Up

module X509

: sig

Modules for X509 (RFC5280) handling

#
module Cs : sig
#
val hex_to_cs : string -> Cstruct.t
#
val dotted_hex_to_cs : string -> Cstruct.t
end
#
module Pem : sig

A parser for PEM files

#
val parse : Cstruct.t -> (string * Cstruct.t) list

parse pem is (name * data) list, in which the pem is parsed into its components, each surrounded by BEGIN name and END name. The actual data is base64 decoded.

end
#
module Cert : sig

A parser for X509 certificates in PEM format

#
type t = Certificate.certificate

The type of a certificate

#
val of_pem_cstruct : Cstruct.t -> t list

of_pem_cstruct pem is t list, where all certificates of the pem are extracted

#
val of_pem_cstruct1 : Cstruct.t -> t

of_pem_cstruct1 pem is t, where the single certificate of the pem is extracted

end
#
module PK : sig

A parser for unencrypted private RSA keys certificates in PEM format

#
type t = Nocrypto.Rsa.priv

The private RSA key type

#
val of_pem_cstruct : Cstruct.t -> t list

of_pem_cstruct pem is t list, where all private keys of pem are extracted

#
val of_pem_cstruct1 : Cstruct.t -> t

of_pem_cstruct1 pem is t, where the private key of pem is extracted

end
#
module Authenticator : sig

The authenticator for a certificate chain

#
type t

abstract authenticator type

#
type res = [
| `Ok of Certificate.certificate
| `Fail of Certificate.certificate_failure
]

result of an authentication, either `Ok or `Fail with a reason

#
val authenticate : t -> ?host:Certificate.host -> Certificate.stack -> res

authenticate authenticator ?host stack is result, where the given authenticator verifies the certificate stack, given an optional host name.

#
val chain_of_trust : ?time:float -> Cert.t list -> t

chain_of_trust ?time trust_anchors is authenticator, which uses the given time and set of trust_anchors to verify the certificate chain. This is an implementation of the algorithm in RFC5280.

#
val server_fingerprint : ?time:float -> hash:Nocrypto.Hash.hash -> fingerprints:(string * Cstruct.t) list -> t

server_fingerprint ?time hash fingerprints is an authenticator which uses the given time to verify the certificate chain - if successful the hash of the server certificate is checked against the entry in the fingerprint list.

#
val null : t

null is authenticator, which always returns `Ok. For testing purposes only.

end
end