OpenBSD manual page server

NAME

X509_EXTENSION_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data — create, change, and inspect X.509 Extension objects

SYNOPSIS

#include <openssl/x509.h>

X509_EXTENSION *
X509_EXTENSION_new(void);

X509_EXTENSION *
X509_EXTENSION_dup(X509_EXTENSION *ex);

void
X509_EXTENSION_free(X509_EXTENSION *ex);

X509_EXTENSION *
X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data);

X509_EXTENSION *
X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data);

int
X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);

int
X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);

int
X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);

ASN1_OBJECT *
X509_EXTENSION_get_object(X509_EXTENSION *ex);

int
X509_EXTENSION_get_critical(const X509_EXTENSION *ex);

ASN1_OCTET_STRING *
X509_EXTENSION_get_data(X509_EXTENSION *ex);

DESCRIPTION

X509_EXTENSION_new() allocates and initializes an empty X509_EXTENSION object, representing an ASN.1 Extension structure defined in RFC 5280 section 4.1. It is a wrapper object around specific extension objects of different types and stores an extension type identifier and a criticality flag in addition to the DER-encoded form of the wrapped object. X509_EXTENSION objects can be used for X.509 v3 certificates inside X509_CINF objects and for X.509 v2 certificate revocation lists inside X509_CRL_INFO and X509_REVOKED objects.

X509_EXTENSION_dup() creates a deep copy of ex using ASN1_item_dup(3).

X509_EXTENSION_free() frees ex and all objects it is using.

X509_EXTENSION_create_by_NID() creates an extension of type nid and criticality crit using data data. The created extension is returned and written to *ex reusing or allocating a new extension if necessary, so *ex should either be NULL or a valid X509_EXTENSION structure. It must not be an uninitialised pointer.

X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID() except that it creates an extension using obj instead of a NID.

X509_EXTENSION_set_object() sets the extension type of ex to obj. The obj pointer is duplicated internally so obj should be freed up after use.

X509_EXTENSION_set_critical() sets the criticality of ex to crit. If crit is zero, the extension in non-critical, otherwise it is critical.

X509_EXTENSION_set_data() sets the data in extension ex to data. The data pointer is duplicated internally.

X509_EXTENSION_get_object() returns the extension type of ex as an ASN1_OBJECT pointer. The returned pointer is an internal value which must not be freed up.

X509_EXTENSION_get_critical() returns the criticality of extension ex it returns 1 for critical and 0 for non-critical.

X509_EXTENSION_get_data() returns the data of extension ex. The returned pointer is an internal value which must not be freed up.

These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d(3) and X509_get_ext_d2i(3).

The data associated with an extension is the extension encoding in an ASN1_OCTET_STRING structure.

RETURN VALUES

X509_EXTENSION_new(), X509_EXTENSION_dup(), X509_EXTENSION_create_by_NID(), and X509_EXTENSION_create_by_OBJ() return an X509_EXTENSION pointer or NULL if an error occurs.

X509_EXTENSION_set_object(), X509_EXTENSION_set_critical(), and X509_EXTENSION_set_data() return 1 for success or 0 for failure.

X509_EXTENSION_get_object() returns an ASN1_OBJECT pointer.

X509_EXTENSION_get_critical() returns 0 for non-critical or 1 for critical.

X509_EXTENSION_get_data() returns an ASN1_OCTET_STRING pointer.

SEE ALSO

ACCESS_DESCRIPTION_new(3), AUTHORITY_KEYID_new(3), BASIC_CONSTRAINTS_new(3), d2i_X509_EXTENSION(3), DIST_POINT_new(3), ESS_SIGNING_CERT_new(3), EXTENDED_KEY_USAGE_new(3), GENERAL_NAME_new(3), NAME_CONSTRAINTS_new(3), OCSP_CRLID_new(3), OCSP_SERVICELOC_new(3), PKEY_USAGE_PERIOD_new(3), POLICYINFO_new(3), TS_REQ_new(3), X509_check_ca(3), X509_check_host(3), X509_check_issued(3), X509_get_extension_flags(3), X509_REQ_add_extensions(3), X509V3_EXT_print(3), X509V3_extensions_print(3), X509V3_get_d2i(3), X509v3_get_ext_by_NID(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

HISTORY

X509_EXTENSION_new() and X509_EXTENSION_free() first appeared in SSLeay 0.6.2, X509_EXTENSION_dup() in SSLeay 0.6.5, and X509_EXTENSION_create_by_NID(), X509_EXTENSION_create_by_OBJ(), X509_EXTENSION_set_object(), X509_EXTENSION_set_critical(), X509_EXTENSION_set_data(), X509_EXTENSION_get_object(), X509_EXTENSION_get_critical(), and X509_EXTENSION_get_data() in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4.