2 * {- join("\n * ", @autowarntext) -}
4 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 use
OpenSSL::stackhash
qw(generate_stack_macros
);
16 #ifndef OPENSSL_X509V3_H
17 # define OPENSSL_X509V3_H
20 # include <openssl/macros.h>
21 # ifndef OPENSSL_NO_DEPRECATED_3_0
22 # define HEADER_X509V3_H
25 # include <openssl/bio.h>
26 # include <openssl/x509.h>
27 # include <openssl/conf.h>
28 # include <openssl/x509v3err.h>
34 /* Forward reference */
40 typedef void *(*X509V3_EXT_NEW
)(void);
41 typedef void (*X509V3_EXT_FREE
) (void *);
42 typedef void *(*X509V3_EXT_D2I
)(void *, const unsigned char **, long);
43 typedef int (*X509V3_EXT_I2D
) (const void *, unsigned char **);
44 typedef STACK_OF(CONF_VALUE
) *
45 (*X509V3_EXT_I2V
) (const struct v3_ext_method
*method
, void *ext
,
46 STACK_OF(CONF_VALUE
) *extlist
);
47 typedef void *(*X509V3_EXT_V2I
)(const struct v3_ext_method
*method
,
48 struct v3_ext_ctx
*ctx
,
49 STACK_OF(CONF_VALUE
) *values
);
50 typedef char *(*X509V3_EXT_I2S
)(const struct v3_ext_method
*method
,
52 typedef void *(*X509V3_EXT_S2I
)(const struct v3_ext_method
*method
,
53 struct v3_ext_ctx
*ctx
, const char *str
);
54 typedef int (*X509V3_EXT_I2R
) (const struct v3_ext_method
*method
, void *ext
,
55 BIO
*out
, int indent
);
56 typedef void *(*X509V3_EXT_R2I
)(const struct v3_ext_method
*method
,
57 struct v3_ext_ctx
*ctx
, const char *str
);
59 /* V3 extension structure */
61 struct v3_ext_method
{
64 /* If this is set the following four fields are ignored */
66 /* Old style ASN1 calls */
67 X509V3_EXT_NEW ext_new
;
68 X509V3_EXT_FREE ext_free
;
71 /* The following pair is used for string extensions */
74 /* The following pair is used for multi-valued extensions */
77 /* The following are used for raw extensions */
80 void *usr_data
; /* Any extension specific data */
83 typedef struct X509V3_CONF_METHOD_st
{
84 char *(*get_string
) (void *db
, const char *section
, const char *value
);
85 STACK_OF(CONF_VALUE
) *(*get_section
) (void *db
, const char *section
);
86 void (*free_string
) (void *db
, char *string
);
87 void (*free_section
) (void *db
, STACK_OF(CONF_VALUE
) *section
);
90 /* Context specific info */
93 # define X509V3_CTX_REPLACE 0x2
97 X509_REQ
*subject_req
;
99 X509V3_CONF_METHOD
*db_meth
;
101 /* Maybe more here */
104 typedef struct v3_ext_method X509V3_EXT_METHOD
;
107 generate_stack_macros("X509V3_EXT_METHOD");
110 /* ext_flags values */
111 # define X509V3_EXT_DYNAMIC 0x1
112 # define X509V3_EXT_CTX_DEP 0x2
113 # define X509V3_EXT_MULTILINE 0x4
115 typedef BIT_STRING_BITNAME ENUMERATED_NAMES
;
117 typedef struct BASIC_CONSTRAINTS_st
{
119 ASN1_INTEGER
*pathlen
;
122 typedef struct PKEY_USAGE_PERIOD_st
{
123 ASN1_GENERALIZEDTIME
*notBefore
;
124 ASN1_GENERALIZEDTIME
*notAfter
;
127 typedef struct otherName_st
{
128 ASN1_OBJECT
*type_id
;
132 typedef struct EDIPartyName_st
{
133 ASN1_STRING
*nameAssigner
;
134 ASN1_STRING
*partyName
;
137 typedef struct GENERAL_NAME_st
{
138 # define GEN_OTHERNAME 0
142 # define GEN_DIRNAME 4
143 # define GEN_EDIPARTY 5
150 OTHERNAME
*otherName
; /* otherName */
151 ASN1_IA5STRING
*rfc822Name
;
152 ASN1_IA5STRING
*dNSName
;
153 ASN1_TYPE
*x400Address
;
154 X509_NAME
*directoryName
;
155 EDIPARTYNAME
*ediPartyName
;
156 ASN1_IA5STRING
*uniformResourceIdentifier
;
157 ASN1_OCTET_STRING
*iPAddress
;
158 ASN1_OBJECT
*registeredID
;
160 ASN1_OCTET_STRING
*ip
; /* iPAddress */
161 X509_NAME
*dirn
; /* dirn */
162 ASN1_IA5STRING
*ia5
; /* rfc822Name, dNSName,
163 * uniformResourceIdentifier */
