NAME
DIST_POINT_new
,
DIST_POINT_free
,
CRL_DIST_POINTS_new
,
CRL_DIST_POINTS_free
,
DIST_POINT_NAME_new
,
DIST_POINT_NAME_free
,
ISSUING_DIST_POINT_new
,
ISSUING_DIST_POINT_free
—
X.509 CRL distribution point
extensions
SYNOPSIS
#include
<openssl/x509v3.h>
DIST_POINT *
DIST_POINT_new
(void);
void
DIST_POINT_free
(DIST_POINT
*dp);
CRL_DIST_POINTS *
CRL_DIST_POINTS_new
(void);
void
CRL_DIST_POINTS_free
(CRL_DIST_POINTS
*dps);
DIST_POINT_NAME *
DIST_POINT_NAME_new
(void);
void
DIST_POINT_NAME_free
(DIST_POINT_NAME
*name);
ISSUING_DIST_POINT *
ISSUING_DIST_POINT_new
(void);
void
ISSUING_DIST_POINT_free
(ISSUING_DIST_POINT
*dp);
DESCRIPTION
Using the CRL distribution point extension, a certificate can specify where to obtain certificate revocation lists that might later revoke it.
DIST_POINT_new
()
allocates and initializes an empty DIST_POINT object,
representing an ASN.1 DistributionPoint structure
defined in RFC 5280 section 4.2.1.13. It can hold issuer names, distribution
point names, and reason flags.
DIST_POINT_free
()
frees dp.
CRL_DIST_POINTS_new
()
allocates and initializes an empty CRL_DIST_POINTS
object, which is a STACK_OF(DIST_POINT) and represents
the ASN.1 CRLDistributionPoints structure defined in
RFC 5280 section 4.2.1.13. It can be used as an extension in
X509 and in X509_CRL objects.
CRL_DIST_POINTS_free
()
frees dps.
DIST_POINT_NAME_new
()
allocates and initializes an empty DIST_POINT_NAME
object, representing an ASN.1 DistributionPointName
structure defined in RFC 5280 section 4.2.1.13. It is used by the
DIST_POINT and
ISSUING_DIST_POINT objects and can hold multiple
names, each representing a different way to obtain the same CRL.
DIST_POINT_NAME_free
()
frees name.
ISSUING_DIST_POINT_new
()
allocates and initializes an empty ISSUING_DIST_POINT
object, representing an ASN.1 IssuingDistributionPoint
structure defined in RFC 5280 section 5.2.5. Using this extension, a CRL can
specify which distribution point it was issued from and which kinds of
certificates and revocation reasons it covers.
ISSUING_DIST_POINT_free
()
frees dp.
RETURN VALUES
DIST_POINT_new
(),
CRL_DIST_POINTS_new
(),
DIST_POINT_NAME_new
(), and
ISSUING_DIST_POINT_new
() return the new
DIST_POINT, CRL_DIST_POINTS,
DIST_POINT_NAME, or
ISSUING_DIST_POINT object, respectively, or
NULL
if an error occurs.
SEE ALSO
GENERAL_NAMES_new(3), X509_CRL_new(3), X509_EXTENSION_new(3), X509_NAME_new(3), X509_new(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:
- section 4.2.1.13: CRL Distribution Points
- section 5.2.5: Issuing Distribution Point
HISTORY
DIST_POINT_new
(),
DIST_POINT_free
(),
CRL_DIST_POINTS_new
(),
CRL_DIST_POINTS_free
(),
DIST_POINT_NAME_new
(), and
DIST_POINT_NAME_free
() first appeared in OpenSSL
0.9.3 and have been available since OpenBSD 2.6.
ISSUING_DIST_POINT_new
() and
ISSUING_DIST_POINT_free
() first appeared in OpenSSL
1.0.0 and have been available since OpenBSD 4.9.