x509-cert/allowed-usage x509-cert/authority-key-id x509-cert/dup x509-cert/fingerprint x509-cert/hostname-match x509-cert/issuer-dn x509-cert/load x509-cert/load-file x509-cert/not-after x509-cert/not-before x509-cert/serial-number x509-cert/subject-dn x509-cert/subject-key-id x509-cert/subject-public-key x509-cert/subject-public-key-bits x509-cert/to-string x509-cert/validation-status x509-cert/verify
(x509-cert/allowed-usage cert-obj cert-usage)Test if the certificate is allowed for a particular usage.
(x509-cert/authority-key-id cert-obj)Return the authority key ID set in the certificate, which may be empty.
(x509-cert/dup cert-obj)Create a new object that refers to the same certificate.
(x509-cert/fingerprint cert-obj &opt hash-algo)Return a fingerprint for the certificate, which is basically just a hash of the binary contents. Normally "SHA-1" or "SHA-256" is used, but any hash function is allowed. If omitted, "SHA-256" is used.
(x509-cert/hostname-match cert-obj hostname)Return true if the Common Name (CN) field of the certificate matches a given `hostname`.
(x509-cert/issuer-dn cert-obj key index)Get a value from the issuer DN field. `key` specifies a value to get, for instance "Name" or "Country".
(x509-cert/load cert)Load a X.509 certificate from DER or PEM representation.
(x509-cert/not-after cert-obj)Return the time the certificate expires, as seconds since epoch.
(x509-cert/not-before cert-obj)Return the time the certificate becomes valid, as seconds since epoch.
(x509-cert/serial-number cert-obj)Return the serial number of the certificate.
(x509-cert/subject-dn cert-obj key index)Get a value from the subject DN field. `key` specifies a value to get, for instance "Name" or "Country".
(x509-cert/subject-key-id cert-obj)Return the subject key ID set in the certificate, which may be empty.
(x509-cert/subject-public-key cert-obj)Get the public key included in this certificate as an object of `pubkey`.
(x509-cert/subject-public-key-bits cert-obj)Get the serialized representation of the public key included in this certificate.
(x509-cert/to-string cert-obj)Return a free-form string representation of this certificate
(x509-cert/validation-status error-code)Return an informative string explaining the verification return code.
(x509-cert/verify cert-obj &keys {:intermediates intermediates :trusted trusted :truste trusted-path :required-strength required-strength :hostname hostname :reference-time reference-time :crl crls})Verify a certificate. Returns 0 if validation was successful, returns a positive error code if the validation was unsuccesful.* `:intermediates` - A tuple of untrusted subauthorities.
* `:trusted` - A tuple of trusted root CAs.
* `:trusted-path` - A path refers to a directory where one or more trusted CA certificates are stored.
* `:required-strength` - Indicates the minimum key and hash strength that is allowed. For instance setting to 80 allows 1024-bit RSA and SHA-1. Setting to 110 requires 2048-bit RSA and SHA-256 or higher. Set to zero to accept a default. Default value is 0, if omitted.
* `:hostname` - Check against the certificates CN field.
* `:reference-time` - Time value which the certificate chain is validated against. Use zero(default) to use the current system clock.
* `crls` - A tuple of CRLs issued by either trusted or untrusted authorities.