Portability | unknown |
---|---|
Stability | experimental |
Maintainer | Vincent Hanquez <vincent@snarc.org> |
Safe Haskell | None |
X.509 Certificate checks and validations routines
Follows RFC5280 / RFC6818
- data FailedReason
- data Parameters = Parameters {}
- data Checks = Checks {}
- defaultChecks :: Maybe String -> Checks
- validate :: Checks -> CertificateStore -> CertificateChain -> IO [FailedReason]
- validateWith :: Parameters -> CertificateStore -> Checks -> CertificateChain -> IO [FailedReason]
- getFingerprint :: (Show a, Eq a, ASN1Object a) => SignedExact a -> HashALG -> ByteString
Documentation
data FailedReason Source
Possible reason of certificate and chain failure
UnknownCriticalExtension | certificate contains an unknown critical extension |
Expired | validity ends before checking time |
InFuture | validity starts after checking time |
SelfSigned | certificate is self signed |
UnknownCA | unknown Certificate Authority (CA) |
NotAllowedToSign | certificate is not allowed to sign |
NotAnAuthority | not a CA |
InvalidSignature | signature failed |
NoCommonName | Certificate doesn't have any common name (CN) |
InvalidName String | Invalid name in certificate |
NameMismatch String | connection name and certificate do not match |
InvalidWildcard | invalid wildcard in certificate |
LeafKeyUsageNotAllowed | the requested key usage is not compatible with the leaf certificate's key usage |
LeafKeyPurposeNotAllowed | the requested key purpose is not compatible with the leaf certificate's extended key usage |
LeafNotV3 | Only authorized an X509.V3 certificate as leaf certificate. |
EmptyChain | empty chain of certificate |
data Parameters Source
Validation parameters
A set of checks to activate or parametrize to perform on certificates.
It's recommended to use defaultChecks
to create the structure,
to better cope with future changes or expansion of the structure.
Checks | |
|
Default checks to perform
It's not recommended to use Nothing as FQDN, doing so will ignore an important validation parameter check.
validate :: Checks -> CertificateStore -> CertificateChain -> IO [FailedReason]Source
validate a certificate chain.
validateWith :: Parameters -> CertificateStore -> Checks -> CertificateChain -> IO [FailedReason]Source
Validate a certificate chain with explicit parameters
:: (Show a, Eq a, ASN1Object a) | |
=> SignedExact a | object to fingerprint |
-> HashALG | algorithm to compute the fingerprint |
-> ByteString | fingerprint in binary form |
Get the fingerprint of the whole signed object using the hashing algorithm specified