Portability | unknown |
---|---|
Stability | experimental |
Maintainer | Vincent Hanquez <vincent@snarc.org> |
Safe Haskell | None |
X.509 Certificate checks and validations routines
Follows RFC5280 / RFC6818
- data FailedReason
- data Parameters = Parameters {}
- data Checks = Checks {}
- defaultChecks :: String -> Checks
- validate :: Checks -> CertificateStore -> CertificateChain -> IO [FailedReason]
- validateWith :: Parameters -> CertificateStore -> Checks -> CertificateChain -> IO [FailedReason]
Documentation
data FailedReason Source
Possible reason of certificate and chain failure
UnknownCriticalExtension | certificate contains an unknown critical extension |
Expired | validity ends before checking time |
InFuture | validity starts after checking time |
SelfSigned | certificate is self signed |
UnknownCA | unknown Certificate Authority (CA) |
NotAllowedToSign | certificate is not allowed to sign |
NotAnAuthority | not a CA |
InvalidSignature | signature failed |
NoCommonName | Certificate doesn't have any common name (CN) |
InvalidName String | Invalid name in certificate |
NameMismatch String | connection name and certificate do not match |
InvalidWildcard | invalid wildcard in certificate |
EmptyChain | empty chain of certificate |
data Parameters Source
Validation parameters
Checks | |
|
Default checks to perform
validate :: Checks -> CertificateStore -> CertificateChain -> IO [FailedReason]Source
validate a certificate chain.
validateWith :: Parameters -> CertificateStore -> Checks -> CertificateChain -> IO [FailedReason]Source
Validate a certificate chain with explicit parameters