DragonFly On-Line Manual Pages

Search: Section:  

SXNET_NEW(3)	      DragonFly Library Functions Manual	  SXNET_NEW(3)


NAME

     SXNET_new, SXNET_free, SXNETID_new, SXNETID_free, d2i_SXNET, i2d_SXNET,
     d2i_SXNETID, i2d_SXNETID -- Thawte strong extranet X.509 extension


SYNOPSIS

     #include <openssl/x509v3.h>

     SXNET *
     SXNET_new(void);

     void
     SXNET_free(SXNET *sxnet);

     SXNETID *
     SXNETID_new(void);

     void
     SXNETID_free(SXNETID *sxnetid);

     SXNET *
     d2i_SXNET(SXNET **val_out, const unsigned char **der_in, long length);

     int
     i2d_SXNET(SXNET *val_in, unsigned char **der_out);

     SXNETID *
     d2i_SXNETID(SXNETID **val_out, const unsigned char **der_in,
	 long length);

     int
     i2d_SXNETID(SXNETID *val_in, unsigned char **der_out);


DESCRIPTION

     SXNET_new() allocates and initializes an empty SXNET object representing
     a non-standard proprietary Thawte strong extranet X.509 extension.
     SXNET_free() frees sxnet.

     SXNETID_new() allocates and initializes an empty SXNETID object.  It is
     used inside SXNET.  SXNETID_free() frees sxnetid.

     The remaining functions decode and encode these objects using DER format.
     For details about the semantics, examples, caveats, and bugs, see
     ASN1_item_d2i(3).


RETURN VALUES

     SXNET_new() and d2i_SXNET() return an SXNET object or NULL if an error
     occurs.

     SXNETID_new() and d2i_SXNETID() return an SXNETID object or NULL if an
     error occurs.

     i2d_SXNET() and i2d_SXNETID() return the number of bytes successfully
     encoded or a negative value if an error occurs.


SEE ALSO

     X509_EXTENSION_new(3), X509_new(3)

     M. Shuttleworth, The Strong Extranet: real-world personal certification,
     Thawte Consulting, 1998.


HISTORY

     These functions first appeared in OpenSSL 0.9.3 and have been available
     since OpenBSD 2.6.


BUGS

     This manual page does not explain what the extension actually does
     because no authoritative information was found online so far.

     The only hint was found in an ancient white paper "Securing IBM Applica-
     tions with Public Key Infrastructure" on the IBM website, dated June 13,
     2001: "Thawte also has a technology called Strong Extranet that allows
     institutions to encode customer information in the extensions to their
     customer's certificates.  Because multiple institutions can add informa-
     tion, the user needs only one certificate, making renewal and revocation
     simpler, although the issue of modifying an extension to an existing cer-
     tificate is not addressed."

     It is unclear whether that explanation is accurate, but in any case, it
     is not very specific.

DragonFly 5.5			March 21, 2018			 DragonFly 5.5

Search: Section: