DragonFly On-Line Manual Pages
X509V3_GET_D2I(3) DragonFly Library Functions Manual X509V3_GET_D2I(3)
NAME
X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
X509_REVOKED_add1_ext_i2d, X509_get0_extensions,
X509_CRL_get0_extensions, X509_REVOKED_get0_extensions -- X509 extension
decode and encode functions
SYNOPSIS
#include <openssl/x509v3.h>
void *
X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
int *idx);
int
X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
void *
X509V3_EXT_d2i(X509_EXTENSION *ext);
X509_EXTENSION *
X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
void *
X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
int
X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags);
void *
X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
int
X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
unsigned long flags);
void *
X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit,
int *idx);
int
X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value,
int crit, unsigned long flags);
const STACK_OF(X509_EXTENSION) *
X509_get0_extensions(const X509 *x);
const STACK_OF(X509_EXTENSION) *
X509_CRL_get0_extensions(const X509_CRL *crl);
const STACK_OF(X509_EXTENSION) *
X509_REVOKED_get0_extensions(const X509_REVOKED *r);
DESCRIPTION
X509V3_get_d2i() looks for an extension with OID nid in the extensions x
and, if found, decodes it. If idx is NULL, then only one occurrence of
an extension is permissible. Otherwise the first extension after index
*idx is returned and *idx is updated to the location of the extension.
If crit is not NULL, then *crit is set to a status value: -2 if the
extension occurs multiple times (this is only returned if idx is NULL),
-1 if the extension could not be found, 0 if the extension is found and
is not critical, and 1 if it is critical. A pointer to an extension spe-
cific structure or NULL is returned.
X509V3_add1_i2d() adds extension value to STACK *x (allocating a new
STACK if necessary) using OID nid and criticality crit according to
flags.
X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension
ext and returns a pointer to an extension specific structure or NULL if
the extension could not be decoded (invalid syntax or not supported).
X509V3_EXT_i2d() encodes the extension specific structure ext with OID
ext_nid and criticality crit.
X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
certificate x, and are otherwise identical to X509V3_get_d2i() and
X509V3_add1_i2d().
X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the exten-
sions of CRL crl, and are otherwise identical to X509V3_get_d2i() and
X509V3_add1_i2d().
X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
extensions of the X509_REVOKED structure r (i.e. for CRL entry exten-
sions), and are otherwise identical to X509V3_get_d2i() and
X509V3_add1_i2d().
X509_get0_extensions(), X509_CRL_get0_extensions(), and
X509_REVOKED_get0_extensions() return a stack of all the extensions of a
certificate, a CRL, or a CRL entry, respectively.
In almost all cases an extension can occur at most once and multiple
occurrences is an error. Therefore the idx parameter is usually NULL.
The flags parameter may be one of the following values.
X509V3_ADD_DEFAULT appends a new extension only if the extension does not
already exist. An error is returned if the extension does already exist.
X509V3_ADD_APPEND appends a new extension, ignoring whether the extension
already exists.
X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends a
new extension.
X509V3_ADD_REPLACE_EXISTING replaces an existing extension if it exists
otherwise returns an error.
X509V3_ADD_KEEP_EXISTING appends a new extension only if the extension
does not already exist. An error is not returned if the extension does
already exist.
X509V3_ADD_DELETE deletes extension nid. No new extension is added.
If X509V3_ADD_SILENT is OR'd with flags, any error returned will not be
added to the error queue.
The function X509V3_get_d2i() will return NULL if the extension is not
found, occurs multiple times or cannot be decoded. It is possible to
determine the precise reason by checking the value of *crit.
SUPPORTED EXTENSIONS
The following sections contain a list of all supported extensions includ-
ing their name and NID.
PKIX Certificate Extensions
The following certificate extensions are defined in PKIX standards such
as RFC 5280.
