Página inicial Explorar Ajuda
Entrar
OWEALs
/
openssl
mirror de git://git.openssl.org/openssl.git
2
0
Fork 0
Arquivos Issues 1 Wiki
Tree: 6594baf645
Branches Tags
openssl
/
doc
/
man3
/
X509V3_set_ctx.pod

X509V3_set_ctx.pod 2.7 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. X509V3_set_ctx,
    6. 

  6. X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
    7. 

  7. 

  8. =head1 SYNOPSIS
    9. 

  9. 

  10.  #include <openssl/x509v3.h>
    11. 

  11. 

  12.  void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
    13. 

  13.                      X509_REQ *req, X509_CRL *crl, int flags);
    14. 

  14.  int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);
    15. 

  15. 

  16. =head1 DESCRIPTION
    17. 

  17. 

  18. X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
    19. 

  19. providing details potentially needed by functions producing X509 v3 extensions.
    20. 

  20. These may make use of fields of the certificate I<subject>, the certification
    21. 

  21. request I<req>, or the certificate revocation list I<crl>.
    22. 

  22. At most one of these three parameters can be non-NULL.
    23. 

  23. When constructing the subject key identifier of a certificate by computing a
    24. 

  24. hash value of its public key, the public key is taken from I<subject> or I<req>.
    25. 

  25. Similarly, when constructing subject alternative names from any email addresses
    26. 

  26. contained in a subject DN, the subject DN is taken from I<subject> or I<req>.
    27. 

  27. If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for
    28. 

  28. instance as a reference for generating the authority key identifier extension.
    29. 

  29. I<issuer> may be the same pointer value as I<subject> (which usually is an
    30. 

  30. indication that the I<subject> certificate is self-issued or even self-signed).
    31. 

  31. In this case the fallback source for generating the authority key identifier
    32. 

  32. extension will be taken from any value provided using X509V3_set_issuer_pkey().
    33. 

  33. I<flags> may be 0
    34. 

  34. or contain B<X509V3_CTX_TEST>, which means that just the syntax of
    35. 

  35. extension definitions is to be checked without actually producing any extension,
    36. 

  36. or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
    37. 

  37. defined in some configuration section shall replace any already existing
    38. 

  38. extension with the same OID.
    39. 

  39. 

  40. X509V3_set_issuer_pkey() explicitly sets the issuer private key of
    41. 

  41. the subject certificate that has been provided in I<ctx>.
    42. 

  42. This should be done in case the I<issuer> and I<subject> arguments to
    43. 

  43. X509V3_set_ctx() have the same pointer value
    44. 

  44. to provide fallback data for the authority key identifier extension.
    45. 

  45. 

  46. =head1 RETURN VALUES
    47. 

  47. 

  48. X509V3_set_ctx() and X509V3_set_issuer_pkey()
    49. 

  49. return 1 on success and 0 on error.
    50. 

  50. 

  51. =head1 SEE ALSO
    52. 

  52. 

  53. L<X509_add_ext(3)>
    54. 

  54. 

  55. =head1 HISTORY
    56. 

  56. 

  57. X509V3_set_issuer_pkey() was added in OpenSSL 3.0.
    58. 

  58. 

  59. CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
    60. 

  60. 

  61. =head1 COPYRIGHT
    62. 

  62. 

  63. Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
    64. 

  64. 

  65. Licensed under the Apache License 2.0 (the "License").  You may not use
    66. 

  66. this file except in compliance with the License.  You can obtain a copy
    67. 

  67. in the file LICENSE in the source distribution or at
    68. 

  68. L<https://www.openssl.org/source/license.html>.
    69. 

  69. 

  70. =cut
    71.