OpenBSD manual page server

Manual Page Search Parameters

X509V3_ADDR_GET_RANGE(3) Library Functions Manual X509V3_ADDR_GET_RANGE(3)

X509v3_addr_get_afi, X509v3_addr_get_rangeparse helpers for the IP address delegation extension

#include <openssl/x509v3.h>

unsigned
X509v3_addr_get_afi(const IPAddressFamily *af);

int
X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, unsigned char *min, unsigned char *max, const int length);

() returns the address family identifier (AFI) of af.

() converts the minimum and maximum addresses in the address prefix or range aor from internal encoding to IP addresses in network byte order and places copies in the arrays min and max, of size length. The length must be large enough to accommodate an address for afi, which is at least 4 for IANA_AFI_IPV4 and at least 16 for IANA_AFI_IPV6.

X509v3_addr_get_afi() returns the AFI encoded in af or 0 if af does not contain a valid AFI, or if the AFI is not IPv4 or IPv6.

X509v3_addr_get_range() returns the number of bytes copied into min and max or 0 on error. An error occurs if aor is malformed, if afi is not IANA_AFI_IPV4 or IANA_AFI_IPV6, if either min or max is NULL, or if length is smaller than 4 or 16, respectively.

crypto(3), inet_ntop(3), IPAddressRange_new(3), X509_new(3), X509v3_addr_add_inherit(3)

RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:

Address Family Numbers, https://www.iana.org/assignments/address-family-numbers.

These functions first appeared in OpenSSL 0.9.8e and have been available since OpenBSD 7.1.

There is no accessor for the SAFI of af.

An error from X509v3_addr_get_afi() is indistinguishable from the reserved AFI 0 being set on af.

It is not entirely clear how a caller is supposed to obtain an IPAddressFamily object or an IPAddressOrRange object without reaching into various structs documented in IPAddressRange_new(3).

September 30, 2023 OpenBSD-7.4