NAME
X509V3_EXT_get_nid,
X509V3_EXT_get —
retrieve X.509v3 certificate extension
methods
SYNOPSIS
#include
<openssl/x509v3.h>
const X509V3_EXT_METHOD *
X509V3_EXT_get_nid(int nid);
const X509V3_EXT_METHOD *
X509V3_EXT_get(X509_EXTENSION
*ext);
DESCRIPTION
An X.509v3 certificate extension contains an Object Identifier (OID), a boolean criticality indicator, and an opaque extension value (an ASN1_OCTET_STRING) whose meaning is determined by the OID. The library's X509V3_EXT_METHOD type, which is not yet documented in detail, contains a numeric identifier (NID) to represent the OID and various handlers for encoding, decoding, printing, and configuring the extension's value. Criticality is handled separately, for example as an argument to X509V3_add1_i2d(3).
RETURN VALUES
X509V3_EXT_get_nid() returns the
X509V3_EXT_METHOD corresponding to the numeric
identifier nid, or NULL if
there is none.
X509V3_EXT_get() returns the
X509V3_EXT_METHOD associated with the extension type
of ext, or NULL if there is
none.
SEE ALSO
i2s_ASN1_ENUMERATED_TABLE(3), OBJ_create(3), v2i_ASN1_BIT_STRING(3), X509_EXTENSION_get_object(3), X509V3_get_d2i(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- section 4.2: Certificate Extensions
HISTORY
These functions first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.
CAVEATS
In LibreSSL, these functions only support built-in nid values corresponding to static built-in objects. Other implementations have incomplete support for custom extension methods, whose API is not threadsafe, does not affect the behavior of X509_verify_cert(3), and has various other surprising quirks. Both functions prefer built-in methods over custom methods with the same OID.