esp_idf_svc::sys

Function mbedtls_x509_crt_verify_with_profile

Source
pub unsafe extern "C" fn mbedtls_x509_crt_verify_with_profile(
    crt: *mut mbedtls_x509_crt,
    trust_ca: *mut mbedtls_x509_crt,
    ca_crl: *mut mbedtls_x509_crl,
    profile: *const mbedtls_x509_crt_profile,
    cn: *const u8,
    flags: *mut u32,
    f_vrfy: Option<unsafe extern "C" fn(_: *mut c_void, _: *mut mbedtls_x509_crt, _: i32, _: *mut u32) -> i32>,
    p_vrfy: *mut c_void,
) -> i32
Expand description

\brief Verify a chain of certificates with respect to a configurable security profile.

\note Same as \c mbedtls_x509_crt_verify(), but with explicit security profile.

\note The restrictions on keys (RSA minimum size, allowed curves for ECDSA) apply to all certificates: trusted root, intermediate CAs if any, and end entity certificate.

\param crt The certificate chain to be verified. \param trust_ca The list of trusted CAs. \param ca_crl The list of CRLs for trusted CAs. \param profile The security profile to use for the verification. \param cn The expected Common Name. This may be \c NULL if the CN need not be verified. \param flags The address at which to store the result of the verification. If the verification couldn’t be completed, the flag value is set to (uint32_t) -1. \param f_vrfy The verification callback to use. See the documentation of mbedtls_x509_crt_verify() for more information. \param p_vrfy The context to be passed to \p f_vrfy.

\return \c 0 if the chain is valid with respect to the passed CN, CAs, CRLs and security profile. \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the certificate chain verification failed. In this case, \c *flags will have one or more \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX flags set. \return Another negative error code in case of a fatal error encountered during the verification process.