Fix some X509 macro names
For some reason, during the great renaming, some names that should have been prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
This commit is contained in:
parent
e75fa70b36
commit
e6028c93f5
@ -702,15 +702,15 @@
|
||||
#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
|
||||
#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
|
||||
#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
|
||||
#define BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED
|
||||
#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
|
||||
#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
|
||||
#define BADCERT_MISSING MBEDTLS_BADCERT_MISSING
|
||||
#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
|
||||
#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
|
||||
#define BADCERT_OTHER MBEDTLS_BADCERT_OTHER
|
||||
#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
|
||||
#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
|
||||
#define BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY
|
||||
#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
|
||||
#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
|
||||
#define BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE
|
||||
#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
|
||||
#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
|
||||
#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
|
||||
#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
|
||||
@ -745,29 +745,29 @@
|
||||
#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
|
||||
#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
|
||||
#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
|
||||
#define EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS
|
||||
#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
|
||||
#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
|
||||
#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS
|
||||
#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
|
||||
#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
|
||||
#define EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL
|
||||
#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
|
||||
#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
|
||||
#define EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME
|
||||
#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
|
||||
#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
|
||||
#define EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS
|
||||
#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
|
||||
#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
|
||||
#define EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS
|
||||
#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
|
||||
#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
|
||||
#define EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME
|
||||
#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
|
||||
#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
|
||||
#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER
|
||||
#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
|
||||
#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
|
||||
#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
|
||||
#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
|
||||
#define KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT
|
||||
#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
|
||||
#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
|
||||
#define KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT
|
||||
#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
|
||||
#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
|
||||
#define KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT
|
||||
#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
|
||||
#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
|
||||
#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
|
||||
#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
|
||||
@ -779,13 +779,13 @@
|
||||
#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
|
||||
#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
|
||||
#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
|
||||
#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA
|
||||
#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
|
||||
#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
|
||||
#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA
|
||||
#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
|
||||
#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
|
||||
#define NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA
|
||||
#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
|
||||
#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
|
||||
#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER
|
||||
#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
|
||||
#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
|
||||
#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
|
||||
#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
|
||||
|
@ -83,20 +83,20 @@
|
||||
* \{
|
||||
*/
|
||||
/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
|
||||
#define MBEDTLS_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
|
||||
#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
|
||||
#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
|
||||
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
|
||||
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
|
||||
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */
|
||||
#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */
|
||||
#define MBEDTLS_BADCERT_MISSING 0x40 /**< Certificate was missing. */
|
||||
#define MBEDTLS_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
|
||||
#define MBEDTLS_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
|
||||
#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */
|
||||
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
|
||||
#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
|
||||
#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
|
||||
#define MBEDTLS_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
|
||||
#define MBEDTLS_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
|
||||
#define MBEDTLS_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
|
||||
#define MBEDTLS_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
|
||||
#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
|
||||
#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
|
||||
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
|
||||
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
|
||||
/* \} name */
|
||||
/* \} addtogroup x509_module */
|
||||
|
||||
@ -105,9 +105,9 @@
|
||||
*/
|
||||
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
|
||||
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
|
||||
#define MBEDTLS_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
|
||||
#define MBEDTLS_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
|
||||
#define MBEDTLS_KU_KEY_AGREEMENT (0x08) /* bit 4 */
|
||||
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
|
||||
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
|
||||
#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
|
||||
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
|
||||
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
|
||||
|
||||
@ -117,13 +117,13 @@
|
||||
*/
|
||||
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
|
||||
#define MBEDTLS_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
|
||||
#define MBEDTLS_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
|
||||
#define MBEDTLS_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
|
||||
#define MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
|
||||
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
|
||||
|
||||
/*
|
||||
* X.509 extension types
|
||||
@ -132,20 +132,20 @@
|
||||
* different for writing certificates or reading CRLs or CSRs.
|
||||
*/
|
||||
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
|
||||
#define MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
|
||||
#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) /* Parsed but not used */
|
||||
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
|
||||
#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
|
||||
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
|
||||
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
|
||||
#define MBEDTLS_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
|
||||
#define MBEDTLS_EXT_ISSUER_ALT_NAME (1 << 6)
|
||||
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
|
||||
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
|
||||
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
|
||||
#define MBEDTLS_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
|
||||
#define MBEDTLS_EXT_NAME_CONSTRAINTS (1 << 9)
|
||||
#define MBEDTLS_EXT_POLICY_CONSTRAINTS (1 << 10)
|
||||
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */
|
||||
#define MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
|
||||
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
|
||||
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
|
||||
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
|
||||
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
|
||||
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
|
||||
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
|
||||
#define MBEDTLS_EXT_FRESHEST_CRL (1 << 14)
|
||||
#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
|
||||
|
||||
#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */
|
||||
|
||||
|
@ -279,7 +279,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
||||
* \brief Check usage of certificate against keyUsage extension.
|
||||
*
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage Intended usage(s) (eg MBEDTLS_KU_KEY_ENCIPHERMENT before using the
|
||||
* \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the
|
||||
* certificate to perform an RSA key exchange).
|
||||
*
|
||||
* \return 0 is these uses of the certificate are allowed,
|
||||
|
@ -261,7 +261,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
|
||||
{
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
|
||||
MBEDTLS_EXT_BASIC_CONSTRAINTS,
|
||||
MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
|
||||
},
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
|
||||
@ -273,7 +273,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
|
||||
},
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
|
||||
MBEDTLS_EXT_SUBJECT_ALT_NAME,
|
||||
MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
|
||||
},
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
|
||||
|
@ -3852,7 +3852,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) )
|
||||
{
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_SKIP_VERIFY;
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
@ -3882,7 +3882,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
|
||||
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING;
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
|
||||
if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
|
||||
return( 0 );
|
||||
else
|
||||
@ -3903,7 +3903,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
|
||||
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING;
|
||||
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
|
||||
if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
|
||||
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
|
||||
else
|
||||
@ -6817,7 +6817,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
|
||||
usage = MBEDTLS_KU_KEY_ENCIPHERMENT;
|
||||
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
|
||||
break;
|
||||
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
@ -6828,7 +6828,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
usage = MBEDTLS_KU_KEY_AGREEMENT;
|
||||
usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
|
||||
break;
|
||||
|
||||
/* Don't use default: we want warnings when adding new values */
|
||||
@ -6847,7 +6847,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
|
||||
if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
|
||||
{
|
||||
*flags |= MBEDTLS_BADCERT_KEY_USAGE;
|
||||
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
|
||||
ret = -1;
|
||||
}
|
||||
#else
|
||||
@ -6868,7 +6868,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
|
||||
if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
|
||||
{
|
||||
*flags |= MBEDTLS_BADCERT_EXT_KEY_USAGE;
|
||||
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
|
||||
ret = -1;
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
|
@ -485,7 +485,7 @@ static int x509_get_crt_ext( unsigned char **p,
|
||||
|
||||
switch( ext_type )
|
||||
{
|
||||
case MBEDTLS_EXT_BASIC_CONSTRAINTS:
|
||||
case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
|
||||
/* Parse basic constraints */
|
||||
if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
|
||||
&crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
|
||||
@ -506,7 +506,7 @@ static int x509_get_crt_ext( unsigned char **p,
|
||||
return( ret );
|
||||
break;
|
||||
|
||||
case MBEDTLS_EXT_SUBJECT_ALT_NAME:
|
||||
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
|
||||
/* Parse subject alt name */
|
||||
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
|
||||
&crt->subject_alt_names ) ) != 0 )
|
||||
@ -1182,13 +1182,13 @@ static int x509_info_cert_type( char **buf, size_t *size,
|
||||
const char *sep = "";
|
||||
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
|
||||
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
|
||||
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_CA, "SSL CA" );
|
||||
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
|
||||
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
|
||||
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
|
||||
|
||||
*size = n;
|
||||
*buf = p;
|
||||
@ -1210,9 +1210,9 @@ static int x509_info_key_usage( char **buf, size_t *size,
|
||||
|
||||
KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
|
||||
KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
|
||||
KEY_USAGE( MBEDTLS_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
|
||||
KEY_USAGE( MBEDTLS_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
|
||||
KEY_USAGE( MBEDTLS_KU_KEY_AGREEMENT, "Key Agreement" );
|
||||
KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
|
||||
KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
|
||||
KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
|
||||
KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
|
||||
KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
|
||||
|
||||
@ -1323,7 +1323,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
|
||||
* Optional extensions
|
||||
*/
|
||||
|
||||
if( crt->ext_types & MBEDTLS_EXT_BASIC_CONSTRAINTS )
|
||||
if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
|
||||
{
|
||||
ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
|
||||
crt->ca_istrue ? "true" : "false" );
|
||||
@ -1336,7 +1336,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
|
||||
}
|
||||
}
|
||||
|
||||
if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME )
|
||||
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
|
||||
{
|
||||
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
|
||||
SAFE_SNPRINTF();
|
||||
@ -1386,20 +1386,20 @@ struct x509_crt_verify_string {
|
||||
};
|
||||
|
||||
static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
|
||||
{ MBEDTLS_BADCERT_EXPIRED, "The certificate validity has expired" },
|
||||
{ MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
|
||||
{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
|
||||
{ MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
|
||||
{ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
|
||||
{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
|
||||
{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
|
||||
{ MBEDTLS_BADCERT_MISSING, "Certificate was missing" },
|
||||
{ MBEDTLS_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
|
||||
{ MBEDTLS_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
|
||||
{ MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
|
||||
{ MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
|
||||
{ MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
|
||||
{ MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
|
||||
{ MBEDTLS_BADCRL_FUTURE, "The CRL is from the future" },
|
||||
{ MBEDTLS_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
|
||||
{ MBEDTLS_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
|
||||
{ MBEDTLS_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
|
||||
{ MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
|
||||
{ MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
|
||||
{ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
|
||||
{ MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
@ -1568,7 +1568,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
|
||||
flags |= MBEDTLS_X509_BADCRL_EXPIRED;
|
||||
|
||||
if( mbedtls_x509_time_future( &crl_list->this_update ) )
|
||||
flags |= MBEDTLS_BADCRL_FUTURE;
|
||||
flags |= MBEDTLS_X509_BADCRL_FUTURE;
|
||||
|
||||
/*
|
||||
* Check if certificate is revoked
|
||||
@ -1773,7 +1773,7 @@ static int x509_crt_verify_top(
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
if( mbedtls_x509_time_expired( &child->valid_to ) )
|
||||
*flags |= MBEDTLS_BADCERT_EXPIRED;
|
||||
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
|
||||
|
||||
if( mbedtls_x509_time_future( &child->valid_from ) )
|
||||
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
|
||||
@ -1848,7 +1848,7 @@ static int x509_crt_verify_top(
|
||||
#endif
|
||||
|
||||
if( mbedtls_x509_time_expired( &trust_ca->valid_to ) )
|
||||
ca_flags |= MBEDTLS_BADCERT_EXPIRED;
|
||||
ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
|
||||
|
||||
if( mbedtls_x509_time_future( &trust_ca->valid_from ) )
|
||||
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
|
||||
@ -1895,7 +1895,7 @@ static int x509_crt_verify_child(
|
||||
}
|
||||
|
||||
if( mbedtls_x509_time_expired( &child->valid_to ) )
|
||||
*flags |= MBEDTLS_BADCERT_EXPIRED;
|
||||
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
|
||||
|
||||
if( mbedtls_x509_time_future( &child->valid_from ) )
|
||||
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
|
||||
@ -1985,7 +1985,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
||||
name = &crt->subject;
|
||||
cn_len = strlen( cn );
|
||||
|
||||
if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME )
|
||||
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
|
||||
{
|
||||
cur = &crt->subject_alt_names;
|
||||
|
||||
|
@ -213,7 +213,7 @@ int main( int argc, char *argv[] )
|
||||
{
|
||||
mbedtls_printf( " failed\n" );
|
||||
|
||||
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
|
||||
if( ( ret & MBEDTLS_X509_BADCERT_EXPIRED ) != 0 )
|
||||
mbedtls_printf( " ! server certificate has expired\n" );
|
||||
|
||||
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
|
||||
|
@ -200,11 +200,11 @@ int main( int argc, char *argv[] )
|
||||
else if( strcmp( q, "non_repudiation" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
|
||||
else if( strcmp( q, "key_encipherment" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT;
|
||||
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
|
||||
else if( strcmp( q, "data_encipherment" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT;
|
||||
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
|
||||
else if( strcmp( q, "key_agreement" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT;
|
||||
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
|
||||
else if( strcmp( q, "key_cert_sign" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
|
||||
else if( strcmp( q, "crl_sign" ) == 0 )
|
||||
@ -225,17 +225,17 @@ int main( int argc, char *argv[] )
|
||||
if( strcmp( q, "ssl_client" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
|
||||
else if( strcmp( q, "ssl_server" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
|
||||
else if( strcmp( q, "email" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
|
||||
else if( strcmp( q, "object_signing" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
|
||||
else if( strcmp( q, "ssl_ca" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
|
||||
else if( strcmp( q, "email_ca" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
|
||||
else if( strcmp( q, "object_signing_ca" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
else
|
||||
goto usage;
|
||||
|
||||
|
@ -316,11 +316,11 @@ int main( int argc, char *argv[] )
|
||||
else if( strcmp( q, "non_repudiation" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
|
||||
else if( strcmp( q, "key_encipherment" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT;
|
||||
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
|
||||
else if( strcmp( q, "data_encipherment" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT;
|
||||
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
|
||||
else if( strcmp( q, "key_agreement" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT;
|
||||
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
|
||||
else if( strcmp( q, "key_cert_sign" ) == 0 )
|
||||
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
|
||||
else if( strcmp( q, "crl_sign" ) == 0 )
|
||||
@ -341,17 +341,17 @@ int main( int argc, char *argv[] )
|
||||
if( strcmp( q, "ssl_client" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
|
||||
else if( strcmp( q, "ssl_server" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
|
||||
else if( strcmp( q, "email" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
|
||||
else if( strcmp( q, "object_signing" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
|
||||
else if( strcmp( q, "ssl_ca" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
|
||||
else if( strcmp( q, "email_ca" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
