OpenBSD manual page server

Manual Page Search Parameters

X509V3_EXT_GET_NID(3) Library Functions Manual X509V3_EXT_GET_NID(3)

X509V3_EXT_get_nid, X509V3_EXT_getretrieve X.509v3 certificate extension methods

#include <openssl/x509v3.h>

const X509V3_EXT_METHOD *
X509V3_EXT_get_nid(int nid);

const X509V3_EXT_METHOD *
X509V3_EXT_get(X509_EXTENSION *ext);

An X.509v3 certificate extension contains an Object Identifier (OID), a boolean criticality indicator, and an opaque extension value (an ASN1_OCTET_STRING) whose meaning is determined by the OID. The library's X509V3_EXT_METHOD type, which is not yet documented in detail, contains a numeric identifier to represent the OID and various handlers for encoding, decoding, printing, and configuring the extension's value. Criticality is handled separately, for example as an argument to X509V3_add1_i2d(3).

X509V3_EXT_get_nid() returns the X509V3_EXT_METHOD corresponding to the numeric identifier nid, or NULL if there is none.

X509V3_EXT_get() returns the X509V3_EXT_METHOD associated with the extension type of ext, or NULL if there is none.

i2s_ASN1_ENUMERATED_TABLE(3), OBJ_create(3), X509_EXTENSION_get_object(3), X509V3_get_d2i(3)

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

These functions first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.

LibreSSL only supports built-in extension methods. Other implementations have incomplete support for custom extension methods, whose API is not threadsafe, does not affect the behavior of X509_verify_cert(3), and has various other surprising quirks. Both functions prefer built-in methods over custom methods with the same OID.

May 14, 2024 OpenBSD-current