NAME
X509V3_EXT_print,
X509V3_EXT_print_fp —
pretty-print an X.509
extension
SYNOPSIS
#include
<openssl/x509v3.h>
int
X509V3_EXT_print(BIO *bio,
X509_EXTENSION *ext, unsigned long
flags, int indent);
int
X509V3_EXT_print_fp(FILE *file,
X509_EXTENSION *ext, int flags,
int indent);
DESCRIPTION
X509V3_EXT_print()
and
X509V3_EXT_print_fp()
decode ext and print the data contained in it to the
bio or file, respectively, in a
human-readable format with a left margin of indent
space characters. The details of both the decoding and the printing depend
on the type of ext.
For most extension types, the decoding is done in the same way as it would be done by the appropriate public API function, for example:
- extension type
- decoding function
- d2i_AUTHORITY_KEYID(3)
NID_certificate_policies- d2i_CERTIFICATEPOLICIES(3)
NID_crl_number- d2i_ASN1_INTEGER(3)
NID_crl_reason- d2i_ASN1_ENUMERATED(3)
NID_hold_instruction_code- d2i_ASN1_OBJECT(3)
NID_id_pkix_OCSP_CrlID- d2i_OCSP_CRLID(3)
NID_id_pkix_OCSP_noCheck- d2i_ASN1_NULL(3)
NID_id_pkix_OCSP_Nonce- non-public function built into the library
NID_invalidity_date- d2i_ASN1_GENERALIZEDTIME(3)
NID_key_usage- d2i_ASN1_BIT_STRING(3)
NID_subject_alt_name- d2i_GENERAL_NAMES(3)
NID_subject_key_identifier- d2i_ASN1_OCTET_STRING(3)
For some types, the printing is performed by a dedicated non-public function built into the library. For some other types, the printing function is a public API function, for example:
- extension type
- printing function
NID_crl_number- i2s_ASN1_INTEGER(3)
NID_crl_reason- i2s_ASN1_ENUMERATED_TABLE(3)
NID_delta_crl- i2s_ASN1_INTEGER(3)
NID_hold_instruction_code- i2a_ASN1_OBJECT(3)
NID_id_pkix_OCSP_archiveCutoff- ASN1_GENERALIZEDTIME_print(3)
NID_id_pkix_OCSP_Nonce- i2a_ASN1_STRING(3)
NID_inhibit_any_policy- i2s_ASN1_INTEGER(3)
NID_invalidity_date- ASN1_GENERALIZEDTIME_print(3)
NID_key_usage- i2v_ASN1_BIT_STRING(3)
NID_subject_key_identifier- i2s_ASN1_OCTET_STRING(3)
Some of the public printing functions are not documented yet.
If ext is of an unknown extension type or if decoding fails while using the decoding function for the relevant type, the action taken depends on the flags argument:
- If the bit
X509V3_EXT_PARSE_UNKNOWNis set, ASN1_parse_dump(3) is called on the BER-encoded data of the extension, passing -1 for the dump argument. Thus, some information about the encoding of the extension gets printed and some about its decoded content, falling back to BIO_dump_indent(3) for the decoded content unless a dedicated printing method is known for the respective data type(s). Note that even if an extension type is unknown, the data type used by the unknown extension, or, if that data type is constructed, of the values contained in it, may still be known, which may allow printing the content of even an unknown extension in a structured or partially structured form. - If the bit
X509V3_EXT_DUMP_UNKNOWNis set, BIO_dump_indent(3) is called on the BER-encoded data of the extension without decoding it first, which is usually less readable than the above but poses a smaller risk of omitting or misrepresenting parts of the information. - If the bit
X509V3_EXT_ERROR_UNKNOWNis set, only the fixed string "<Not Supported>" is printed for an unknown type or only the fixed string "<Parse Error>" if the parsing functions fails, but printing is considered as successful anyway. - If more than one of these three bits is set, or if a bit in
X509V3_EXT_UNKNOWN_MASKis set that is not listed above, nothing is printed, but printing is considered as successful anyway. - If none of the bits in
X509V3_EXT_UNKNOWN_MASKare set, nothing is printed and printing is considered as failed.
RETURN VALUES
X509V3_EXT_print() and
X509V3_EXT_print_fp() return 0 if failure was both
detected and considered relevant. Otherwise, 1 is returned, and in general
the user cannot tell whether failure simply went undetected, whether the
function detected failure but regarded it as irrelevant, or whether printing
did indeed succeed.
SEE ALSO
BIO_new(3), X509_EXTENSION_new(3), X509_get0_extensions(3), X509_get_ext(3), X509V3_extensions_print(3)
HISTORY
These functions first appeared in OpenSSL 0.9.2 and have been available since OpenBSD 2.6.
BUGS
These functions lack error handling throughout. When a write operation fails, they will usually ignore the fact that information was omitted from the output and report success to the caller anyway.