Mbed TLS v3.6.3
Loading...
Searching...
No Matches
Data Fields
mbedtls_x509_crt_profile Struct Reference

#include <x509_crt.h>

Data Fields

uint32_t allowed_mds
 
uint32_t allowed_pks
 
uint32_t allowed_curves
 
uint32_t rsa_min_bitlen
 

Detailed Description

Security profile for certificate verification.

All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().

The fields of this structure are part of the public API and can be manipulated directly by applications. Future versions of the library may add extra fields or reorder existing fields.

You can create custom profiles by starting from a copy of an existing profile, such as mbedtls_x509_crt_profile_default or mbedtls_x509_ctr_profile_none and then tune it to your needs.

For example to allow SHA-224 in addition to the default:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );

Or to allow only RSA-3072+ with SHA-256:

mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); my_profile.rsa_min_bitlen = 3072;

Definition at line 125 of file x509_crt.h.

Field Documentation

◆ allowed_curves

uint32_t mbedtls_x509_crt_profile::allowed_curves

Elliptic curves for ECDSA

Definition at line 130 of file x509_crt.h.

◆ allowed_mds

uint32_t mbedtls_x509_crt_profile::allowed_mds

MDs for signatures

Definition at line 126 of file x509_crt.h.

◆ allowed_pks

uint32_t mbedtls_x509_crt_profile::allowed_pks

PK algs for public keys; this applies to all certificates in the provided chain.

Definition at line 127 of file x509_crt.h.

◆ rsa_min_bitlen

uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen

Minimum size for RSA keys

Definition at line 131 of file x509_crt.h.


The documentation for this struct was generated from the following file: