OpenBSD manual page server

Manual Page Search Parameters

X509_ADD1_TRUST_OBJECT(3) Library Functions Manual X509_ADD1_TRUST_OBJECT(3)

X509_add1_trust_object, X509_trust_clear, X509_add1_reject_object, X509_reject_clearmark an X.509 certificate as intended for a specific purpose

#include <openssl/x509.h>

int
X509_add1_trust_object(X509 *x, const ASN1_OBJECT *purpose);

void
X509_trust_clear(X509 *x);

int
X509_add1_reject_object(X509 *x, const ASN1_OBJECT *purpose);

void
X509_reject_clear(X509 *x);

() appends a deep copy of the purpose object to the set of intended purposes that x contains as non-standard auxiliary data. The function OBJ_nid2obj(3) can be used to create appropriate purpose objects from the NID_* constants mentioned in X509_check_purpose(3), even though the X509_PURPOSE_* constants listed in that manual page are not intended for use with X509_add1_trust_object().

() frees and removes all purpose objects from the set of intended purposes in the non-standard auxiliary data of x.

() and () are similar except that they operate on a set of unintended purposes.

As an alternative to using the functions documented in the present manual page, X.509 certificate extensions can be used. At the price of higher complexity, those allow storing the purpose inside the certificate itself in a standard-conforming way rather than merely in non-standard auxiliary data associated with the certificate. See EXTENDED_KEY_USAGE_new(3) for details.

X509_add1_trust_object() and X509_add1_reject_object() return the new number of purposes in the respective set or 0 if an error occurs, in particular if memory allocation fails or if x does not contain a sub-object that can hold non-standard auxiliary data.

ASN1_OBJECT_new(3), EXTENDED_KEY_USAGE_new(3), OBJ_nid2obj(3), X509_CERT_AUX_new(3), X509_check_trust(3), X509_new(3)

These functions first appeared in OpenSSL 0.9.4 and have been available since OpenBSD 2.7.

July 24, 2021 OpenBSD-7.2