My Project
|
Functions | |
WOLFSSL_CERT_MANAGER * | wolfSSL_CertManagerNew_ex (void *heap) |
Allocates and initializes a new Certificate Manager context. This context may be used independent of SSL needs. It may be used to load certificates, verify certificates, and check the revocation status. More... | |
WOLFSSL_CERT_MANAGER * | wolfSSL_CertManagerNew (void) |
Allocates and initializes a new Certificate Manager context. This context may be used independent of SSL needs. It may be used to load certificates, verify certificates, and check the revocation status. More... | |
void | wolfSSL_CertManagerFree (WOLFSSL_CERT_MANAGER *) |
Frees all resources associated with the Certificate Manager context. Call this when you no longer need to use the Certificate Manager. More... | |
int | wolfSSL_CertManagerLoadCA (WOLFSSL_CERT_MANAGER *cm, const char *f, const char *d) |
Specifies the locations for CA certificate loading into the manager context. The PEM certificate CAfile may contain several trusted CA certificates. If CApath is not NULL it specifies a directory containing CA certificates in PEM format. More... | |
int | wolfSSL_CertManagerLoadCABuffer (WOLFSSL_CERT_MANAGER *cm, const unsigned char *in, long sz, int format) |
Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and returning that result using a temporary cm so as not to lose the information in the cm passed into the function. More... | |
int | wolfSSL_CertManagerUnloadCAs (WOLFSSL_CERT_MANAGER *cm) |
This function unloads the CA signer list. More... | |
int | wolfSSL_CertManagerUnloadIntermediateCerts (WOLFSSL_CERT_MANAGER *cm) |
This function unloads intermediate certificates add to the CA signer list. More... | |
int | wolfSSL_CertManagerUnload_trust_peers (WOLFSSL_CERT_MANAGER *cm) |
The function will free the Trusted Peer linked list and unlocks the trusted peer list. More... | |
int | wolfSSL_CertManagerVerify (WOLFSSL_CERT_MANAGER *cm, const char *f, int format) |
Specifies the certificate to verify with the Certificate Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1. More... | |
int | wolfSSL_CertManagerVerifyBuffer (WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format) |
Specifies the certificate buffer to verify with the Certificate Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1. More... | |
void | wolfSSL_CertManagerSetVerify (WOLFSSL_CERT_MANAGER *cm, VerifyCallback vc) |
The function sets the verifyCallback function in the Certificate Manager. If present, it will be called for each cert loaded. If there is a verification error, the verify callback can be used to over-ride the error. More... | |
int | wolfSSL_CertManagerEnableCRL (WOLFSSL_CERT_MANAGER *cm, int options) |
Turns on Certificate Revocation List checking when verifying certificates with the Certificate Manager. By default, CRL checking is off. options include WOLFSSL_CRL_CHECKALL which performs CRL checking on each certificate in the chain versus the Leaf certificate only which is the default. More... | |
int | wolfSSL_CertManagerDisableCRL (WOLFSSL_CERT_MANAGER *) |
Turns off Certificate Revocation List checking when verifying certificates with the Certificate Manager. By default, CRL checking is off. You can use this function to temporarily or permanently disable CRL checking with this Certificate Manager context that previously had CRL checking enabled. More... | |
int | wolfSSL_CertManagerLoadCRL (WOLFSSL_CERT_MANAGER *cm, const char *path, int type, int monitor) |
Error checks and passes through to LoadCRL() in order to load the cert into the CRL for revocation checking. An updated CRL can be loaded by first calling wolfSSL_CertManagerFreeCRL, then loading the new CRL. More... | |
int | wolfSSL_CertManagerLoadCRLBuffer (WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int type) |
The function loads the CRL file by calling BufferLoadCRL. More... | |
int | wolfSSL_CertManagerSetCRL_Cb (WOLFSSL_CERT_MANAGER *cm, CbMissingCRL cb) |
This function sets the CRL Certificate Manager callback. If HAVE_CRL is defined and a matching CRL record is not found then the cbMissingCRL is called (set via wolfSSL_CertManagerSetCRL_Cb). This allows you to externally retrieve the CRL and load it. More... | |
int | wolfSSL_CertManagerSetCRLUpdate_Cb (WOLFSSL_CERT_MANAGER *cm, CbUpdateCRL cb) |
This function sets the CRL Update callback. If HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same issuer and a lower CRL number exists when a CRL is added, then the CbUpdateCRL is called with the details of the existing entry and the new one replacing it. More... | |
int | wolfSSL_CertManagerGetCRLInfo (WOLFSSL_CERT_MANAGER *cm, CrlInfo *info, const byte *buff, long sz, int type) int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER *cm) |
This function yields a structure with parsed CRL information from an encoded CRL buffer. More... | |
int | wolfSSL_CertManagerCheckOCSP (WOLFSSL_CERT_MANAGER *cm, unsigned char *der, int sz) |
The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled to signify that the OCSP check option is enabled. More... | |
int | wolfSSL_CertManagerEnableOCSP (WOLFSSL_CERT_MANAGER *cm, int options) |
Turns on OCSP if it’s turned off and if compiled with the set option available. More... | |
int | wolfSSL_CertManagerDisableOCSP (WOLFSSL_CERT_MANAGER *) |
Disables OCSP certificate revocation. More... | |
int | wolfSSL_CertManagerSetOCSPOverrideURL (WOLFSSL_CERT_MANAGER *cm, const char *url) |
The function copies the url to the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure. More... | |
int | wolfSSL_CertManagerSetOCSP_Cb (WOLFSSL_CERT_MANAGER *cm, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void *ioCbCtx) |
The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER. More... | |
int | wolfSSL_CertManagerEnableOCSPStapling (WOLFSSL_CERT_MANAGER *cm) |
This function turns on OCSP stapling if it is not turned on as well as set the options. More... | |
int wolfSSL_CertManagerCheckOCSP | ( | WOLFSSL_CERT_MANAGER * | cm, |
unsigned char * | der, | ||
int | sz | ||
) |
The function enables the WOLFSSL_CERT_MANAGER’s member, ocspEnabled to signify that the OCSP check option is enabled.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
der | a byte pointer to the certificate. |
sz | an int type representing the size of the DER cert. |
Example
int wolfSSL_CertManagerDisableCRL | ( | WOLFSSL_CERT_MANAGER * | ) |
Turns off Certificate Revocation List checking when verifying certificates with the Certificate Manager. By default, CRL checking is off. You can use this function to temporarily or permanently disable CRL checking with this Certificate Manager context that previously had CRL checking enabled.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
Example
int wolfSSL_CertManagerDisableOCSP | ( | WOLFSSL_CERT_MANAGER * | ) |
Disables OCSP certificate revocation.
ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
int wolfSSL_CertManagerEnableCRL | ( | WOLFSSL_CERT_MANAGER * | cm, |
int | options | ||
) |
Turns on Certificate Revocation List checking when verifying certificates with the Certificate Manager. By default, CRL checking is off. options include WOLFSSL_CRL_CHECKALL which performs CRL checking on each certificate in the chain versus the Leaf certificate only which is the default.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
options | options to use when enabling the Certification Manager, cm. |
Example
int wolfSSL_CertManagerEnableOCSP | ( | WOLFSSL_CERT_MANAGER * | cm, |
int | options | ||
) |
Turns on OCSP if it’s turned off and if compiled with the set option available.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
options | used to set values in WOLFSSL_CERT_MANAGER struct. |
Example
int wolfSSL_CertManagerEnableOCSPStapling | ( | WOLFSSL_CERT_MANAGER * | cm | ) |
This function turns on OCSP stapling if it is not turned on as well as set the options.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, a member of the WOLFSSL_CTX structure. |
Example
void wolfSSL_CertManagerFree | ( | WOLFSSL_CERT_MANAGER * | ) |
Frees all resources associated with the Certificate Manager context. Call this when you no longer need to use the Certificate Manager.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
Example
int wolfSSL_CertManagerGetCRLInfo | ( | WOLFSSL_CERT_MANAGER * | cm, |
CrlInfo * | info, | ||
const byte * | buff, | ||
long | sz, | ||
int | type | ||
) |
This function yields a structure with parsed CRL information from an encoded CRL buffer.
cm | the WOLFSSL_CERT_MANAGER structure.. |
info | pointer to caller managed CrlInfo structure that will receive the CRL information. |
buff | input buffer containing encoded CRL. |
sz | the length in bytes of the input CRL data in buff. |
type | WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_DER |
Example
This function frees the CRL stored in the Cert Manager. An application can update the CRL by calling wolfSSL_CertManagerFreeCRL and then loading the new CRL.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
Example
int wolfSSL_CertManagerLoadCA | ( | WOLFSSL_CERT_MANAGER * | cm, |
const char * | f, | ||
const char * | d | ||
) |
Specifies the locations for CA certificate loading into the manager context. The PEM certificate CAfile may contain several trusted CA certificates. If CApath is not NULL it specifies a directory containing CA certificates in PEM format.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
file | pointer to the name of the file containing CA certificates to load. |
path | pointer to the name of a directory path containing CA c ertificates to load. The NULL pointer may be used if no certificate directory is desired. |
Example
int wolfSSL_CertManagerLoadCABuffer | ( | WOLFSSL_CERT_MANAGER * | cm, |
const unsigned char * | in, | ||
long | sz, | ||
int | format | ||
) |
Loads the CA Buffer by calling wolfSSL_CTX_load_verify_buffer and returning that result using a temporary cm so as not to lose the information in the cm passed into the function.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
in | buffer for cert information. |
sz | length of the buffer. |
format | certificate format, either PEM or DER. |
Example
int wolfSSL_CertManagerLoadCRL | ( | WOLFSSL_CERT_MANAGER * | cm, |
const char * | path, | ||
int | type, | ||
int | monitor | ||
) |
Error checks and passes through to LoadCRL() in order to load the cert into the CRL for revocation checking. An updated CRL can be loaded by first calling wolfSSL_CertManagerFreeCRL, then loading the new CRL.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
path | a constant char pointer holding the CRL path. |
type | type of certificate to be loaded. |
monitor | requests monitoring in LoadCRL(). |
Example
int wolfSSL_CertManagerLoadCRLBuffer | ( | WOLFSSL_CERT_MANAGER * | cm, |
const unsigned char * | buff, | ||
long | sz, | ||
int | type | ||
) |
The function loads the CRL file by calling BufferLoadCRL.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure. |
buff | a constant byte type and is the buffer. |
sz | a long int representing the size of the buffer. |
type | a long integer that holds the certificate type. |
Example
WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew | ( | void | ) |
Allocates and initializes a new Certificate Manager context. This context may be used independent of SSL needs. It may be used to load certificates, verify certificates, and check the revocation status.
