OpenBSD manual page server

Manual Page Search Parameters

ESS_SIGNING_CERT_NEW(3) Library Functions Manual ESS_SIGNING_CERT_NEW(3)

ESS_SIGNING_CERT_new, ESS_SIGNING_CERT_free, ESS_CERT_ID_new, ESS_CERT_ID_free, ESS_ISSUER_SERIAL_new, ESS_ISSUER_SERIAL_freesigning certificates for S/MIME

#include <openssl/ts.h>

ESS_SIGNING_CERT *
ESS_SIGNING_CERT_new(void);

void
ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *signing_cert);

ESS_CERT_ID *
ESS_CERT_ID_new(void);

void
ESS_CERT_ID_free(ESS_CERT_ID *cert_id);

ESS_ISSUER_SERIAL *
ESS_ISSUER_SERIAL_new(void);

void
ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *issuer_serial);

The signing certificate may be included in the signedAttributes field of a SignerInfo structure to mitigate simple substitution and re-issue attacks.

() allocates and initializes an empty ESS_SIGNING_CERT object, representing an ASN.1 SigningCertificate structure defined in RFC 2634 section 5.4. It can hold the certificate used for signing the data, additional authorization certificates that can be used during validation, and policies applying to the certificate. () frees signing_cert.

() allocates and initializes an empty ESS_CERT_ID object, representing an ASN.1 ESSCertID structure defined in RFC 2634 section 5.4.1. Such objects can be used inside ESS_SIGNING_CERT objects, and each one can hold a SHA1 hash of one certificate. () frees cert_id.

() allocates and initializes an empty ESS_ISSUER_SERIAL object, representing an ASN.1 IssuerSerial structure defined in RFC 2634 section 5.4.1. It can hold an issuer name and a serial number and can be included in an ESS_CERT_ID object, which is useful for additional authorization certificates, but redundant for the signing certificate itself. () frees issuer_serial.

ESS_SIGNING_CERT_new(), ESS_CERT_ID_new(), and ESS_ISSUER_SERIAL_new() return the new ESS_SIGNING_CERT, ESS_CERT_ID, or ESS_ISSUER_SERIAL object, respectively, or NULL if an error occurred.

d2i_ESS_SIGNING_CERT(3)

RFC 2634: Enhanced Security Services for S/MIME, section 5: Signing Certificate Attribute

Note that RFC 2634 has been updated by RFC 5035: Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility. But the current implementation only supports the Signing Certificate Attribute Definition Version 1 according to RFC 2634, not the Signing Certificate Attribute Definition Version 2 according to RFC 5035.

These functions first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

June 6, 2019 OpenBSD-7.4