Portability | unknown |
---|---|
Stability | experimental |
Maintainer | Vincent Hanquez <vincent@snarc.org> |
Safe Haskell | None |
X.509 Certificate checks and validations routines
Follows RFC5280 / RFC6818
- data FailedReason
- data Parameters = Parameters {}
- data Checks = Checks {}
- defaultChecks :: Maybe String -> Checks
- validate :: Checks -> CertificateStore -> CertificateChain -> IO [FailedReason]
- validateWith :: Parameters -> CertificateStore -> Checks -> CertificateChain -> IO [FailedReason]
- getFingerprint :: (Show a, Eq a, ASN1Object a) => SignedExact a -> HashALG -> ByteString
Documentation
data FailedReason Source
Possible reason of certificate and chain failure
UnknownCriticalExtension | certificate contains an unknown critical extension |
Expired | validity ends before checking time |
InFuture | validity starts after checking time |
SelfSigned | certificate is self signed |
UnknownCA | unknown Certificate Authority (CA) |
NotAllowedToSign | certificate is not allowed to sign |
NotAnAuthority | not a CA |
InvalidSignature | signature failed |
NoCommonName | Certificate doesn't have any common name (CN) |
InvalidName String | Invalid name in certificate |
NameMismatch String | connection name and certificate do not match |
InvalidWildcard | invalid wildcard in certificate |
EmptyChain | empty chain of certificate |
data Parameters Source
Validation parameters
A set of checks to activate or parametrize to perform on certificates.
It's recommended to use defaultChecks
to create the structure,
to better cope with future changes or expansion of the structure.
Checks | |
|
Default checks to perform
validate :: Checks -> CertificateStore -> CertificateChain -> IO [FailedReason]Source
validate a certificate chain.
validateWith :: Parameters -> CertificateStore -> Checks -> CertificateChain -> IO [FailedReason]Source
Validate a certificate chain with explicit parameters
:: (Show a, Eq a, ASN1Object a) | |
=> SignedExact a | object to fingerprint |
-> HashALG | algorithm to compute the fingerprint |
-> ByteString | fingerprint in binary form |
Get the fingerprint of the whole signed object using the hashing algorithm specified