Commit 7c6b2c32 authored by Paul Bakker's avatar Paul Bakker
Browse files

Split up X509 files into smaller modules

parent ace02867
......@@ -287,7 +287,7 @@
*
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS
* (NOT YET IMPLEMENTED)
* Requires: POLARSSL_RSA_C, POLARSSL_X509_PARSE_C, POLARSSL_PKCS1_V15
* Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
......@@ -307,7 +307,7 @@
*
* Enable the RSA-only based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_RSA_C, POLARSSL_X509_PARSE_C, POLARSSL_PKCS1_V15
* Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
......@@ -332,7 +332,7 @@
*
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_PARSE_C,
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
......@@ -354,7 +354,7 @@
*
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_PARSE_C,
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
......@@ -377,7 +377,7 @@
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_PARSE_C
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
......@@ -1413,34 +1413,104 @@
#define POLARSSL_VERSION_C
/**
* \def POLARSSL_X509_PARSE_C
* \def POLARSSL_X509_USE_C
*
* Enable X.509 core for using certificates
*
* Module: library/x509.c
* Caller: library/x509_crl.c
* library/x509_crt.c
* library/x509_csr.c
*
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
* POLARSSL_PK_PARSE_C
*
* This module is required for the X.509 parsing modules.
*/
#define POLARSSL_X509_USE_C
/**
* \def POLARSSL_X509_CRT_PARSE_C
*
* Enable X.509 certificate parsing.
*
* Module: library/x509parse.c
* Module: library/x509_crt.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
*
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
* POLARSSL_PK_PARSE_C
* Requires: POLARSSL_X509_USE_C
*
* This module is required for X.509 certificate parsing.
*/
#define POLARSSL_X509_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C
/**
* \def POLARSSL_X509_CRL_PARSE_C
*
* Enable X.509 CRL parsing.
*
* Module: library/x509_crl.c
* Caller: library/x509_crt.c
*
* Requires: POLARSSL_X509_USE_C
*
* This module is required for X.509 CRL parsing.
*/
#define POLARSSL_X509_CRL_PARSE_C
/**
* \def POLARSSL_X509_CSR_PARSE_C
*
* Enable X.509 Certificate Signing Request (CSR) parsing.
*
* Module: library/x509_csr.c
* Caller: library/x509_crt_write.c
*
* Requires: POLARSSL_X509_USE_C
*
* This module is used for reading X.509 certificate request.
*/
#define POLARSSL_X509_CSR_PARSE_C
/**
* \def POLARSSL_X509_WRITE_C
* \def POLARSSL_X509_CREATE_C
*
* Enable X.509 buffer writing.
* Enable X.509 core for creating certificates
*
* Module: library/x509write.c
* Module: library/x509_create.c
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
#define POLARSSL_X509_CREATE_C
/**
* \def POLARSSL_X509_CRT_WRITE_C
*
* Enable creating X.509 certificates.
*
* Module: library/x509_crt_write.c
*
* Requires: POLARSSL_CREATE_C
*
* This module is required for X.509 certificate creation.
*/
#define POLARSSL_X509_CRT_WRITE_C
/**
* \def POLARSSL_X509_CSR_WRITE_C
*
* Enable creating X.509 Certificate Signing Requests (CSR)
*
* Module: library/x509_csr_write.c
*
* Requires: POLARSSL_CREATE_C
*
* This module is required for X.509 certificate request writing.
*/
#define POLARSSL_X509_WRITE_C
#define POLARSSL_X509_CSR_WRITE_C
/**
* \def POLARSSL_XTEA_C
......@@ -1566,30 +1636,30 @@
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_PARSE_C) )
!defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) || \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) || \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
......@@ -1668,16 +1738,36 @@
#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_PARSE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_PK_PARSE_C) )
#error "POLARSSL_X509_PARSE_C defined, but not all prerequisites"
#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_WRITE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_WRITE_C defined, but not all prerequisites"
#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
#endif /* config.h */
......@@ -54,7 +54,7 @@
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
#endif
......@@ -99,7 +99,7 @@ void debug_print_ecp( const ssl_context *ssl, int level,
const char *text, const ecp_point *X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt );
......
......@@ -39,7 +39,7 @@
#include "md.h"
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
#include "x509.h"
#endif
......@@ -337,7 +337,7 @@ typedef struct {
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
/**
* \brief Translate an X.509 extension OID into local values
*
......
......@@ -54,8 +54,12 @@
#include "aes.h"
#endif
#if defined(POLARSSL_X509_PARSE_C)
#include "x509.h"
#if defined(POLARSSL_X509_CRT_PARSE_C)
#include "x509_crt.h"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h"
#endif
#if defined(POLARSSL_DHM_C)
......@@ -406,9 +410,9 @@ struct _ssl_session
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_cert *peer_cert; /*!< peer X.509 cert chain */
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
int verify_result; /*!< verification result */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
......@@ -579,7 +583,7 @@ struct _ssl_context
void *p_sni; /*!< context for SNI extension */
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
int (*f_vrfy)(void *, x509_cert *, int, int *);
void *p_vrfy; /*!< context for verification */
#endif
......@@ -642,12 +646,14 @@ struct _ssl_context
pk_context *pk_key; /*!< own private key */
int pk_key_own_alloc; /*!< did we allocate pk_key? */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_X509_CRL_PARSE_C)
x509_crl *ca_crl; /*!< trusted CA CRLs */
#endif /* POLARSSL_X509_CRL_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/*
......@@ -806,7 +812,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
*/
void ssl_set_authmode( ssl_context *ssl, int authmode );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* \brief Set the verification callback (Optional).
*
......@@ -821,7 +827,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode );
void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy );
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
/**
* \brief Set the random number generator callback
......@@ -941,7 +947,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
const int *ciphersuites,
int major, int minor );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* \brief Set the data required to verify peer certificate
*
......@@ -1011,7 +1017,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/**
......@@ -1272,7 +1278,7 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
*/
const char *ssl_get_version( const ssl_context *ssl );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* \brief Return the peer certificate from the current connection
*
......@@ -1288,7 +1294,7 @@ const char *ssl_get_version( const ssl_context *ssl );
* \return the current peer certificate
*/
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
/**
* \brief Save session in order to resume it later (client-side only)
......
......@@ -50,7 +50,7 @@ struct _ssl_cache_entry
time_t timestamp; /*!< entry timestamp */
#endif
ssl_session session; /*!< entry session */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_buf peer_cert; /*!< entry peer_cert */
#endif
ssl_cache_entry *next; /*!< chain pointer */
......
/**
* \file x509.h
*
* \brief X.509 certificate and private key decoding
* \brief X.509 generic defines and structures
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
......@@ -30,16 +30,18 @@
#include "config.h"
#include "asn1.h"
#include "dhm.h"
#include "md.h"
#include "pk.h"
/**
#if defined(POLARSSL_RSA_C)
#include "rsa.h"
#endif
/**
* \addtogroup x509_module
* \{
* \{
*/
/**
/**
* \name X509 Error codes
* \{
*/
......@@ -61,6 +63,9 @@
#define POLARSSL_ERR_X509_INVALID_INPUT -0x2800 /**< Input invalid. */
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
#define POLARSSL_ERR_X509WRITE_UNKNOWN_OID -0x5F80 /**< Requested OID is unknown. */
#define POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA -0x5F00 /**< Failed to allocate memory. */
#define POLARSSL_ERR_X509WRITE_MALLOC_FAILED -0x5E80 /**< Failed to allocate memory. */
/* \} name */
/**
......@@ -174,124 +179,6 @@ typedef struct _x509_time
}
x509_time;
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct _x509_cert
{
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
x509_name issuer; /**< The parsed issuer data (named information object). */
x509_name subject; /**< The parsed subject data (named information object). */
x509_time valid_from; /**< Start time of certificate validity. */
x509_time valid_to; /**< End time of certificate validity. */
pk_context pk; /**< Container for the public key context. */
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
int ext_types; /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
unsigned char key_usage; /**< Optional key usage extension value: See the values below */
x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
struct _x509_cert *next; /**< Next certificate in the CA-chain. */
}
x509_cert;
/**
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct _x509_crl_entry
{
x509_buf raw;
x509_buf serial;
x509_time revocation_date;
x509_buf entry_ext;
struct _x509_crl_entry *next;
}
x509_crl_entry;
/**
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct _x509_crl
{
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version;
x509_buf sig_oid1;
x509_buf issuer_raw; /**< The raw issuer data (DER). */
x509_name issuer; /**< The parsed issuer data (named information object). */
x509_time this_update;
x509_time next_update;
x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
x509_buf crl_ext;
x509_buf sig_oid2;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
struct _x509_crl *next;
}
x509_crl;
/**
* Certificate Signing Request (CSR) structure.
*/
typedef struct _x509_csr
{
x509_buf raw; /**< The raw CSR data (DER). */
x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
int version;
x509_buf subject_raw; /**< The raw subject data (DER). */
x509_name subject; /**< The parsed subject data (named information object). */
pk_context pk; /**< Container for the public key context. */
x509_buf sig_oid;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
}
x509_csr;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
/** \} addtogroup x509_module */
......@@ -300,119 +187,6 @@ x509_csr;
* \{
*/
/** \ingroup x509_module */
/**
* \brief Parse a single DER formatted certificate and add it
* to the chained list.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate DER data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen );
/**
* \brief Parse one or more certificates and add them
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate data
* \param buflen size of the buffer
*
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
#if defined(POLARSSL_FS_IO)
/** \ingroup x509_module */
/**
* \brief Load one or more certificates and add them
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param path filename to read the certificates from
*
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int x509parse_crtfile( x509_cert *chain, const char *path );
/** \ingroup x509_module */
/**
* \brief Load one or more certificate files from a path and add them
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param path directory / folder to read the certificate files from
*
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int x509parse_crtpath( x509_cert *chain, const char *path );
#endif /* POLARSSL_FS_IO */
/** \ingroup x509_module */
/**
* \brief Parse one or more CRLs and add them
* to the chained list
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
/** \ingroup x509_module */
/**