DragonFly On-Line Manual Pages

Search: Section:  

X509_ATTRIBUTE_NEW(3) DragonFly Library Functions Manual X509_ATTRIBUTE_NEW(3)


NAME

     X509_ATTRIBUTE_new, X509_ATTRIBUTE_free -- generic X.501 Attribute


SYNOPSIS

     #include <openssl/x509.h>

     X509_ATTRIBUTE *
     X509_ATTRIBUTE_new(void);

     void
     X509_ATTRIBUTE_free(X509_ATTRIBUTE *attr);


DESCRIPTION

     In the X.501 standard, an Attribute is the fundamental ASN.1 data type
     used to represent any kind of property of any kind of directory entry.
     In OpenSSL, very few objects use it directly, most notably the
     X509_REQ_INFO object used for PKCS#10 certification requests described in
     X509_REQ_new(3), the PKCS8_PRIV_KEY_INFO object used for PKCS#8 private
     key information described in PKCS8_PRIV_KEY_INFO_new(3), and the
     PKCS12_SAFEBAG container object described in PKCS12_SAFEBAG_new(3).

     X509_ATTRIBUTE_new() allocates and initializes an empty X509_ATTRIBUTE
     object.  X509_ATTRIBUTE_free() frees attr.


RETURN VALUES

     X509_ATTRIBUTE_new() returns the new X509_ATTRIBUTE object or NULL if an
     error occurs.


SEE ALSO

     d2i_X509_ATTRIBUTE(3), PKCS12_SAFEBAG_new(3), PKCS8_PRIV_KEY_INFO_new(3),
     X509_EXTENSION_new(3), X509_REQ_new(3)


STANDARDS

     For the general definition of the Attribute data type:
     ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information
     Technology - Open Systems Interconnection - The Directory: Models, sec-
     tion 8.2: Overall structure

     For the specific definition in the context of certification requests:
     RFC 2986: PKCS #10: Certification Request Syntax Specification, section
     4.1: CertificationRequestInfo

     For the specific use in the context of private key information:
     RFC 5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Infor-
     mation Syntax Specification

     For the specific definition in the context of PFX:
     RFC 7292: PKCS #12: Personal Information Exchange Syntax, section 4.2:
     The SafeBag Type


HISTORY

     X509_ATTRIBUTE_new() and X509_ATTRIBUTE_free() first appeared in SSLeay
     0.5.1 and have been available since OpenBSD 2.4.


BUGS

     A data type designed to hold arbitrary data is an oxymoron.

     While it may occasionally be useful for abstract syntax specification or
     for generic container objects, using it for the representation of spe-
     cific data in a specific data structure feels like dubious design.

     Having two distinct data types to hold arbitrary data - in this case,
     X509_ATTRIBUTE on the X.501 language level and X509_EXTENSION as
     described in X509_EXTENSION_new(3) on the X.509 language level - feels
     even more questionable, in particular considering that Attributes in cer-
     tification requests can be used to ask for Extensions in certificates.

     At the very least, the direct use of the low-level generic X509_ATTRIBUTE
     type in specific data types like certification requests or private key
     information looks like a layering violation and appears to put type
     safety into jeopardy.

DragonFly 5.5			March 27, 2018			 DragonFly 5.5

Search: Section: