View Source X509.CRL.Extension (X509 v0.8.9)

Convenience functions for creating :Extension records for use in CRLs or CRL entries.

Some extensions defined in X509.Certificate.Extension may also be used in CRLs (e.g. authority_key_identifier). Please use the functions in that module to create such extension records.

Link to this section Summary

Types

Supported values in the reason code extension

t()

:Extension record, as used in Erlang's :public_key module

Functions

The CRL number conveys a monotonically increasing sequence number for a given CRL scope and CRL issuer. This extension allows users to easily determine when a particular CRL supersedes another CRL.

Looks up the value of a specific extension in a list.

The reason code identifies the reason for the certificate revocation. CRL issuers are strongly encouraged to include meaningful reason codes in CRL entries.

Link to this section Types

@type extension_id() :: :crl_reason | :crl_number | :authority_key_identifier
@type reason_code_value() ::
  :keyCompromise
  | :cACompromise
  | :affiliationChanged
  | :superseded
  | :cessationOfOperation
  | :certificateHold
  | :removeFromCRL
  | :privilegeWithdrawn
  | :aACompromise

Supported values in the reason code extension

@opaque t()

:Extension record, as used in Erlang's :public_key module

Link to this section Functions

@spec crl_number(non_neg_integer()) :: t()

The CRL number conveys a monotonically increasing sequence number for a given CRL scope and CRL issuer. This extension allows users to easily determine when a particular CRL supersedes another CRL.

This extension is marked as non-critical.

Example:

iex> X509.CRL.Extension.crl_number(12)
{:Extension, {2, 5, 29, 20}, false, <<2, 1, 12>>}
Link to this function

find(list, extension_oid)

View Source
@spec find([t()], extension_id() | :public_key.oid()) :: t() | nil

Looks up the value of a specific extension in a list.

The desired extension can be specified as an atom or an OID value. Returns nil if the specified extension is not present in the certificate.

@spec reason_code(reason_code_value()) :: t()

The reason code identifies the reason for the certificate revocation. CRL issuers are strongly encouraged to include meaningful reason codes in CRL entries.

The value :removeFromCRL is reserved for use in delta CRLs.

This extension is marked as non-critical.

Example:

iex> X509.CRL.Extension.reason_code(:keyCompromise)
{:Extension, {2, 5, 29, 21}, false, <<10, 1, 1>>}