mbedtls证书验证
Mbed TLS是一个用C语言编写的库,可实现加解密、X.509证书操作以及SSL / TLS和DTLS协议。
它的代码占用量小,适用于嵌入式系统。
证书链数据结构如下:
1 /** 2 * Item in a verification chain: cert and flags for it 3 */ 4 typedef struct { 5 mbedtls_x509_crt *crt; 6 uint32_t flags; 7 } mbedtls_x509_crt_verify_chain_item; 8 9 /** 10 * Max size of verification chain: end-entity + intermediates + trusted root 11 */ 12 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) 13 14 /** 15 * Verification chain as built by \c mbedtls_crt_verify_chain() 16 */ 17 typedef struct 18 { 19 mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; 20 unsigned len; 21 } mbedtls_x509_crt_verify_chain;
证书验证总体流程如下: