HsOpenSSL-0.5: (Part of) OpenSSL binding for HaskellSource codeContentsIndex
Functions to manipulate request
An interface to PKCS#10 certificate request.
data X509Req
data X509_REQ
newX509Req :: IO X509Req
wrapX509Req :: Ptr X509_REQ -> IO X509Req
withX509ReqPtr :: X509Req -> (Ptr X509_REQ -> IO a) -> IO a
signX509Req :: X509Req -> PKey -> Maybe Digest -> IO ()
verifyX509Req :: X509Req -> PKey -> IO VerifyStatus
printX509Req :: X509Req -> IO String
makeX509FromReq :: X509Req -> X509 -> IO X509
getVersion :: X509Req -> IO Int
setVersion :: X509Req -> Int -> IO ()
getSubjectName :: X509Req -> Bool -> IO [(String, String)]
setSubjectName :: X509Req -> [(String, String)] -> IO ()
getPublicKey :: X509Req -> IO PKey
setPublicKey :: X509Req -> PKey -> IO ()
data X509Req Source
X509Req is an opaque object that represents PKCS#10 certificate request.
data X509_REQ Source
Functions to manipulate request
newX509Req :: IO X509ReqSource

newX509Req creates an empty certificate request. You must set the following properties to and sign it (see signX509Req) to actually use the certificate request.

See setVersion.
Subject Name
See setSubjectName.
Public Key
See setPublicKey.
wrapX509Req :: Ptr X509_REQ -> IO X509ReqSource
withX509ReqPtr :: X509Req -> (Ptr X509_REQ -> IO a) -> IO aSource
:: X509ReqThe request to be signed.
-> PKeyThe private key to sign with.
-> Maybe DigestA hashing algorithm to use. If Nothing the most suitable algorithm for the key is automatically used.
-> IO ()
signX509Req signs a certificate request with a subject private key.
:: X509ReqThe request to be verified.
-> PKeyThe public key to verify with.
-> IO VerifyStatus
verifyX509Req verifies a signature of certificate request with a subject public key.
printX509Req :: X509Req -> IO StringSource
printX509Req req translates a certificate request into human-readable format.
makeX509FromReq :: X509Req -> X509 -> IO X509Source

makeX509FromReq req cert creates an empty X.509 certificate and copies as much data from the request as possible. The resulting certificate doesn't have the following data and it isn't signed so you must fill them and sign it yourself.

  • Serial number
  • Validity (Not Before and Not After)


 import Data.Time.Clock

 genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509
 genCert caCert caKey serial days req
     = do cert <- makeX509FromReq req caCert
          now  <- getCurrentTime
          setSerialNumber cert serial
          setNotBefore cert $ addUTCTime (-1) now
          setNotAfter  cert $ addUTCTime (days * 24 * 60 * 60) now
          signX509 cert caKey Nothing
          return cert
getVersion :: X509Req -> IO IntSource
getVersion req returns the version number of certificate request.
setVersion :: X509Req -> Int -> IO ()Source
setVersion req ver updates the version number of certificate request.
getSubjectName :: X509Req -> Bool -> IO [(String, String)]Source
getSubjectName req wantLongName returns the subject name of certificate request. See OpenSSL.X509.getSubjectName of OpenSSL.X509.
setSubjectName :: X509Req -> [(String, String)] -> IO ()Source
setSubjectName req name updates the subject name of certificate request. See OpenSSL.X509.setSubjectName of OpenSSL.X509.
getPublicKey :: X509Req -> IO PKeySource
getPublicKey req returns the public key of the subject of certificate request.
setPublicKey :: X509Req -> PKey -> IO ()Source
setPublicKey req updates the public key of the subject of certificate request.
Produced by Haddock version 2.4.2