An opaque newtype wrapper for an X.509 certificate.

A certificate is a binding between some identifying information (called a subject) and a public key. This binding is asserted by a signature on the certificate, which is placed there by some authority (the issuer) that at least claims that it knows the subject named in the certificate really “owns” the private key corresponding to the public key in the certificate.

The major certificate format in use today is X.509v3, used for instance in the Transport Layer Security (TLS) protocol. A X.509 certificate is represented by the type Cert.

Use Cert as a botan_cert_t.

Load a certificate from the DER or PEM representation.

Load a certificate from a file.

Create a new object that refers to the same certificate.

Return the time the certificate becomes valid, as seconds since epoch.

Return the time the certificate expires, as SystemTime.

Return the time the certificate becomes valid.

Return the time the certificate expires, as SystemTime.

Return the time the certificate becomes valid, as a Text in form “YYYYMMDDHHMMSSZ” where Z is a literal character reflecting that this time is relative to UTC.

Return the time the certificate expires, as a Text in form “YYYYMMDDHHMMSSZ” where Z is a literal character reflecting that this time is relative to UTC.

Return the finger print of the certificate.

Return the serial number of the certificate.

Return the authority key ID set in the certificate, which may be empty.

Return the subject key ID set in the certificate, which may be empty.

Get the serialized representation of the public key included in this certificate.

Get the public key included in this certificate.

Get a value from the issuer DN field, throw exception if not exists.

Get a value from the subject DN field, throw exception if not exists.

Format the certificate as a free-form string.

Change cert's KeyUsageConstraint.

Certificate path validation supporting Certificate Revocation Lists.

Verify a certificate. Returns Nothing if validation was successful, 'Just reason' if unsuccessful.

Certificate path validation supporting Certificate Revocation Lists with a CertStore.

Verify a certificate. Returns Nothing if validation was successful, 'Just reason' if unsuccessful.

An opaque newtype wrapper for an X.509 Certificate Revocation Lists.

It will occasionally happen that a certificate must be revoked before its expiration date. Examples of this happening include the private key being compromised, or the user to which it has been assigned leaving an organization. Certificate revocation lists are an answer to this problem (though online certificate validation techniques are starting to become somewhat more popular). Every once in a while the CA will release a new CRL, listing all certificates that have been revoked. Also included is various pieces of information like what time a particular certificate was revoked, and for what reason. In most systems, it is wise to support some form of certificate revocation, and CRLs handle this easily.

Use CRL as a botan_crl_t.

Load a CRL from the DER or PEM representation.

Load a CRL from a file.

Check whether a given crl contains a given cert. Return True when the certificate is revoked, False otherwise.

An opaque newtype wrapper for an X.509 Certificate Store based on botan's FlatFile_Certificate_Store.

Use CertStore as a botan_x509_certstore_t.

Load a CertStore from a file.

The built-in mozilla CA CertStore.

This is a certstore extracted from Mozilla, see https://curl.se/docs/caextract.html.

The CA CertStore on your system.

Certificate key usage constraints.