X509Bundle.h 1.2 KB

12345678910111213141516171819202122232425262728293031
  1. #pragma once
  2. #include <mbedtls/x509_crt.h> // for mbedtls_x509_crt
  3. #include <stddef.h> // for size_t
  4. #include <cstdint> // for uint8_t, uint16_t, uint32_t
  5. #include <vector> // for vector
  6. #include "mbedtls/ssl.h" // for mbedtls_ssl_config
  7. namespace bell::X509Bundle {
  8. int crtCheckCertificate(mbedtls_x509_crt* child, const uint8_t* pub_key_buf,
  9. size_t pub_key_len);
  10. /* This callback is called for every certificate in the chain. If the chain
  11. * is proper each intermediate certificate is validated through its parent
  12. * in the x509_crt_verify_chain() function. So this callback should
  13. * only verify the first untrusted link in the chain is signed by the
  14. * root certificate in the trusted bundle
  15. */
  16. int crtVerifyCallback(void* buf, mbedtls_x509_crt* crt, int depth,
  17. uint32_t* flags);
  18. /* Initialize the bundle into an array so we can do binary search for certs,
  19. the bundle generated by the python utility is already presorted by subject name
  20. */
  21. void init(const uint8_t* x509_bundle, size_t bundle_size);
  22. void attach(mbedtls_ssl_config* conf);
  23. bool shouldVerify();
  24. }; // namespace bell::X509Bundle