|
||||
else if( strcmp( q, "object_signing_ca" ) == 0 )
|
||||
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
else
|
||||
goto usage;
|
||||
|
||||
|
@ -21,18 +21,18 @@ ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
|
||||
ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
|
||||
ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
|
||||
BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
|
||||
BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED
|
||||
BADCERT_EXT_KEY_USAGE MBEDTLS_BADCERT_EXT_KEY_USAGE
|
||||
BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
|
||||
BADCERT_EXT_KEY_USAGE MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
|
||||
BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
|
||||
BADCERT_KEY_USAGE MBEDTLS_BADCERT_KEY_USAGE
|
||||
BADCERT_MISSING MBEDTLS_BADCERT_MISSING
|
||||
BADCERT_KEY_USAGE MBEDTLS_X509_BADCERT_KEY_USAGE
|
||||
BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
|
||||
BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
|
||||
BADCERT_NS_CERT_TYPE MBEDTLS_BADCERT_NS_CERT_TYPE
|
||||
BADCERT_OTHER MBEDTLS_BADCERT_OTHER
|
||||
BADCERT_NS_CERT_TYPE MBEDTLS_X509_BADCERT_NS_CERT_TYPE
|
||||
BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
|
||||
BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
|
||||
BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY
|
||||
BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
|
||||
BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
|
||||
BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE
|
||||
BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
|
||||
BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
|
||||
BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
|
||||
BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
|
||||
@ -67,29 +67,29 @@ ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
|
||||
ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
|
||||
ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
|
||||
EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
|
||||
EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS
|
||||
EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
|
||||
EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
|
||||
EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS
|
||||
EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
|
||||
EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
|
||||
EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL
|
||||
EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
|
||||
EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
|
||||
EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME
|
||||
EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
|
||||
EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
|
||||
EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS
|
||||
EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
|
||||
EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
|
||||
EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS
|
||||
EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
|
||||
EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
|
||||
EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME
|
||||
EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
|
||||
EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
|
||||
EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER
|
||||
EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
|
||||
GCM_DECRYPT MBEDTLS_GCM_DECRYPT
|
||||
GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
|
||||
KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
|
||||
KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT
|
||||
KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
|
||||
KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
|
||||
KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT
|
||||
KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
|
||||
KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
|
||||
KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT
|
||||
KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
|
||||
KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
|
||||
LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
|
||||
MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
|
||||
@ -101,13 +101,13 @@ MPI_CHK MBEDTLS_MPI_CHK
|
||||
NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
|
||||
NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
|
||||
NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
|
||||
NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA
|
||||
NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
|
||||
NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
|
||||
NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
|
||||
NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA
|
||||
NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
|
||||
NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
|
||||
NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER
|
||||
NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
|
||||
OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
|
||||
OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
|
||||
OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
|
||||
|
@ -266,43 +266,43 @@ X509 Verify Information: empty
|
||||
x509_verify_info:0:"":""
|
||||
|
||||
X509 Verify Information: one issue
|
||||
x509_verify_info:MBEDTLS_BADCERT_MISSING:"":"Certificate was missing\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
|
||||
|
||||
X509 Verify Information: two issues
|
||||
x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
|
||||
|
||||
X509 Verify Information: two issues, one unknown
|
||||
x509_verify_info:MBEDTLS_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
|
||||
|
||||
X509 Verify Information: empty, with prefix
|
||||
x509_verify_info:0:" ! ":""
|
||||
|
||||
X509 Verify Information: one issue, with prefix
|
||||
x509_verify_info:MBEDTLS_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
|
||||
|
||||
