Improve documentation of mbedtls_x509_crt_parse()

Fixes #1883.
2025-11-04 04:32:24 -05:00 · 2018-08-23 15:46:33 +01:00 · 2018-08-23 15:46:33 +01:00 · 65e619a1fa
commit 65e619a1fa
parent d22c1b2445
1 changed files with 26 additions and 11 deletions
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@ -175,19 +175,34 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
                        size_t buflen );
 /**
- * \brief          Parse one or more certificates and add them
+ * \brief          Parse one DER-encoded or multiple concatenated PEM-encoded
- *                 to the chained list. Parses permissively. If some
+ *                 certificates and add them to the chained list.
 *                 certificates can be parsed, the result is the number
 *                 of failed certificates it encountered. If none complete
 *                 correctly, the first error is returned.
 *
- * \param chain    points to the start of the chain
+ *                 For PEM-encoded CRTs, the function parses permissively:
- * \param buf      buffer holding the certificate data in PEM or DER format
+ *                 If at least one certificate can be parsed, the function
- * \param buflen   size of the buffer
+ *                 returns the number of certificates for which parsing failed
- *                 (including the terminating null byte for PEM data)
+ *                 (hence \c 0 if all certificates were parsed successfully).
 *                 If no certificate could be parsed, the function returns
 *                 the first (negative) error encountered during parsing.
 *
 *                 PEM encoded certificates may be interleaved by other data
 *                 such as human readable descriptions of their content, as
 *                 long as the certificates are enclosed in the PEM specific
 *                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
 *
 * \param chain    The chain to which to add the parsed certificates.
 * \param buf      The buffer holding the certificate data in PEM or DER format.
 *                 For certificates in PEM encoding, this may be a concatenation
 *                 of multiple certificates; for DER encoding, the buffer must
 *                 comprise exactly one certificate.
 * \param buflen   The size of \p buf, including the terminating \c NULL byte
 *                 in case of PEM encoded data.
 *
 * \return         \c 0 if all certificates were parsed successfully.
 * \return         The (positive) number of certificates that couldn't
 *                 be parsed if parsing was partly successful (see above).
 * \return         A negative X509- or PEM-specific error code otherwise.
 *
 * \return         0 if all certificates parsed successfully, a positive number
 *                 if partly successful or a specific X509 or PEM error code
 */
 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );