Safe Haskell	Safe-Inferred
Language	Haskell2010

OpenSSL.X509.Request

Contents

Type
Functions to manipulate request
Accessors

Description

An interface to PKCS#10 certificate request.

Synopsis

data X509Req
newX509Req :: IO X509Req
signX509Req :: KeyPair key => X509Req -> key -> Maybe Digest -> IO ()
verifyX509Req :: PublicKey key => X509Req -> key -> IO VerifyStatus
printX509Req :: X509Req -> IO String
writeX509ReqDER :: X509Req -> IO ByteString
makeX509FromReq :: X509Req -> X509 -> IO X509
getVersion :: X509Req -> IO Int
setVersion :: X509Req -> Int -> IO ()
getSubjectName :: X509Req -> Bool -> IO [(String, String)]
setSubjectName :: X509Req -> [(String, String)] -> IO ()
getPublicKey :: X509Req -> IO SomePublicKey
setPublicKey :: PublicKey key => X509Req -> key -> IO ()
addExtensions :: X509Req -> [(Int, String)] -> IO CInt

Type

data X509Req Source #

X509Req is an opaque object that represents PKCS#10 certificate request.

Functions to manipulate request

newX509Req :: IO X509Req Source #

newX509Req creates an empty certificate request. You must set the following properties to and sign it (see signX509Req) to actually use the certificate request.

Version: See setVersion.
Subject Name: See setSubjectName.
Public Key: See setPublicKey.

signX509Req Source #

Arguments

:: KeyPair key
=> X509Req	The request to be signed.
-> key	The private key to sign with.
-> Maybe Digest	A hashing algorithm to use. If `Nothing` the most suitable algorithm for the key is automatically used.
-> IO ()

signX509Req signs a certificate request with a subject private key.

verifyX509Req Source #

Arguments

:: PublicKey key
=> X509Req	The request to be verified.
-> key	The public key to verify with.
-> IO VerifyStatus

verifyX509Req verifies a signature of certificate request with a subject public key.

printX509Req :: X509Req -> IO String Source #

printX509Req req translates a certificate request into human-readable format.

writeX509ReqDER :: X509Req -> IO ByteString Source #

writeX509ReqDER req writes a PKCS#10 certificate request to DER string.

makeX509FromReq :: X509Req -> X509 -> IO X509 Source #

makeX509FromReq req cert creates an empty X.509 certificate and copies as much data from the request as possible. The resulting certificate doesn't have the following data and it isn't signed so you must fill them and sign it yourself.

Serial number
Validity (Not Before and Not After)

Example:

import Data.Time.Clock

genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509
genCert caCert caKey serial days req
    = do cert <- makeX509FromReq req caCert
         now  <- getCurrentTime
         setSerialNumber cert serial
         setNotBefore cert $ addUTCTime (-1) now
         setNotAfter  cert $ addUTCTime (days * 24 * 60 * 60) now
         signX509 cert caKey Nothing
         return cert

Accessors

getVersion :: X509Req -> IO Int Source #

getVersion req returns the version number of certificate request.

setVersion :: X509Req -> Int -> IO () Source #

setVersion req ver updates the version number of certificate request.

getSubjectName :: X509Req -> Bool -> IO [(String, String)] Source #

getSubjectName req wantLongName returns the subject name of certificate request. See getSubjectName of OpenSSL.X509.

setSubjectName :: X509Req -> [(String, String)] -> IO () Source #

setSubjectName req name updates the subject name of certificate request. See setSubjectName of OpenSSL.X509.

getPublicKey :: X509Req -> IO SomePublicKey Source #

getPublicKey req returns the public key of the subject of certificate request.

setPublicKey :: PublicKey key => X509Req -> key -> IO () Source #

setPublicKey req updates the public key of the subject of certificate request.

addExtensions :: X509Req -> [(Int, String)] -> IO CInt Source #

addExtensions req [(nid, str)]

E.g., nid 85 = subjectAltName http://osxr.org:8080/openssl/source/crypto/objects/objects.h#0476

(TODO: more docs; NID type)