x509

Public Key Infrastructure (RFC 5280, PKCS) purely in OCaml
Library x509
Module X509 . Authenticator
type t = ?ip:Ipaddr.t -> host:[ `host ] Domain_name.t option -> Certificate.t list -> Validation.r

An authenticator t is a function type which takes optionally an IP address, a hostname and a certificate stack to an authentication decision Validation.r. If ip is specified, it needs to be present in the SubjectAlternativeName extension of the server certificate.

val chain_of_trust : time:( unit -> Ptime.t option ) -> ?crls:CRL.t list -> ?allowed_hashes:Mirage_crypto.Hash.hash list -> Certificate.t list -> t

chain_of_trust ~time ~crls ~allowed_hashes trust_anchors is authenticator, which uses the given time and list of trust_anchors to verify the certificate chain. All signatures must use a hash algorithm specified in allowed_hashes, defaults to SHA-2. Signatures on revocation lists crls must also use a hash algorithm in allowed_hashes. This is an implementation of the algorithm described in RFC 5280, using Validation.verify_chain_of_trust. The given trust anchors are not validated, you can filter them with Validation.valid_cas if desired.

val server_key_fingerprint : time:( unit -> Ptime.t option ) -> hash:Mirage_crypto.Hash.hash -> fingerprint:Cstruct.t -> t

server_key_fingerprint ~time hash fingerprint is an authenticator that uses the given time and fingerprint to verify that the fingerprint of the first element of the certificate chain matches the given fingerprint, using Validation.trust_key_fingerprint.

val server_cert_fingerprint : time:( unit -> Ptime.t option ) -> hash:Mirage_crypto.Hash.hash -> fingerprint:Cstruct.t -> t

server_cert_fingerprint ~time hash fingerprint is an authenticator that uses the given time and fingerprint to verify the first element of the certificate chain, using Validation.trust_cert_fingerprint. Note that public key pinning has advantages over certificate pinning.

val of_string : string -> ( ( unit -> Ptime.t option ) -> t, [> `Msg of string ] ) result

of_string str tries to parse the given str to an Authenticator.t. The format of it is:

  • none no authentication,
  • key-fp(:<hash>?):<base64-encoded fingerprint> to authenticate a peer via its key fingerprint (hash is optional and defaults to SHA256),
  • cert-fp(:<hash>?):<base64-encoded fingerprint> to authenticate a peer via its certificate fingerprint (hash is optional and defaults to SHA256),
  • trust-anchor(:<base64-encoded DER certificate>)+ to authenticate a peer from a list of certificates (certificate must be in PEM format without header and footer (----BEGIN CERTIFICATE-----) and without newlines).

If decoding is successful, the returned value expects a function which outputs the current timestamp (unit -> Ptime.t option) and is then an authenticator. If decoding fails, and error is returned.