RtsCertTrustLevel (ENUM) ¶ TYPE RtsCertTrustLevel : The trusted level has two main meanings: 1. In opend certificates it indicates if the certificate is trusted or not 2. If adding or searching certificates in the store it indicates where to add / search the certificate. Attributes: qualified_only InOut: Name Initial Comment Untrusted 1 This is the location for untrusted certificates. Trusted This is the location for trusted CA or self signed certificates. Own This is the location for certificates used by the PLC. The private key of these certificates is available. Quarantine This location contains certificates which could not be verified because of missing chains. Unknown This is the default for certificates which are not in one of the other stores. Usually this is set when parsing a certificate. Chain This location contains chain certificates. These certificates are not trusted but used to build up a chain up to one of the certificates placed in trusted. This is the only store which is local to each opened certificate store. Also adding certificates to this trust level is not persistent. The typical use case is to add chain-certificates received from the communication peer in case of an own protocol implementation. For TLS connection this is done automatically. Due this use-case, the capabilities of this store are somewhat limited. It is not possible to iterate or filter certificates on this store. Explicit removal of certificates is supported with X509CertStoreRemoveCert. The store is automatically clean up on X509CertStoreClose.
RtsX509AltNameType (ENUM) ¶ TYPE RtsX509AltNameType : Attributes: qualified_only InOut: Name Comment otherName Not supported Email Supported DnsName Supported X400Address Not supported directoryName Not supported ediPartyName Not supported URI Supported IpAddress Supported RegisterdID Supported
RtsX509CertCheckFlags (ENUM) ¶ TYPE RtsX509CertCheckFlags : Attributes: qualified_only InOut: Name Initial Comment FORCE_SUBJECT 16#1 Forces that the hostname / IP address is part OF certificate subject. Otherwhise part OF subject alternative name is accepted. DISABLE_WILDCARDS 16#2 Disable support FOR wildcard checking. * .example.com in a certificate is NOT accepted. Only FOR X509CertCheckHost. DISABLE_PARTIAL_WILDCARDS 16#4 Disable support FOR partial wildcard checking. ww*.example.com OR * ww.example.com. Only FOR X509CertCheckHost. ALLOW_MULTILABLE_WILDCARDS 16#8 Allow that wildcards replace multiple subdomains. * .example.com will accept www.SUB.example.com. Only FOR X509CertCheckHost. FORCE_SINGLE_SUBDOMAIN 16#10 Forces that .example.com will only accept a single subdomain e.f. SUB.example.com, but NOT www.SUB.example.com. Only FOR X509CertCheckHost.
RtsX509CertFilterType (ENUM) ¶ TYPE RtsX509CertFilterType : Attributes: qualified_only InOut: Name Initial TRUST_LEVEL 0 SUBJECT SUBJECT_MATCHALL CERT_DATEVALID CERT_KEYUSAGE CERT_EXKEYUSAGE CERT_THUMBPRINT
RtsX509VerifyFlags (ENUM) ¶ TYPE RtsX509VerifyFlags : Attributes: qualified_only InOut: Name Initial Comment EnableCRLCheck 16#1 Enables CRL checks for certificate validation.
Structs ¶ RtsOID (Struct) RtsX509AltName (Struct) RtsX509CertFilter (Struct) RtsX509CertInfo (Struct) RtsX509CertName (Struct) RtsX509ExKeyUsage (Struct) RtsX509NameEntry (Struct)
RtsOID (STRUCT) ¶ TYPE RtsOID : STRUCT InOut: Name Type Comment length UDINT Lenght of the OID in memory data RtsOIDStore Storage of the OID flags UDINT Internal
RtsX509AltName (STRUCT) ¶ TYPE RtsX509AltName : STRUCT Represents an alternative name of a certificate. The alternative name can be selected out of different meanings. E.g. E-Mail address, IP-Address, URI or a DNS name. Use the corresponding fiels of the union to geht the values. The meaning is declared in the valueType field. InOut: Name Type Comment valueType RtsX509AltNameType Type of the alternative name value RtsX509AltNameStore
RtsX509CertFilter (STRUCT) ¶ TYPE RtsX509CertFilter : STRUCT InOut: Name Type filterType RtsX509CertFilterType filterContent RtsX509CertFilterContent
RtsX509CertInfo (STRUCT) ¶ TYPE RtsX509CertInfo : STRUCT This structuer contains common fiels of an certificate. Most values are stored in textual form if available. The alternative key usages and the signature algorithm are stored as RtsOID. Use the RtsOIDGetName function to get human readable names of this fields. The notBefore and notAfter fields are in UTC format and high resolution timestamp. InOut: Name Type Comment ui32StructSize UDINT Structure size. Used if the structuer is extended in the futuer. issuer RtsX509CertName Common fields of the issuer subject RtsX509CertName Common fields of the subject numOfAltNames UDINT Number of stored alternative names pAltNames POINTER TO RtsX509AltName Pointer to a list of alternative names. notBefore ULINT High resolution UTC timestamp notAfter ULINT High resolution UTC timestamp keyUsage UDINT Key usage field. Use the constans of X509CertKeyUsage to determin the key usages. Every value is represented by a specific bit of the value. numOfExKeyUsages UDINT Number of extended key usages pExKeyUsages POINTER TO RtsOID Pointer to a list of extended key usages. signatureAlgorithm RtsOID OID of the signature algorithm. Use the RtsOIDGetName to get a human readable string.