On This Page
Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
package x509
X.509v3 extensions
X.509v3 extension
type key_usage = [ | `Digital_signature| `Content_commitment| `Key_encipherment| `Data_encipherment| `Key_agreement| `Key_cert_sign| `CRL_sign| `Encipher_only| `Decipher_only
]The polymorphic variant of key usages.
supports_usage ~not_present certificate key_usage is result, whether the certificate supports the given key_usage (defaults to ~not_present if the certificate does not contain a keyUsage extension).
type extended_key_usage = [ | `Any| `Server_auth| `Client_auth| `Code_signing| `Email_protection| `Ipsec_end| `Ipsec_tunnel| `Ipsec_user| `Time_stamping| `Ocsp_signing| `Other of Asn.oid
]The polymorphic variant of extended key usages.
val supports_extended_usage :
?not_present:bool ->
t ->
extended_key_usage ->
boolsupports_extended_usage ~not_present certificate
extended_key_usage is result, whether the certificate supports the given extended_key_usage (defaults to ~not_present if the certificate does not contain an extendedKeyUsage extension.
val basic_constraints : t -> (bool * int option) optionbasic_constraints cert extracts the BasicConstraints extension, if present.
type general_name = [ | `Other of Asn.oid * string| `Rfc_822 of string| `DNS of string| `X400_address of unit| `Directory of distinguished_name| `EDI_party of string option * string| `URI of string| `IP of Cstruct.t| `Registered_id of Asn.oid
]A list of general_names is the value of both subjectAltName and IssuerAltName extension.
type authority_key_id = Cstruct.t option * general_name list * Z.t optionThe authority key identifier, as present in the Authority Key Identifier extension.
The private key usage period, as defined in RFC 3280.
type name_constraint = (general_name * int * int option) listName constraints, as defined in RFC 5280.
Certificate policies, the policy extension.
unsupported cert oid is None if oid is not present as extension, or Some (crit, data) if an extension with oid is present.
val subject_alt_names : t -> general_name listReturns subject_alt_names if extension if present, else [] .
type reason = [ | `Unused| `Key_compromise| `CA_compromise| `Affiliation_changed| `Superseded| `Cessation_of_operation| `Certificate_hold| `Privilege_withdrawn| `AA_compromise
]Type of allowed revocation reasons for a given distribution point.
Distribution point name, either a full one using general names, or a relative one using a distinguished name.
type distribution_point =
distribution_point_name option
* reason list option
* distinguished_name optionDistribution point, consisting of an optional name, an optional list of allowed reasons, and an optional issuer.
val crl_distribution_points : t -> distribution_point listReturns crl_distribution_points if extension if present, else [] .
type reason_code = [ | `Unspecified| `Key_compromise| `CA_compromise| `Affiliation_changed| `Superseded| `Cessation_of_operation| `Certificate_hold| `Remove_from_CRL| `Privilege_withdrawn| `AA_compromise
]The reason of a revoked certificate.
type t = [ | `Unsupported of Asn.oid * Cstruct.t| `Subject_alt_name of general_name list| `Authority_key_id of authority_key_id| `Subject_key_id of Cstruct.t| `Issuer_alt_name of general_name list| `Key_usage of key_usage list| `Ext_key_usage of extended_key_usage list| `Basic_constraints of bool * int option| `CRL_number of int| `Delta_CRL_indicator of int| `Priv_key_period of priv_key_usage_period| `Name_constraints of name_constraint * name_constraint| `CRL_distribution_points of distribution_point list| `Issuing_distribution_point of distribution_point_name option * bool * bool * reason list option * bool * bool| `Freshest_CRL of distribution_point list| `Reason of reason_code| `Invalidity_date of Ptime.t| `Certificate_issuer of general_name list| `Policies of policy list
]The polymorphic variant of X509v3 extensions.
On This Page