none | No parameters. |
Example
WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex | ( | void * | heap | ) |
Allocates and initializes a new Certificate Manager context. This context may be used independent of SSL needs. It may be used to load certificates, verify certificates, and check the revocation status.
none | No parameters. |
int wolfSSL_CertManagerSetCRL_Cb | ( | WOLFSSL_CERT_MANAGER * | cm, |
CbMissingCRL | cb | ||
) |
This function sets the CRL Certificate Manager callback. If HAVE_CRL is defined and a matching CRL record is not found then the cbMissingCRL is called (set via wolfSSL_CertManagerSetCRL_Cb). This allows you to externally retrieve the CRL and load it.
cm | the WOLFSSL_CERT_MANAGER structure holding the information for the certificate. |
cb | a function pointer to (*CbMissingCRL) that is set to the cbMissingCRL member of the WOLFSSL_CERT_MANAGER. |
Example
int wolfSSL_CertManagerSetCRLUpdate_Cb | ( | WOLFSSL_CERT_MANAGER * | cm, |
CbUpdateCRL | cb | ||
) |
This function sets the CRL Update callback. If HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same issuer and a lower CRL number exists when a CRL is added, then the CbUpdateCRL is called with the details of the existing entry and the new one replacing it.
cm | the WOLFSSL_CERT_MANAGER structure holding the information for the certificate. |
cb | a function pointer to (*CbUpdateCRL) that is set to the cbUpdateCRL member of the WOLFSSL_CERT_MANAGER. Signature requirement: void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new); |
Example
int wolfSSL_CertManagerSetOCSP_Cb | ( | WOLFSSL_CERT_MANAGER * | cm, |
CbOCSPIO | ioCb, | ||
CbOCSPRespFree | respFreeCb, | ||
void * | ioCbCtx | ||
) |
The function sets the OCSP callback in the WOLFSSL_CERT_MANAGER.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure. |
ioCb | a function pointer of type CbOCSPIO. |
respFreeCb | - a function pointer of type CbOCSPRespFree. |
ioCbCtx | - a void pointer variable to the I/O callback user registered context. |
Example
int wolfSSL_CertManagerSetOCSPOverrideURL | ( | WOLFSSL_CERT_MANAGER * | cm, |
const char * | url | ||
) |
The function copies the url to the ocspOverrideURL member of the WOLFSSL_CERT_MANAGER structure.
ssl | a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
Example
void wolfSSL_CertManagerSetVerify | ( | WOLFSSL_CERT_MANAGER * | cm, |
VerifyCallback | vc | ||
) |
The function sets the verifyCallback function in the Certificate Manager. If present, it will be called for each cert loaded. If there is a verification error, the verify callback can be used to over-ride the error.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
vc | a VerifyCallback function pointer to the callback routine |
Example
int wolfSSL_CertManagerUnload_trust_peers | ( | WOLFSSL_CERT_MANAGER * | cm | ) |
The function will free the Trusted Peer linked list and unlocks the trusted peer list.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
Example
int wolfSSL_CertManagerUnloadCAs | ( | WOLFSSL_CERT_MANAGER * | cm | ) |
This function unloads the CA signer list.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
Example
int wolfSSL_CertManagerUnloadIntermediateCerts | ( | WOLFSSL_CERT_MANAGER * | cm | ) |
This function unloads intermediate certificates add to the CA signer list.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
Example
int wolfSSL_CertManagerVerify | ( | WOLFSSL_CERT_MANAGER * | cm, |
const char * | f, | ||
int | format | ||
) |
Specifies the certificate to verify with the Certificate Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
fname | pointer to the name of the file containing the certificates to verify. |
format | format of the certificate to verify - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example
int wolfSSL_CertManagerVerifyBuffer | ( | WOLFSSL_CERT_MANAGER * | cm, |
const unsigned char * | buff, | ||
long | sz, | ||
int | format | ||
) |
Specifies the certificate buffer to verify with the Certificate Manager context. The format can be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1.
cm | a pointer to a WOLFSSL_CERT_MANAGER structure, created using wolfSSL_CertManagerNew(). |
buff | buffer containing the certificates to verify. |
sz | size of the buffer, buf. |
format | format of the certificate to verify, located in buf - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. |
Example