NAME
X509V3_EXT_get_nid
,
X509V3_EXT_get
—
retrieve X.509v3 certificate extension
methods
SYNOPSIS
#include
<openssl/x509v3.h>
const X509V3_EXT_METHOD *
X509V3_EXT_get_nid
(int nid);
const X509V3_EXT_METHOD *
X509V3_EXT_get
(X509_EXTENSION
*ext);
DESCRIPTION
An X.509v3 certificate extension contains an Object Identifier (OID), a boolean criticality indicator, and an opaque extension value (an ASN1_OCTET_STRING) whose meaning is determined by the OID. The library's X509V3_EXT_METHOD type, which is not yet documented in detail, contains a numeric identifier to represent the OID and various handlers for encoding, decoding, printing, and configuring the extension's value. Criticality is handled separately, for example as an argument to X509V3_add1_i2d(3).
RETURN VALUES
X509V3_EXT_get_nid
() returns the
X509V3_EXT_METHOD corresponding to the numeric
identifier nid, or NULL
if
there is none.
X509V3_EXT_get
() returns the
X509V3_EXT_METHOD associated with the extension type
of ext, or NULL
if there is
none.
SEE ALSO
i2s_ASN1_ENUMERATED_TABLE(3), OBJ_create(3), X509_EXTENSION_get_object(3), X509V3_get_d2i(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- section 4.2: Certificate Extensions
HISTORY
These functions first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.
CAVEATS
LibreSSL only supports built-in extension methods. Other implementations have incomplete support for custom extension methods, whose API is not threadsafe, does not affect the behavior of X509_verify_cert(3), and has various other surprising quirks. Both functions prefer built-in methods over custom methods with the same OID.