OpenBSD manual page server

Manual Page Search Parameters

ACCESS_DESCRIPTION_NEW(3) Library Functions Manual ACCESS_DESCRIPTION_NEW(3)

ACCESS_DESCRIPTION_new, ACCESS_DESCRIPTION_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_INFO_ACCESS_freeX.509 information access extensions

#include <openssl/x509v3.h>

ACCESS_DESCRIPTION *
ACCESS_DESCRIPTION_new(void);

void
ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *ad);

AUTHORITY_INFO_ACCESS
AUTHORITY_INFO_ACCESS_new(void);

void
AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *aia);

Using the information access extensions, certificates and certificate revocation lists can point to auxiliary information and services available online, for example online validation services or CA policy data.

() allocates and initializes an empty ACCESS_DESCRIPTION object, representing an ASN.1 AccessDescription structure defined in RFC 5280 section 4.2.2.1. It can hold a pointer to a GENERAL_NAME object documented in GENERAL_NAME_new(3) and an access method identifier. () frees ad.

The access method identifier is somewhat misnamed; it identifies the type and format of the information provided. How to access that information is often obvious from the GENERAL_NAME which may for example include a uniform resource identifier.

Four standard access method identifiers are defined in RFC 5280:

() allocates and initializes an empty AUTHORITY_INFO_ACCESS object, which is a STACK_OF(ACCESS_DESCRIPTION) and represents an ASN.1 AuthorityInfoAccessSyntax structure defined in RFC 5280 section 4.2.2.1. It can be used for the authority information access extension of certificates and certificate revocation lists and for the subject information access extension of certificates. () frees aia.

ACCESS_DESCRIPTION_new() and AUTHORITY_INFO_ACCESS_new() return the new ACCESS_DESCRIPTION or AUTHORITY_INFO_ACCESS object, respectively, or NULL if an error occurs.

d2i_ACCESS_DESCRIPTION(3), DIST_POINT_new(3), GENERAL_NAME_new(3), OCSP_REQUEST_new(3), TS_REQ_new(3), X509_CRL_new(3), X509_EXTENSION_new(3), X509_new(3)

These extensions are only defined in the following RFC and not specified in the underlying X.509 standard.

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:

Regarding OCSP and TSP, see:

RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol

RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol

ACCESS_DESCRIPTION_new(), ACCESS_DESCRIPTION_free(), AUTHORITY_INFO_ACCESS_new(), and AUTHORITY_INFO_ACCESS_free() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

March 31, 2022 OpenBSD-7.3