DragonFly On-Line Manual Pages
ACCESS_DESCRIPTION... DragonFly Library Functions Manual ACCESS_DESCRIPTION...
NAME
ACCESS_DESCRIPTION_new, ACCESS_DESCRIPTION_free,
AUTHORITY_INFO_ACCESS_new, AUTHORITY_INFO_ACCESS_free -- X.509 informa-
tion access extensions
SYNOPSIS
#include <openssl/x509v3.h>
ACCESS_DESCRIPTION *
ACCESS_DESCRIPTION_new(void);
void
ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *ad);
AUTHORITY_INFO_ACCESS
AUTHORITY_INFO_ACCESS_new(void);
void
AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *aia);
DESCRIPTION
Using the information access extensions, certificates and certificate
revocation lists can point to auxiliary information and services avail-
able online, for example online validation services or CA policy data.
ACCESS_DESCRIPTION_new() allocates and initializes an empty
ACCESS_DESCRIPTION object, representing an ASN.1 AccessDescription struc-
ture defined in RFC 5280 section 4.2.2.1. It can hold a pointer to a
GENERAL_NAME object documented in GENERAL_NAME_new(3) and an access
method identifier. ACCESS_DESCRIPTION_free() frees ad.
The access method identifier is somewhat misnamed; it identifies the type
and format of the information provided. How to access that information
is often obvious from the GENERAL_NAME which may for example include a
uniform resource identifier.
Four standard access method identifiers are defined in RFC 5280:
* "id-ad-caIssuers" can occur in the authority information access
extension of certificates and certificate revocation lists and pro-
vides access to certificates issued to the CA that issued the cer-
tificate, or provides access to certificates used for signing the
CRL, in order to help constructing a certification path.
* "id-ad-ocsp" can occur in the authority information access extension
of certificates and provides access to revocation information via the
Online Certificate Status Protocol (OCSP) defined in RFC 6960.
* "id-ad-caRepository" can occur in the subject information access
extension of CA certificates and provides access to an online reposi-
tory of certificates issued by the CA.
* "id-ad-timeStamping" can occur in the subject information access
extension of end entity certificates and indicates that the subject
offers timestamping services using the Time Stamp Protocol defined in
RFC 3161.
AUTHORITY_INFO_ACCESS_new() allocates and initializes an empty
AUTHORITY_INFO_ACCESS object, which is a STACK_OF(ACCESS_DESCRIPTION) and
represents an ASN.1 AuthorityInfoAccessSyntax structure defined in RFC
5280 section 4.2.2.1. If can be used for the authority information
access extension of certificates and certificate revocation lists and for
the subject information access extension of certificates.
AUTHORITY_INFO_ACCESS_free() frees aia.
RETURN VALUES
ACCESS_DESCRIPTION_new() and AUTHORITY_INFO_ACCESS_new() return the new
ACCESS_DESCRIPTION or AUTHORITY_INFO_ACCESS object, respectively, or NULL
if an error occurs.
SEE ALSO
DIST_POINT_new(3), GENERAL_NAME_new(3), OCSP_REQUEST_new(3),
TS_REQ_new(3), X509_CRL_new(3), X509_EXTENSION_new(3), X509_new(3)
STANDARDS
These extensions are only defined in the following RFC and not specified
in the underlying X.509 standard.
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Cer-
tificate Revocation List (CRL) Profile:
- section 4.2.2.1: Certificate Extensions: Authority Information Access
- section 4.2.2.2: Certificate Extensions: Subject Information Access
- section 5.2.7: CRL Extensions: Authority Information Access
Regarding OCSP and TSP, see:
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol
RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol
HISTORY
ACCESS_DESCRIPTION_new(), ACCESS_DESCRIPTION_free(),
AUTHORITY_INFO_ACCESS_new(), and AUTHORITY_INFO_ACCESS_free() first
appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.
DragonFly 5.5 March 22, 2018 DragonFly 5.5