]>
Commit | Line | Data |
---|---|---|
41e597a0 DDO |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | X509V3_set_ctx, | |
2ed63033 | 6 | X509V3_set_issuer_pkey - X.509 v3 extension generation utilities |
41e597a0 DDO |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
10 | #include <openssl/x509v3.h> | |
11 | ||
12 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, | |
13 | X509_REQ *req, X509_CRL *crl, int flags); | |
14 | int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); | |
15 | ||
16 | =head1 DESCRIPTION | |
17 | ||
18 | X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, | |
b6144bb8 DDO |
19 | providing details potentially needed by functions producing X509 v3 extensions. |
20 | These may make use of fields of the certificate I<subject>, the certification | |
21 | request I<req>, or the certificate revocation list I<crl>. | |
22 | At most one of these three parameters can be non-NULL. | |
15ac84e6 DDO |
23 | When constructing the subject key identifier of a certificate by computing a |
24 | hash value of its public key, the public key is taken from I<subject> or I<req>. | |
317acac5 DDO |
25 | Similarly, when constructing subject alternative names from any email addresses |
26 | contained in a subject DN, the subject DN is taken from I<subject> or I<req>. | |
b6144bb8 DDO |
27 | If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for |
28 | instance as a reference for generating the authority key identifier extension. | |
29 | I<issuer> may be the same pointer value as I<subject> (which usually is an | |
30 | indication that the I<subject> certificate is self-issued or even self-signed). | |
31 | In this case the fallback source for generating the authority key identifier | |
32 | extension will be taken from any value provided using X509V3_set_issuer_pkey(). | |
2ed63033 DDO |
33 | I<flags> may be 0 |
34 | or contain B<X509V3_CTX_TEST>, which means that just the syntax of | |
b6144bb8 | 35 | extension definitions is to be checked without actually producing any extension, |
41e597a0 DDO |
36 | or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as |
37 | defined in some configuration section shall replace any already existing | |
38 | extension with the same OID. | |
39 | ||
40 | X509V3_set_issuer_pkey() explicitly sets the issuer private key of | |
b6144bb8 DDO |
41 | the subject certificate that has been provided in I<ctx>. |
42 | This should be done in case the I<issuer> and I<subject> arguments to | |
43 | X509V3_set_ctx() have the same pointer value | |
44 | to provide fallback data for the authority key identifier extension. | |
41e597a0 DDO |
45 | |
46 | =head1 RETURN VALUES | |
47 | ||
48 | X509V3_set_ctx() and X509V3_set_issuer_pkey() | |
49 | return 1 on success and 0 on error. | |
50 | ||
51 | =head1 SEE ALSO | |
52 | ||
53 | L<X509_add_ext(3)> | |
54 | ||
55 | =head1 HISTORY | |
56 | ||
57 | X509V3_set_issuer_pkey() was added in OpenSSL 3.0. | |
58 | ||
2ed63033 DDO |
59 | CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. |
60 | ||
41e597a0 DDO |
61 | =head1 COPYRIGHT |
62 | ||
fecb3aae | 63 | Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. |
41e597a0 DDO |
64 | |
65 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
66 | this file except in compliance with the License. You can obtain a copy | |
67 | in the file LICENSE in the source distribution or at | |
68 | L<https://www.openssl.org/source/license.html>. | |
69 | ||
70 | =cut |