71 lines
2.7 KiB
Plaintext
71 lines
2.7 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
X509V3_set_ctx,
|
|
X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
|
|
X509_REQ *req, X509_CRL *crl, int flags);
|
|
int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
|
|
providing details potentially needed by functions producing X509 v3 extensions.
|
|
These may make use of fields of the certificate I<subject>, the certification
|
|
request I<req>, or the certificate revocation list I<crl>.
|
|
At most one of these three parameters can be non-NULL.
|
|
When constructing the subject key identifier of a certificate by computing a
|
|
hash value of its public key, the public key is taken from I<subject> or I<req>.
|
|
Similarly, when constructing subject alternative names from any email addresses
|
|
contained in a subject DN, the subject DN is taken from I<subject> or I<req>.
|
|
If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for
|
|
instance as a reference for generating the authority key identifier extension.
|
|
I<issuer> may be the same pointer value as I<subject> (which usually is an
|
|
indication that the I<subject> certificate is self-issued or even self-signed).
|
|
In this case the fallback source for generating the authority key identifier
|
|
extension will be taken from any value provided using X509V3_set_issuer_pkey().
|
|
I<flags> may be 0
|
|
or contain B<X509V3_CTX_TEST>, which means that just the syntax of
|
|
extension definitions is to be checked without actually producing any extension,
|
|
or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
|
|
defined in some configuration section shall replace any already existing
|
|
extension with the same OID.
|
|
|
|
X509V3_set_issuer_pkey() explicitly sets the issuer private key of
|
|
the subject certificate that has been provided in I<ctx>.
|
|
This should be done in case the I<issuer> and I<subject> arguments to
|
|
X509V3_set_ctx() have the same pointer value
|
|
to provide fallback data for the authority key identifier extension.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
X509V3_set_ctx() and X509V3_set_issuer_pkey()
|
|
return 1 on success and 0 on error.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<X509_add_ext(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
X509V3_set_issuer_pkey() was added in OpenSSL 3.0.
|
|
|
|
CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|