL| `Privilege_withdrawn| `AA_compromise
]The reason of a revoked certificate.
type t = [ | `Unsupported of Asn.oid * Cstruct.t| `Subject_alt_name of general_name list| `Authority_key_id of authority_key_id| `Subject_key_id of Cstruct.t| `Issuer_alt_name of general_name list| `Key_usage of key_usage list| `Ext_key_usage of extended_key_usage list| `Basic_constraints of bool * int option| `CRL_number of int| `Delta_CRL_indicator of int| `Priv_key_period of priv_key_usage_period| `Name_constraints of name_constraint * name_constraint| `CRL_distribution_points of distribution_point list| `Issuing_distribution_point of distribution_point_name option * bool * bool * reason list option * bool * bool| `Freshest_CRL of distribution_point list| `Reason of reason_code| `Invalidity_date of Ptime.t| `Certificate_issuer of general_name list| `Policies of policy list
]The polymorphic variant of X509v3 extensions.
On This Page