X509 Verify Information: two issues, with prefix
|
||||
x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
|
||||
|
||||
X509 Verify Information: empty
|
||||
x509_verify_info:0:"":""
|
||||
|
||||
X509 Verify Information: one issue
|
||||
x509_verify_info:BADCERT_MISSING:"":"Certificate was missing\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
|
||||
|
||||
X509 Verify Information: two issues
|
||||
x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
|
||||
|
||||
X509 Verify Information: two issues, one unknown
|
||||
x509_verify_info:BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
|
||||
|
||||
X509 Verify Information: empty, with prefix
|
||||
x509_verify_info:0:" ! ":""
|
||||
|
||||
X509 Verify Information: one issue, with prefix
|
||||
x509_verify_info:BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
|
||||
|
||||
X509 Verify Information: two issues, with prefix
|
||||
x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
|
||||
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
|
||||
|
||||
X509 Get Distinguished Name #1
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
|
||||
@ -374,7 +374,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
|
||||
|
||||
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL"
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
||||
|
||||
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
@ -382,7 +382,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
|
||||
|
||||
X509 Certificate verification #2a (Revoked Cert, Future CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL"
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
||||
|
||||
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
@ -390,7 +390,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
|
||||
|
||||
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
|
||||
|
||||
X509 Certificate verification #4 (Valid Cert, Expired CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
@ -398,7 +398,7 @@ x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_ex
|
||||
|
||||
X509 Certificate verification #4a (Revoked Cert, Future CRL)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCRL_FUTURE:"NULL"
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
||||
|
||||
X509 Certificate verification #5 (Revoked Cert)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
@ -418,7 +418,7 @@ x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-e
|
||||
|
||||
X509 Certificate verification #8a (Expired Cert)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_EXPIRED:"NULL"
|
||||
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
|
||||
|
||||
X509 Certificate verification #8b (Future Cert)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
@ -462,7 +462,7 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr
|
||||
|
||||
X509 Certificate verification #19 (Valid Cert, denying callback)
|
||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_OTHER:"verify_none"
|
||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none"
|
||||
|
||||
X509 Certificate verification #19 (Not trusted Cert, allowing callback)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
@ -706,7 +706,7 @@ x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/
|
||||
|
||||
X509 Certificate verification #79 (multiple CRLs, revoked by future)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_BADCRL_FUTURE:"NULL"
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL"
|
||||
|
||||
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||
@ -1122,7 +1122,7 @@ X509 OID numstring #5 (arithmetic overflow)
|
||||
x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
|
||||
|
||||
X509 crt keyUsage #1 (no extension, expected KU)
|
||||
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0
|
||||
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
|
||||
|
||||
X509 crt keyUsage #2 (no extension, surprising KU)
|
||||
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0
|
||||
@ -1137,13 +1137,13 @@ X509 crt keyUsage #5 (extension present, single KU absent)
|
||||
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
|
||||
|
||||
X509 crt keyUsage #6 (extension present, combined KU present)
|
||||
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0
|
||||
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
|
||||
|
||||
X509 crt keyUsage #7 (extension present, combined KU both absent)
|
||||
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
|
||||
|
||||
X509 crt keyUsage #8 (extension present, combined KU one absent)
|
||||
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_KU_KEY_ENCIPHERMENT|MBEDTLS_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
|
||||
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
|
||||
|
||||
X509 crt extendedKeyUsage #1 (no extension, serverAuth)
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
|
@ -11,7 +11,7 @@ int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, int *
|
||||
((void) data);
|
||||
((void) crt);
|
||||
((void) certificate_depth);
|
||||
*flags |= MBEDTLS_BADCERT_OTHER;
|
||||
*flags |= MBEDTLS_X509_BADCERT_OTHER;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -28,15 +28,15 @@ x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_
|
||||
|
||||
Certificate Request check Server1 key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
|
||||
|
||||
Certificate Request check Server1 ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
|
||||
|
||||
Certificate Request check Server1 key_usage + ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:MBEDTLS_NS_CERT_TYPE_SSL_SERVER
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
|
||||
|
||||
Certificate Request check Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
@ -48,11 +48,11 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1
|
||||
|
||||
Certificate write check Server1 SHA1, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
|
||||
|
||||
Certificate write check Server1 SHA1, ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
|
||||
|
||||
Certificate write check Server1 SHA1, version 1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
|
Loading…
Reference in New Issue
Block a user