[thirdparty/openssl.git] / doc / man3 / X509V3_set_ctx.pod

=pod

=head1 NAME

X509V3_set_ctx,
X509V3_set_issuer_pkey - X.509 v3 extension generation utilities

=head1 SYNOPSIS

 #include <openssl/x509v3.h>

 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
                     X509_REQ *req, X509_CRL *crl, int flags);
 int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);

=head1 DESCRIPTION

X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
providing details potentially needed by functions producing X509 v3 extensions.
These may make use of fields of the certificate I<subject>, the certification
request I<req>, or the certificate revocation list I<crl>.
At most one of these three parameters can be non-NULL.
When constructing the subject key identifier of a certificate by computing a
hash value of its public key, the public key is taken from I<subject> or I<req>.
Similarly, when constructing subject alternative names from any email addresses
contained in a subject DN, the subject DN is taken from I<subject> or I<req>.
If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for
instance as a reference for generating the authority key identifier extension.
I<issuer> may be the same pointer value as I<subject> (which usually is an
indication that the I<subject> certificate is self-issued or even self-signed).
In this case the fallback source for generating the authority key identifier
extension will be taken from any value provided using X509V3_set_issuer_pkey().
I<flags> may be 0
or contain B<X509V3_CTX_TEST>, which means that just the syntax of
extension definitions is to be checked without actually producing any extension,
or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
defined in some configuration section shall replace any already existing
extension with the same OID.

X509V3_set_issuer_pkey() explicitly sets the issuer private key of
the subject certificate that has been provided in I<ctx>.
This should be done in case the I<issuer> and I<subject> arguments to
X509V3_set_ctx() have the same pointer value
to provide fallback data for the authority key identifier extension.

=head1 RETURN VALUES

X509V3_set_ctx() and X509V3_set_issuer_pkey()
return 1 on success and 0 on error.

=head1 SEE ALSO

L<X509_add_ext(3)>

=head1 HISTORY

X509V3_set_issuer_pkey() was added in OpenSSL 3.0.

CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.

=head1 COPYRIGHT

Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
41e597a0 DDO	1	=pod
	2
	3	=head1 NAME
	4
	5	X509V3_set_ctx,
2ed63033	6	X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
41e597a0 DDO	7
	8	=head1 SYNOPSIS
	9
	10	#include <openssl/x509v3.h>
	11
	12	void X509V3_set_ctx(X509V3_CTX ctx, X509 issuer, X509 *subject,
	13	X509_REQ req, X509_CRL crl, int flags);
	14	int X509V3_set_issuer_pkey(X509V3_CTX ctx, EVP_PKEY pkey);
	15
	16	=head1 DESCRIPTION
	17
	18	X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
b6144bb8 DDO	19	providing details potentially needed by functions producing X509 v3 extensions.
	20	These may make use of fields of the certificate I<subject>, the certification
	21	request I<req>, or the certificate revocation list I<crl>.
	22	At most one of these three parameters can be non-NULL.
15ac84e6 DDO	23	When constructing the subject key identifier of a certificate by computing a
15ac84e6 DDO	24	hash value of its public key, the public key is taken from I<subject> or I<req>.
317acac5 DDO	25	Similarly, when constructing subject alternative names from any email addresses
317acac5 DDO	26	contained in a subject DN, the subject DN is taken from I<subject> or I<req>.
b6144bb8 DDO	27	If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for
	28	instance as a reference for generating the authority key identifier extension.
	29	I<issuer> may be the same pointer value as I<subject> (which usually is an
	30	indication that the I<subject> certificate is self-issued or even self-signed).
	31	In this case the fallback source for generating the authority key identifier
	32	extension will be taken from any value provided using X509V3_set_issuer_pkey().
2ed63033 DDO	33	I<flags> may be 0
2ed63033 DDO	34	or contain B<X509V3_CTX_TEST>, which means that just the syntax of
b6144bb8	35	extension definitions is to be checked without actually producing any extension,
41e597a0 DDO	36	or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
	37	defined in some configuration section shall replace any already existing
	38	extension with the same OID.
	39
	40	X509V3_set_issuer_pkey() explicitly sets the issuer private key of
b6144bb8 DDO	41	the subject certificate that has been provided in I<ctx>.
	42	This should be done in case the I<issuer> and I<subject> arguments to
	43	X509V3_set_ctx() have the same pointer value
	44	to provide fallback data for the authority key identifier extension.
41e597a0 DDO	45
	46	=head1 RETURN VALUES
	47
	48	X509V3_set_ctx() and X509V3_set_issuer_pkey()
	49	return 1 on success and 0 on error.
	50
	51	=head1 SEE ALSO
	52
	53	L<X509_add_ext(3)>
	54
	55	=head1 HISTORY
	56
	57	X509V3_set_issuer_pkey() was added in OpenSSL 3.0.
	58
2ed63033 DDO	59	CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
2ed63033 DDO	60
41e597a0 DDO	61	=head1 COPYRIGHT
41e597a0 DDO	62
fecb3aae	63	Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
41e597a0 DDO	64
	65	Licensed under the Apache License 2.0 (the "License"). You may not use
	66	this file except in compliance with the License. You can obtain a copy
	67	in the file LICENSE in the source distribution or at
	68	L<https://www.openssl.org/source/license.html>.
	69
	70	=cut