Basic ConstraintsNID_basic_constraints
Key Usage NID_key_usage
Extended Key UsageNID_ext_key_usage
Subject Key IdentifierNID_subject_key_identifier
Authority Key IdentifierNID_authority_key_identifier
Private Key Usage PeriodNID_private_key_usage_period
Subject Alternative NameNID_subject_alt_name
Issuer Alternative NameNID_issuer_alt_name
Authority Information AccessNID_info_access
Subject Information AccessNID_sinfo_access
Name ConstraintsNID_name_constraints
Certificate PoliciesNID_certificate_policies
Policy MappingsNID_policy_mappings
Policy ConstraintsNID_policy_constraints
Inhibit Any PolicyNID_inhibit_any_policy
Netscape Certificate Extensions
The following are (largely obsolete) Netscape certificate extensions.
Netscape Cert TypeNID_netscape_cert_type
Netscape Base UrlNID_netscape_base_url
Netscape Revocation UrlNID_netscape_revocation_url
Netscape CA Revocation UrlNID_netscape_ca_revocation_url
Netscape Renewal UrlNID_netscape_renewal_url
Netscape CA Policy UrlNID_netscape_ca_policy_url
Netscape SSL Server NameNID_netscape_ssl_server_name
Netscape CommentNID_netscape_comment
Miscellaneous Certificate Extensions
Strong Extranet IDNID_sxnet
Proxy Certificate InformationNID_proxyCertInfo
PKIX CRL Extensions
The following are CRL extensions from PKIX standards such as RFC 5280.
CRL Number NID_crl_number
CRL Distribution PointsNID_crl_distribution_points
Delta CRL IndicatorNID_delta_crl
Freshest CRL NID_freshest_crl
Invalidity DateNID_invalidity_date
Issuing Distribution PointNID_issuing_distribution_point
The following are CRL entry extensions from PKIX standards such as RFC
5280.
CRL Reason CodeNID_crl_reason
Certificate IssuerNID_certificate_issuer
OCSP Extensions
OCSP Nonce NID_id_pkix_OCSP_Nonce
OCSP CRL ID NID_id_pkix_OCSP_CrlID
Acceptable OCSP ResponsesNID_id_pkix_OCSP_acceptableResponses
OCSP Check NID_id_pkix_OCSP_noCheck
OCSP Archive CutoffNID_id_pkix_OCSP_archiveCutoff
OCSP Service LocatorNID_id_pkix_OCSP_serviceLocator
Hold Instruction CodeNID_hold_instruction_code
RETURN VALUES
X509V3_get_d2i() and X509V3_EXT_d2i() return a pointer to an extension
specific structure or NULL if an error occurs.
X509V3_EXT_i2d() returns a pointer to an X509_EXTENSION structure or NULL
if an error occurs.
X509V3_add1_i2d() returns 1 if the operation is successful, 0 if it fails
due to a non-fatal error (extension not found, already exists, cannot be
encoded), or -1 due to a fatal error such as a memory allocation failure.
X509_get0_extensions(), X509_CRL_get0_extensions(), and
X509_REVOKED_get0_extensions() return a stack of extensions, or NULL if
no extensions are present.
SEE ALSO
d2i_X509(3), d2i_X509_EXTENSION(3), ERR_get_error(3),
X509_CRL_get0_by_serial(3), X509_EXTENSION_new(3), X509_get_pubkey(3),
X509_get_subject_name(3), X509_get_version(3), X509_new(3),
X509_REVOKED_new(3)
HISTORY
X509V3_EXT_d2i() first appeared in OpenSSL 0.9.2b. X509V3_EXT_i2d()
first appeared in OpenSSL 0.9.3. Both functions have been available
since OpenBSD 2.6.
X509V3_get_d2i(), X509_get_ext_d2i(), X509_CRL_get_ext_d2i(), and
X509_REVOKED_get_ext_d2i() first appeared in OpenSSL 0.9.5 and have been
available since OpenBSD 2.7.
X509V3_add1_i2d(), X509_add1_ext_i2d(), X509_CRL_add1_ext_i2d(), and
X509_REVOKED_add1_ext_i2d() first appeared in OpenSSL 0.9.7 and have been
available since OpenBSD 3.2.
X509_get0_extensions(), X509_CRL_get0_extensions(), and
X509_REVOKED_get0_extensions() first appeared in OpenSSL 1.1.0 and have
been available since OpenBSD 6.3.
DragonFly 5.5 March 23, 2018 DragonFly 5.5