Fix some X509 macro names

For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-20 12:19:02 +01:00
parent e75fa70b36
commit e6028c93f5
13 changed files with 143 additions and 143 deletions

View file

@ -702,15 +702,15 @@
#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
#define BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED
#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
#define BADCERT_MISSING MBEDTLS_BADCERT_MISSING
#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
#define BADCERT_OTHER MBEDTLS_BADCERT_OTHER
#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
#define BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY
#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
#define BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE
#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
@ -745,29 +745,29 @@
#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
#define EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS
#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS
#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
#define EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL
#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
#define EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME
#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
#define EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS
#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
#define EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS
#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
#define EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME
#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER
#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
#define KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT
#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
#define KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT
#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
#define KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT
#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
@ -779,13 +779,13 @@
#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA
#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA
#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
#define NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA
#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER
#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD

View file

@ -83,20 +83,20 @@
* \{
*/
/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
#define MBEDTLS_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */
#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */
#define MBEDTLS_BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define MBEDTLS_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define MBEDTLS_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
#define MBEDTLS_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
#define MBEDTLS_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
#define MBEDTLS_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
#define MBEDTLS_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
/* \} name */
/* \} addtogroup x509_module */
@ -105,9 +105,9 @@
*/
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
#define MBEDTLS_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define MBEDTLS_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define MBEDTLS_KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
@ -117,13 +117,13 @@
*/
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define MBEDTLS_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
#define MBEDTLS_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define MBEDTLS_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
/*
* X.509 extension types
@ -132,20 +132,20 @@
* different for writing certificates or reading CRLs or CSRs.
*/
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) /* Parsed but not used */
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
#define MBEDTLS_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
#define MBEDTLS_EXT_ISSUER_ALT_NAME (1 << 6)
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define MBEDTLS_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
#define MBEDTLS_EXT_NAME_CONSTRAINTS (1 << 9)
#define MBEDTLS_EXT_POLICY_CONSTRAINTS (1 << 10)
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */
#define MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_EXT_FRESHEST_CRL (1 << 14)
#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */

View file

@ -279,7 +279,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
* \brief Check usage of certificate against keyUsage extension.
*
* \param crt Leaf certificate used.
* \param usage Intended usage(s) (eg MBEDTLS_KU_KEY_ENCIPHERMENT before using the
* \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the
* certificate to perform an RSA key exchange).
*
* \return 0 is these uses of the certificate are allowed,

View file

@ -261,7 +261,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
{
{
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
MBEDTLS_EXT_BASIC_CONSTRAINTS,
MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
},
{
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
@ -273,7 +273,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
MBEDTLS_EXT_SUBJECT_ALT_NAME,
MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
},
{
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },

View file

@ -3852,7 +3852,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) )
{
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_SKIP_VERIFY;
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
ssl->state++;
return( 0 );
@ -3882,7 +3882,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING;
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
return( 0 );
else
@ -3903,7 +3903,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING;
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
else
@ -6817,7 +6817,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
usage = MBEDTLS_KU_KEY_ENCIPHERMENT;
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
break;
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@ -6828,7 +6828,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
usage = MBEDTLS_KU_KEY_AGREEMENT;
usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
break;
/* Don't use default: we want warnings when adding new values */
@ -6847,7 +6847,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
{
*flags |= MBEDTLS_BADCERT_KEY_USAGE;
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
#else
@ -6868,7 +6868,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
{
*flags |= MBEDTLS_BADCERT_EXT_KEY_USAGE;
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */

View file

@ -485,7 +485,7 @@ static int x509_get_crt_ext( unsigned char **p,
switch( ext_type )
{
case MBEDTLS_EXT_BASIC_CONSTRAINTS:
case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
/* Parse basic constraints */
if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
&crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
@ -506,7 +506,7 @@ static int x509_get_crt_ext( unsigned char **p,
return( ret );
break;
case MBEDTLS_EXT_SUBJECT_ALT_NAME:
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
/* Parse subject alt name */
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
&crt->subject_alt_names ) ) != 0 )
@ -1182,13 +1182,13 @@ static int x509_info_cert_type( char **buf, size_t *size,
const char *sep = "";
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_CA, "SSL CA" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
*size = n;
*buf = p;
@ -1210,9 +1210,9 @@ static int x509_info_key_usage( char **buf, size_t *size,
KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
KEY_USAGE( MBEDTLS_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
KEY_USAGE( MBEDTLS_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
KEY_USAGE( MBEDTLS_KU_KEY_AGREEMENT, "Key Agreement" );
KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
@ -1323,7 +1323,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
* Optional extensions
*/
if( crt->ext_types & MBEDTLS_EXT_BASIC_CONSTRAINTS )
if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
{
ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
crt->ca_istrue ? "true" : "false" );
@ -1336,7 +1336,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
}
}
if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME )
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
SAFE_SNPRINTF();
@ -1386,20 +1386,20 @@ struct x509_crt_verify_string {
};
static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
{ MBEDTLS_BADCERT_EXPIRED, "The certificate validity has expired" },
{ MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
{ MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
{ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
{ MBEDTLS_BADCERT_MISSING, "Certificate was missing" },
{ MBEDTLS_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
{ MBEDTLS_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
{ MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
{ MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
{ MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
{ MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
{ MBEDTLS_BADCRL_FUTURE, "The CRL is from the future" },
{ MBEDTLS_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
{ MBEDTLS_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
{ MBEDTLS_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
{ MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
{ MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
{ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
{ MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
{ 0, NULL }
};
@ -1568,7 +1568,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
flags |= MBEDTLS_X509_BADCRL_EXPIRED;
if( mbedtls_x509_time_future( &crl_list->this_update ) )
flags |= MBEDTLS_BADCRL_FUTURE;
flags |= MBEDTLS_X509_BADCRL_FUTURE;
/*
* Check if certificate is revoked
@ -1773,7 +1773,7 @@ static int x509_crt_verify_top(
const mbedtls_md_info_t *md_info;
if( mbedtls_x509_time_expired( &child->valid_to ) )
*flags |= MBEDTLS_BADCERT_EXPIRED;
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
@ -1848,7 +1848,7 @@ static int x509_crt_verify_top(
#endif
if( mbedtls_x509_time_expired( &trust_ca->valid_to ) )
ca_flags |= MBEDTLS_BADCERT_EXPIRED;
ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &trust_ca->valid_from ) )
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
@ -1895,7 +1895,7 @@ static int x509_crt_verify_child(
}
if( mbedtls_x509_time_expired( &child->valid_to ) )
*flags |= MBEDTLS_BADCERT_EXPIRED;
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
@ -1985,7 +1985,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
name = &crt->subject;
cn_len = strlen( cn );
if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME )
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
cur = &crt->subject_alt_names;

View file

@ -213,7 +213,7 @@ int main( int argc, char *argv[] )
{
mbedtls_printf( " failed\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
if( ( ret & MBEDTLS_X509_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )

View file

@ -200,11 +200,11 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "non_repudiation" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
else if( strcmp( q, "key_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT;
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
else if( strcmp( q, "data_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT;
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
else if( strcmp( q, "key_agreement" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT;
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
else if( strcmp( q, "key_cert_sign" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
else if( strcmp( q, "crl_sign" ) == 0 )
@ -225,17 +225,17 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ssl_client" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
else if( strcmp( q, "ssl_server" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
else if( strcmp( q, "email" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
else if( strcmp( q, "object_signing" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
else if( strcmp( q, "ssl_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
else if( strcmp( q, "email_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
else if( strcmp( q, "object_signing_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else
goto usage;

View file

@ -316,11 +316,11 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "non_repudiation" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
else if( strcmp( q, "key_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT;
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
else if( strcmp( q, "data_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT;
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
else if( strcmp( q, "key_agreement" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT;
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
else if( strcmp( q, "key_cert_sign" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
else if( strcmp( q, "crl_sign" ) == 0 )
@ -341,17 +341,17 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ssl_client" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
else if( strcmp( q, "ssl_server" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
else if( strcmp( q, "email" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
else if( strcmp( q, "object_signing" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
else if( strcmp( q, "ssl_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
else if( strcmp( q, "email_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
else if( strcmp( q, "object_signing_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA;
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else
goto usage;

