mbedtls证书验证

Mbed TLS是一个用C语言编写的库,可实现加解密、X.509证书操作以及SSL / TLS和DTLS协议。

它的代码占用量小,适用于嵌入式系统。

 

证书链数据结构如下:

 1 /**
 2  * Item in a verification chain: cert and flags for it
 3  */
 4 typedef struct {
 5     mbedtls_x509_crt *crt;
 6     uint32_t flags;
 7 } mbedtls_x509_crt_verify_chain_item;
 8 
 9 /**
10  * Max size of verification chain: end-entity + intermediates + trusted root
11  */
12 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE  ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
13 
14 /**
15  * Verification chain as built by \c mbedtls_crt_verify_chain()
16  */
17 typedef struct
18 {
19     mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
20     unsigned len;
21 } mbedtls_x509_crt_verify_chain;

 

 证书验证总体流程如下:

posted @ 2021-05-27 15:45  hunterDing  阅读(1939)  评论(0编辑  收藏  举报