Module x509

x509 modules to create, parse, process X509 objects, sign CSR.

Usage:

    x509 = require'openssl'.x509

Functions

purpose () return all supported purpose as table
certtypes ([type='standard']) get support certtypes
verify_cert_error_string (verify_result) get certificate verify result string message
read (input[, format='auto']) read x509 from string or bio input
new ([serial[, csr[, subject[, extensions[, attributes]]]]]) create or generate a new x509 object.

Class x509

x509:export ([format='pem']) export x509_req to string
x509:parse ([default=true]) parse x509 object as table
x509:pubkey () get public key of x509
x509:pubkey (pubkey) set public key of x509
x509:check (cacerts, untrusted[, purpose]) check x509 with ca certchian and option purpose purpose can be one of: ssl_client, ssl_server, ns_ssl_server, smime_sign, smime_encrypt, crl_sign, any, ocsp_helper, timestamp_sign
x509:check (pkey) check x509 with evp_pkey
x509:check_host (host) check x509 for host (only for openssl 1.0.2 or greater)
x509:check_email (email) check x509 for email address (only for openssl 1.0.2 or greater)
x509:check_ip_asc (ip) check x509 for ip address (ipv4 or ipv6, only for openssl 1.0.2 or greater)
x509:subject () get subject name of x509
x509:subject (subject) set subject name of x509
x509:issuer ([asobject=false]) get issuer name of x509
x509:issuer (name) set issuer name of x509
x509:digest ([md_alg='sha1']) get digest of x509 object
x509:notbefore () get notbefore valid time of x509
x509:notbefore (notbefore) set notbefore valid time of x509
x509:notafter () get notafter valid time of x509
x509:notafter (notafter) set notafter valid time of x509
x509:validat ([time]) check x509 valid
x509:validat (notbefore, notafter) set valid time, notbefore and notafter
x509:serial ([asobject=true]) get serial number of x509
x509:serial (serail) set serial number of x509
x509:version () get version number of x509
x509:version (version) set version number of x509
x509:extensions ([asobject=false]) get extensions of x509 object
x509:extensions (extensions) set extension of x509 object
x509:sign (pkey, cacert[, md_alg='sha1WithRSAEncryption']) sign x509


Functions

purpose ()
return all supported purpose as table

Returns:

    table
certtypes ([type='standard'])
get support certtypes

Parameters:

  • type string support ‘standard’,‘netscape’,‘extend’ (default 'standard')

Returns:

    table

    if type is ‘standard’ or ‘netscape’, contains node with {lname=…,sname=…,bitname=…},

               if type is 'extend', contains node with {lname=...,sname=...,nid=...}
verify_cert_error_string (verify_result)
get certificate verify result string message

Parameters:

  • verify_result number

Returns:

    string result message
read (input[, format='auto'])
read x509 from string or bio input

Parameters:

  • input bio or string input data
  • format string support ‘auto’,‘pem’,‘der’ (default 'auto')

Returns:

    x509 certificate object
new ([serial[, csr[, subject[, extensions[, attributes]]]]])
create or generate a new x509 object.

Parameters:

  • serial openssl.bn serial number (optional)
  • csr x509_req ,copy x509_name, pubkey and extension to new object (optional)
  • subject x509_name subject name set to x509_req (optional)
  • extensions stack_of_x509_extension add to x509 (optional)
  • attributes stack_of_x509_attribute add to x509 (optional)

Returns:

    x509 certificate object

Class x509

openssl.x509 object
x509:export ([format='pem'])
export x509_req to string

Parameters:

  • format string , ‘der’ or ‘pem’ default (default 'pem')

Returns:

    string
x509:parse ([default=true])
parse x509 object as table

Parameters:

  • default shortname will use short object name (default true)

Returns:

    table result which all x509 information
x509:pubkey ()
get public key of x509

Returns:

    evp_pkey public key
x509:pubkey (pubkey)
set public key of x509

Parameters:

