package x509

  1. Overview
  2. Docs

X509v3 certificate

val decode_pkcs1_digest_info : Cstruct.t -> (Nocrypto.Hash.hash * Cstruct.t, [> Rresult.R.msg ]) Rresult.result

decode_pkcs1_digest_info buffer is hash, signature, the hash and raw signature of the given buffer in ASN.1 DER encoding, or an error.

val encode_pkcs1_digest_info : (Nocrypto.Hash.hash * Cstruct.t) -> Cstruct.t

encode_pkcs1_digest_info (hash, signature) is data, the ASN.1 DER encoded hash and signature.

Abstract certificate type

type t

The abstract type of a certificate.

val pp : t Fmt.t

pp ppf cert pretty-prints the certificate.

Encoding and decoding in ASN.1 DER and PEM format

val decode_der : Cstruct.t -> (t, [> Rresult.R.msg ]) Rresult.result

decode_der cstruct is certificate, the ASN.1 decoded certificate or an error.

val encode_der : t -> Cstruct.t

encode_der certificate is cstruct, the ASN.1 encoded representation of the certificate.

val decode_pem_multiple : Cstruct.t -> (t list, [> Rresult.R.msg ]) Rresult.result

decode_pem_multiple pem is t list, where all certificates of the pem are extracted

val decode_pem : Cstruct.t -> (t, [> Rresult.R.msg ]) Rresult.result

decode_pem pem is t, where the single certificate of the pem is extracted

val encode_pem_multiple : t list -> Cstruct.t

encode_pem_multiple certificates is pem, the pem encoded certificates.

val encode_pem : t -> Cstruct.t

encode_pem certificate is pem, the pem encoded certificate.

Operations on certificates

type key_type = [
  1. | `RSA
  2. | `EC of Asn.oid
]

The polymorphic variant of public key types.

val supports_keytype : t -> key_type -> bool

supports_keytype certificate key_type is result, whether public key of the certificate matches the given key_type.

val public_key : t -> Public_key.t

public_key certificate is pk, the public key of the certificate.

val hostnames : t -> Domain_name.Set.t

hostnames certficate are hostnames, the list of hostnames this certificate is valid for. Currently, these are the DNS names of the Subject Alternative Name extension, if present, or otherwise the singleton list containing the common name.

type host = [ `Strict | `Wildcard ] * [ `host ] Domain_name.t

The polymorphic variant for hostname validation.

val supports_hostname : t -> host -> bool

supports_hostname certificate host is result, whether the certificate contains the given host, using hostnames.

val fingerprint : Nocrypto.Hash.hash -> t -> Cstruct.t

fingerprint hash cert is digest, the digest of cert using the specified hash algorithm

val subject : t -> Distinguished_name.t

subject certificate is dn, the subject as dn of the certificate.

val issuer : t -> Distinguished_name.t

issuer certificate is dn, the issuer as dn of the certificate.

val serial : t -> Z.t

serial certificate is sn, the serial number of the certificate.

val validity : t -> Ptime.t * Ptime.t

validity certificate is from, until, the validity of the certificate.

val extensions : t -> Extension.t

extensions certificate is the extension map of certificate.