View file

@ -21,18 +21,18 @@ ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED
BADCERT_EXT_KEY_USAGE MBEDTLS_BADCERT_EXT_KEY_USAGE
BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
BADCERT_EXT_KEY_USAGE MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
BADCERT_KEY_USAGE MBEDTLS_BADCERT_KEY_USAGE
BADCERT_MISSING MBEDTLS_BADCERT_MISSING
BADCERT_KEY_USAGE MBEDTLS_X509_BADCERT_KEY_USAGE
BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
BADCERT_NS_CERT_TYPE MBEDTLS_BADCERT_NS_CERT_TYPE
BADCERT_OTHER MBEDTLS_BADCERT_OTHER
BADCERT_NS_CERT_TYPE MBEDTLS_X509_BADCERT_NS_CERT_TYPE
BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY
BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE
BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
@ -67,29 +67,29 @@ ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS
EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS
EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL
EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME
EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS
EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS
EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME
EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER
EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
GCM_DECRYPT MBEDTLS_GCM_DECRYPT
GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT
KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT
KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT
KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
@ -101,13 +101,13 @@ MPI_CHK MBEDTLS_MPI_CHK
NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA
NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA
NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA
NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER
NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD

View file

@ -266,43 +266,43 @@ X509 Verify Information: empty
x509_verify_info:0:"":""
X509 Verify Information: one issue
x509_verify_info:MBEDTLS_BADCERT_MISSING:"":"Certificate was missing\n"
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
X509 Verify Information: two issues
x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
X509 Verify Information: two issues, one unknown
x509_verify_info:MBEDTLS_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
X509 Verify Information: empty, with prefix
x509_verify_info:0:" ! ":""
X509 Verify Information: one issue, with prefix
x509_verify_info:MBEDTLS_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
X509 Verify Information: two issues, with prefix
x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
X509 Verify Information: empty
x509_verify_info:0:"":""
X509 Verify Information: one issue
x509_verify_info:BADCERT_MISSING:"":"Certificate was missing\n"
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
X509 Verify Information: two issues
x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
X509 Verify Information: two issues, one unknown
x509_verify_info:BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
X509 Verify Information: empty, with prefix
x509_verify_info:0:" ! ":""
X509 Verify Information: one issue, with prefix
x509_verify_info:BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
X509 Verify Information: two issues, with prefix
x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
X509 Get Distinguished Name #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
@ -374,7 +374,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL"
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -382,7 +382,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #2a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL"
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -390,7 +390,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #4 (Valid Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -398,7 +398,7 @@ x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #4a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCRL_FUTURE:"NULL"
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #5 (Revoked Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -418,7 +418,7 @@ x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-e
X509 Certificate verification #8a (Expired Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_EXPIRED:"NULL"
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
X509 Certificate verification #8b (Future Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
@ -462,7 +462,7 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr
X509 Certificate verification #19 (Valid Cert, denying callback)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_OTHER:"verify_none"
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none"
X509 Certificate verification #19 (Not trusted Cert, allowing callback)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -706,7 +706,7 @@ x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/
X509 Certificate verification #79 (multiple CRLs, revoked by future)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_BADCRL_FUTURE:"NULL"
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
@ -1122,7 +1122,7 @@ X509 OID numstring #5 (arithmetic overflow)
x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
X509 crt keyUsage #1 (no extension, expected KU)
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
X509 crt keyUsage #2 (no extension, surprising KU)
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0
@ -1137,13 +1137,13 @@ X509 crt keyUsage #5 (extension present, single KU absent)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt keyUsage #6 (extension present, combined KU present)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
X509 crt keyUsage #7 (extension present, combined KU both absent)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt keyUsage #8 (extension present, combined KU one absent)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_KU_KEY_ENCIPHERMENT|MBEDTLS_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt extendedKeyUsage #1 (no extension, serverAuth)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED

View file

@ -11,7 +11,7 @@ int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, int *
((void) data);
((void) crt);
((void) certificate_depth);
*flags |= MBEDTLS_BADCERT_OTHER;
*flags |= MBEDTLS_X509_BADCERT_OTHER;
return 0;
}

View file

@ -28,15 +28,15 @@ x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_
Certificate Request check Server1 key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
Certificate Request check Server1 ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
Certificate Request check Server1 key_usage + ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:MBEDTLS_NS_CERT_TYPE_SSL_SERVER
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
Certificate Request check Server5 ECDSA, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
@ -48,11 +48,11 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C