DragonFly On-Line Manual Pages

Search: Section:  

ESS_SIGNING_CERT_N... DragonFly Library Functions Manual ESS_SIGNING_CERT_N...


NAME

     ESS_SIGNING_CERT_new, ESS_SIGNING_CERT_free, ESS_CERT_ID_new,
     ESS_CERT_ID_free, ESS_ISSUER_SERIAL_new, ESS_ISSUER_SERIAL_free -- sign-
     ing certificates for S/MIME


SYNOPSIS

     #include <openssl/ts.h>

     ESS_SIGNING_CERT *
     ESS_SIGNING_CERT_new(void);

     void
     ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *signing_cert);

     ESS_CERT_ID *
     ESS_CERT_ID_new(void);

     void
     ESS_CERT_ID_free(ESS_CERT_ID *cert_id);

     ESS_ISSUER_SERIAL *
     ESS_ISSUER_SERIAL_new(void);

     void
     ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *issuer_serial);


DESCRIPTION

     The signing certificate may be included in the signedAttributes field of
     a SignerInfo structure to mitigate simple substitution and re-issue
     attacks.

     ESS_SIGNING_CERT_new() allocates and initializes an empty
     ESS_SIGNING_CERT object, representing an ASN.1 SigningCertificate struc-
     ture defined in RFC 2634 section 5.4.  It can hold the certificate used
     for signing the data, additional authorization certificates that can be
     used during validation, and policies applying to the certificate.
     ESS_SIGNING_CERT_free() frees signing_cert.

     ESS_CERT_ID_new() allocates and initializes an empty ESS_CERT_ID object,
     representing an ASN.1 ESSCertID structure defined in RFC 2634 section
     5.4.1.  Such objects can be used inside ESS_SIGNING_CERT objects, and
     each one can hold a SHA1 hash of one certificate.	ESS_CERT_ID_free()
     frees cert_id.

     ESS_ISSUER_SERIAL_new() allocates and initializes an empty
     ESS_ISSUER_SERIAL object, representing an ASN.1 IssuerSerial structure
     defined in RFC 2634 section 5.4.1.  It can hold an issuer name and a
     serial number and can be included in an ESS_CERT_ID object, which is use-
     ful for additional authorization certificates, but redundant for the
     signing certificate itself.  ESS_ISSUER_SERIAL_free() frees
     issuer_serial.


RETURN VALUES

     ESS_SIGNING_CERT_new(), ESS_CERT_ID_new(), and ESS_ISSUER_SERIAL_new()
     return the new ESS_SIGNING_CERT, ESS_CERT_ID, or ESS_ISSUER_SERIAL
     object, respectively, or NULL if an error occurred.


STANDARDS

     RFC 2634: Enhanced Security Services for S/MIME, section 5: Signing Cer-
     tificate Attribute

     Note that RFC 2634 has been updated by RFC 5035: Enhanced Security Ser-
     vices (ESS) Update: Adding CertID Algorithm Agility.  But the current
     implementation only supports the Signing Certificate Attribute Definition
     Version 1 according to RFC 2634, not the Signing Certificate Attribute
     Definition Version 2 according to RFC 5035.


HISTORY

     These functions first appeared in OpenSSL 1.0.0 and have been available
     since OpenBSD 4.9.

DragonFly 5.5			March 23, 2018			 DragonFly 5.5

Search: Section: