Home  Contents

ssl:loadCAData

 Cipher/SSL Core4 Lua Commands
Platform Core4 Filesystem Core4 Lua
Core4 Manager Core4 Manager Downloads Getting started Installation Development
Application Notes Lua TCP/IP
Core4 Lua Commands Audio Cipher Cipher/Hash Cipher/MPI Cipher/PKI Cipher/SSL Ctype Date/Time Debug Filer Graphics JSON Kconfig Math Mtd16 OS Sql String Table Tr
Core4 Lua Event System Bis Event Finger Gpio Httpd Httpd/CGI Keyboard Magstripe Mtd16io Rawio Touch V4kf Websocket
Lua Commands Coroutine Debug File Global IO OS Package String Table
Credits Credits

SYNOPSIS

  1. ok, err, errcode = ssl:loadCAData(data)
  2. ok, err, errcode = ssl:loadCAFile(filename)
  3. ok, err, errcode = ssl:loadCADir(path)
  4. info = ssl:getCAInfo()

DESCRIPTION

The certificate authority list contains certificates that can be used to verify the authenticity of a peer. If configured to require peer authentication (See ssl:setVerify()), then the peer's certificate will be checked against this list. Only if a match is found, the peer is accepted.

The certificate authority list data is public and does not need to be kept secure.

The system can load certificates in X509 PEM or BER format.

Loading a list of certificates is completely optional. If no list is loaded, peers cannot be authenticated. Not loading a list is common for web servers.

The function ssl:loadCAData() loads the certificate from the data passed in a string variable.

The second function, ssl:loadCAFile() instead loads the certificate directly from a file.

The third function, ssl:loadCADir() scans a directory and any subdirectory for certificate files and loads any it can find.

All loading functions can be called multiple times, each certificate is appended to the internal list.

The query function ssl:getCAInfo() returns some basic information about eacht certificate.

RETURN VALUE

The loading functions ssl:loadCAData(), ssl:loadCAFile() return true on success.

In case of an error they return three values: nil, a string describing the error and a negative error code from the underlying mbed TLS implementation.

The directory scanning function ssl:loadCADir() returns true on success. If there are errors, but at least one certificate was succesfully loaded, it returns a number that indicates how many certificates where in error. In case no certificate could be loaded, returns the same error triplet as above.

The info function ssl:getCAInfo() returns a nested table listing all loaded certificates.

info = { { ... certificate 1 data ... }, { ... certificate 2 data ... }, ... }

Each entry is a nested table with the following key/value pairs:

valid_from The earliest date that the certificate is valid
valid_to The latest date that the certificate is valid
serial The serial number of the certificate
issuer Information about the certificate issuer, see below
subject Information about the certificate subject, see below

The fields issuer and subject are nested tables with more info. Following are the fields that may be present in the certificate. The table will only contain entries if there is actually data of that kind present. The table may contain additional items if the certificate has further data. The extra items are listed with their hexadecimal tag code.

CN Common Name
O Organization
OU Organizational Unit
L Location
S State/Province
C Country
R Email address

SEE ALSO

cipher.ssl(), ssl:loadCertData(), ssl:loadCertFile(), ssl:getCertInfo(), ssl:loadKeyData(), ssl:loadKeyFile()

Core4 SDK 2.114.0#7929 © Teratronik elektronische Systeme GmbH © mbed TLS   2024-04-25