  • pubkey evp_pkey public key set to x509

Returns:

    boolean result, true for success
x509:check (cacerts, untrusted[, purpose])
check x509 with ca certchian and option purpose purpose can be one of: ssl_client, ssl_server, ns_ssl_server, smime_sign, smime_encrypt, crl_sign, any, ocsp_helper, timestamp_sign

Parameters:

  • cacerts x509_store
  • untrusted x509_store certs containing a bunch of certs that are not trusted but may be useful in validating the certificate.
  • purpose string to check supported (optional)

Returns:

  1. boolean result true for check pass
  2. integer verify result

See also:

x509:check (pkey)
check x509 with evp_pkey

Parameters:

  • pkey evp_pkey private key witch match with x509 pubkey

Returns:

    boolean result true for check pass
x509:check_host (host)
check x509 for host (only for openssl 1.0.2 or greater)

Parameters:

  • host string hostname to check for match match with x509 subject

Returns:

    boolean result true if host is present and matches the certificate
x509:check_email (email)
check x509 for email address (only for openssl 1.0.2 or greater)

Parameters:

  • email string to check for match match with x509 subject

Returns:

    boolean result true if host is present and matches the certificate
x509:check_ip_asc (ip)
check x509 for ip address (ipv4 or ipv6, only for openssl 1.0.2 or greater)

Parameters:

  • ip string to check for match match with x509 subject

Returns:

    boolean result true if host is present and matches the certificate
x509:subject ()
get subject name of x509

Returns:

    x509_name subject name
x509:subject (subject)
set subject name of x509

Parameters:

Returns:

    boolean result true for success
x509:issuer ([asobject=false])
get issuer name of x509

Parameters:

  • asobject boolean , true for return as x509_name object, or as table (default false)

Returns:

  1. x509_name issuer
  2. table issuer name as table
x509:issuer (name)
set issuer name of x509

Parameters:

Returns:

    boolean result true for success
x509:digest ([md_alg='sha1'])
get digest of x509 object

Parameters:

  • md_alg evp_digest or string , default use ‘sha1’ (default 'sha1')

Returns:

    string digest result
x509:notbefore ()
get notbefore valid time of x509

Returns:

    string notbefore time string
x509:notbefore (notbefore)
set notbefore valid time of x509

Parameters:

x509:notafter ()
get notafter valid time of x509

Returns:

    string notafter time string
x509:notafter (notafter)
set notafter valid time of x509

Parameters:

x509:validat ([time])
check x509 valid

Parameters:

  • time number , default will use now time (optional)

Returns:

  1. boolean result true for valid, or for invalid
  2. string notbefore
  3. string notafter
x509:validat (notbefore, notafter)
set valid time, notbefore and notafter

Parameters:

  • notbefore number
  • notafter number

Returns:

    boolean result, true for success
x509:serial ([asobject=true])
get serial number of x509

Parameters:

  • asobject boolean (default true)

Returns:

    bn object

Or

    string result
x509:serial (serail)
set serial number of x509

Parameters:

Returns:

    boolean result true for success
x509:version ()
get version number of x509

Returns:

    number version of x509
x509:version (version)
set version number of x509

Parameters:

  • version number

Returns:

    boolean result true for result
x509:extensions ([asobject=false])
get extensions of x509 object

Parameters:

  • asobject boolean , true for return as stack_of_x509_extension or as table (default false)

Returns:

    stack_of_x509_extension object when param set true

Or

    table contain all x509_extension when param set false or nothing
x509:extensions (extensions)
set extension of x509 object

Parameters:

  • extensions stack_of_x509_extension

Returns:

    boolean result true for success
x509:sign (pkey, cacert[, md_alg='sha1WithRSAEncryption'])
sign x509

Parameters:

  • pkey evp_pkey private key to sign x509
  • cacert x509 or x509_name or cacert x509_name
  • md_alg string or md_digest (default 'sha1WithRSAEncryption')

Returns:

    boolean result true for check pass
generated by LDoc 1.5.0 Last updated 2024-01-20 16:21:56