Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/6c0ceb3f9aacdabeb475acdeae741685bb9d46bb^!/./include/polarssl/x509.h
commit
6c0ceb3f9aacdabeb475acdeae741685bb9d46bb
[log]
author
Paul Bakker <p.j.bakker@polarssl.org>
Sun Dec 04 12:24:18 2011 +0000
committer
Paul Bakker <p.j.bakker@polarssl.org>
Sun Dec 04 12:24:18 2011 +0000
tree
3225512c927b0e73ac28b4abca7e8c064e5a7be6
parent
a17bcc3033e5193213b05a9c713829689c9f7692 [diff] [blame]
 -  Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error


diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 93ef265..11f1a31 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h

@@ -58,7 +58,7 @@
 #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED               -0x2800  /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
 #define POLARSSL_ERR_X509_KEY_INVALID_VERSION              -0x2880  /**< Unsupported RSA key version */
 #define POLARSSL_ERR_X509_KEY_INVALID_FORMAT               -0x2900  /**< Invalid RSA key tag or value. */
-#define POLARSSL_ERR_X509_POINT_ERROR                      -0x2980  /**< Not used. */
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2980  /**< Format not recognized as DER or PEM. */
 #define POLARSSL_ERR_X509_VALUE_TO_LENGTH                  -0x2A00  /**< Not used. */
 /* \} name */
 
@@ -220,6 +220,17 @@
 
 #define EXT_NS_CERT_TYPE                (1 << 16)
 
+/*
+ * Storage format identifiers
+ * Recognized formats: PEM and DER
+ */
+#define X509_FORMAT_DER                 1
+#define X509_FORMAT_PEM                 2
+
+#define X509_NON_PERMISSIVE             0
+#define X509_PERMISSIVE                 1
+
+
 /** 
  * \addtogroup x509_module
  * \{ */
@@ -409,27 +420,34 @@
 /** \ingroup x509_module */
 /**
  * \brief          Parse one or more certificates and add them
- *                 to the chained list
+ *                 to the chained list. With permissive parsing enabled
+ *                 all certificates that cannot be parsed are ignored.
+ *                 If none complete correctly, the first error is returned.
  *
  * \param chain    points to the start of the chain
  * \param buf      buffer holding the certificate data
  * \param buflen   size of the buffer
+ * \param permissive    X509_PERMISSIVE or X509_NON_PERMISSIVE
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
+int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
+                   int permissive );
 
 /** \ingroup x509_module */
 /**
  * \brief          Load one or more certificates and add them
- *                 to the chained list
+ *                 to the chained list. With permissive parsing enabled
+ *                 all certificates that cannot be parsed are ignored.
+ *                 If none complete correctly, the first error is returned.
  *
  * \param chain    points to the start of the chain
  * \param path     filename to read the certificates from
+ * \param permissive    X509_PERMISSIVE or X509_NON_PERMISSIVE
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int x509parse_crtfile( x509_cert *chain, const char *path );
+int x509parse_crtfile( x509_cert *chain, const char *path, int permissive );
 
 /** \ingroup x509_module */
 /**