DragonFly On-Line Manual Pages

Search: Section:  


ESS_SIGNING_CERT_NEW(3)                     DragonFly Library Functions Manual

NAME

ESS_SIGNING_CERT_new, ESS_SIGNING_CERT_free, ESS_CERT_ID_new, ESS_CERT_ID_free, ESS_ISSUER_SERIAL_new, ESS_ISSUER_SERIAL_free - signing certificates for S/MIME

SYNOPSIS

#include <openssl/ts.h> ESS_SIGNING_CERT * ESS_SIGNING_CERT_new(void); void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *signing_cert); ESS_CERT_ID * ESS_CERT_ID_new(void); void ESS_CERT_ID_free(ESS_CERT_ID *cert_id); ESS_ISSUER_SERIAL * ESS_ISSUER_SERIAL_new(void); void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *issuer_serial);

DESCRIPTION

The signing certificate may be included in the signedAttributes field of a SignerInfo structure to mitigate simple substitution and re-issue attacks. ESS_SIGNING_CERT_new() allocates and initializes an empty ESS_SIGNING_CERT object, representing an ASN.1 SigningCertificate structure defined in RFC 2634 section 5.4. It can hold the certificate used for signing the data, additional authorization certificates that can be used during validation, and policies applying to the certificate. ESS_SIGNING_CERT_free() frees signing_cert. ESS_CERT_ID_new() allocates and initializes an empty ESS_CERT_ID object, representing an ASN.1 ESSCertID structure defined in RFC 2634 section 5.4.1. Such objects can be used inside ESS_SIGNING_CERT objects, and each one can hold a SHA1 hash of one certificate. ESS_CERT_ID_free() frees cert_id. ESS_ISSUER_SERIAL_new() allocates and initializes an empty ESS_ISSUER_SERIAL object, representing an ASN.1 IssuerSerial structure defined in RFC 2634 section 5.4.1. It can hold an issuer name and a serial number and can be included in an ESS_CERT_ID object, which is useful for additional authorization certificates, but redundant for the signing certificate itself. ESS_ISSUER_SERIAL_free() frees issuer_serial.

RETURN VALUES

ESS_SIGNING_CERT_new(), ESS_CERT_ID_new(), and ESS_ISSUER_SERIAL_new() return the new ESS_SIGNING_CERT, ESS_CERT_ID, or ESS_ISSUER_SERIAL object, respectively, or NULL if an error occurred.

SEE ALSO

d2i_ESS_SIGNING_CERT(3)

STANDARDS

RFC 2634: Enhanced Security Services for S/MIME, section 5: Signing Certificate Attribute Note that RFC 2634 has been updated by RFC 5035: Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility. But the current implementation only supports the Signing Certificate Attribute Definition Version 1 according to RFC 2634, not the Signing Certificate Attribute Definition Version 2 according to RFC 5035.

HISTORY

These functions first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9. DragonFly 6.1-DEVELOPMENT June 6, 2019 DragonFly 6.1-DEVELOPMENT

Search: Section: