commit 15162a054a3296636aeceb54a68a8bfbae1f950e
author Paul Bakker <p.j.bakker@polarssl.org> Fri Sep 06 19:27:21 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Sep 06 19:27:21 2013 +0200
tree 31956075b98213365a2aff2ed01c0911234e81f6
parent 329def30c5f62f362150abdc8672426cd5db106c

Writing of X509v3 extensions supported

Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier

include/polarssl/x509write.h

diff --git a/include/polarssl/x509write.h b/include/polarssl/x509write.h
index 8600b42..af4d2a1 100644
--- a/include/polarssl/x509write.h
+++ b/include/polarssl/x509write.h
@@ -292,6 +292,60 @@
 void x509write_crt_set_md_alg( x509write_cert *ctx, md_type_t md_alg );
 
 /**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CRT
+ *
+ * \param ctx       CRT context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param critical  if the extension is critical (per the RFC's definition)
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_extension( x509write_cert *ctx,
+                                 const char *oid, size_t oid_len,
+                                 int critical,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Set the basicConstraints extension for a CRT
+ *
+ * \param ctx       CRT context to use
+ * \param is_ca     is this a CA certificate
+ * \param max_pathlen   maximum length of certificate chains below this
+ *                      certificate (only for CA certificates, -1 is
+ *                      inlimited)
+ *
+ * \return          0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_basic_constraints( x509write_cert *ctx,
+                                         int is_ca, int max_pathlen );
+
+/**
+ * \brief           Set the subjectKeyIdentifier extension for a CRT
+ *                  Requires that x509write_crt_set_subject_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_subject_key_identifier( x509write_cert *ctx );
+
+/**
+ * \brief           Set the authorityKeyIdentifier extension for a CRT
+ *                  Requires that x509write_crt_set_issuer_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
+ */
+int x509write_crt_set_authority_key_identifier( x509write_cert *ctx );
+
+/**
  * \brief           Free the contents of a CRT write context
  *
  * \param ctx       CRT context to free