164 ASN1_OBJECT
*rid
; /* registeredID */
165 ASN1_TYPE
*other
; /* x400Address */
169 typedef struct ACCESS_DESCRIPTION_st
{
171 GENERAL_NAME
*location
;
172 } ACCESS_DESCRIPTION
;
175 generate_stack_macros("ACCESS_DESCRIPTION")
176 .generate_stack_macros("GENERAL_NAME");
179 typedef STACK_OF(ACCESS_DESCRIPTION
) AUTHORITY_INFO_ACCESS
;
180 typedef STACK_OF(ASN1_OBJECT
) EXTENDED_KEY_USAGE
;
181 typedef STACK_OF(ASN1_INTEGER
) TLS_FEATURE
;
182 typedef STACK_OF(GENERAL_NAME
) GENERAL_NAMES
;
185 generate_stack_macros("GENERAL_NAMES");
188 typedef struct DIST_POINT_NAME_st
{
191 GENERAL_NAMES
*fullname
;
192 STACK_OF(X509_NAME_ENTRY
) *relativename
;
194 /* If relativename then this contains the full distribution point name */
197 /* All existing reasons */
198 # define CRLDP_ALL_REASONS 0x807f
200 # define CRL_REASON_NONE -1
201 # define CRL_REASON_UNSPECIFIED 0
202 # define CRL_REASON_KEY_COMPROMISE 1
203 # define CRL_REASON_CA_COMPROMISE 2
204 # define CRL_REASON_AFFILIATION_CHANGED 3
205 # define CRL_REASON_SUPERSEDED 4
206 # define CRL_REASON_CESSATION_OF_OPERATION 5
207 # define CRL_REASON_CERTIFICATE_HOLD 6
208 # define CRL_REASON_REMOVE_FROM_CRL 8
209 # define CRL_REASON_PRIVILEGE_WITHDRAWN 9
210 # define CRL_REASON_AA_COMPROMISE 10
212 struct DIST_POINT_st
{
213 DIST_POINT_NAME
*distpoint
;
214 ASN1_BIT_STRING
*reasons
;
215 GENERAL_NAMES
*CRLissuer
;
220 generate_stack_macros("DIST_POINT");
223 typedef STACK_OF(DIST_POINT
) CRL_DIST_POINTS
;
225 struct AUTHORITY_KEYID_st
{
226 ASN1_OCTET_STRING
*keyid
;
227 GENERAL_NAMES
*issuer
;
228 ASN1_INTEGER
*serial
;
231 /* Strong extranet structures */
233 typedef struct SXNET_ID_st
{
235 ASN1_OCTET_STRING
*user
;
239 generate_stack_macros("SXNETID");
243 typedef struct SXNET_st
{
244 ASN1_INTEGER
*version
;
245 STACK_OF(SXNETID
) *ids
;
248 typedef struct ISSUER_SIGN_TOOL_st
{
249 ASN1_UTF8STRING
*signTool
;
250 ASN1_UTF8STRING
*cATool
;
251 ASN1_UTF8STRING
*signToolCert
;
252 ASN1_UTF8STRING
*cAToolCert
;
255 typedef struct NOTICEREF_st
{
256 ASN1_STRING
*organization
;
257 STACK_OF(ASN1_INTEGER
) *noticenos
;
260 typedef struct USERNOTICE_st
{
261 NOTICEREF
*noticeref
;
262 ASN1_STRING
*exptext
;
265 typedef struct POLICYQUALINFO_st
{
266 ASN1_OBJECT
*pqualid
;
268 ASN1_IA5STRING
*cpsuri
;
269 USERNOTICE
*usernotice
;
275 generate_stack_macros("POLICYQUALINFO");
279 typedef struct POLICYINFO_st
{
280 ASN1_OBJECT
*policyid
;
281 STACK_OF(POLICYQUALINFO
) *qualifiers
;
285 generate_stack_macros("POLICYINFO");
288 typedef STACK_OF(POLICYINFO
) CERTIFICATEPOLICIES
;
290 typedef struct POLICY_MAPPING_st
{
291 ASN1_OBJECT
*issuerDomainPolicy
;
292 ASN1_OBJECT
*subjectDomainPolicy
;
296 generate_stack_macros("POLICY_MAPPING");
299 typedef STACK_OF(POLICY_MAPPING
) POLICY_MAPPINGS
;
301 typedef struct GENERAL_SUBTREE_st
{
303 ASN1_INTEGER
*minimum
;
304 ASN1_INTEGER
*maximum
;
308 generate_stack_macros("GENERAL_SUBTREE");
311 struct NAME_CONSTRAINTS_st
{
312 STACK_OF(GENERAL_SUBTREE
) *permittedSubtrees
;
313 STACK_OF(GENERAL_SUBTREE
) *excludedSubtrees
;
316 typedef struct POLICY_CONSTRAINTS_st
{
317 ASN1_INTEGER
*requireExplicitPolicy
;
318 ASN1_INTEGER
*inhibitPolicyMapping
;
319 } POLICY_CONSTRAINTS
;
321 /* Proxy certificate structures, see RFC 3820 */
322 typedef struct PROXY_POLICY_st
{
323 ASN1_OBJECT
*policyLanguage
;
324 ASN1_OCTET_STRING
*policy
;
327 typedef struct PROXY_CERT_INFO_EXTENSION_st
{
328 ASN1_INTEGER
*pcPathLengthConstraint
;
329 PROXY_POLICY
*proxyPolicy
;
330 } PROXY_CERT_INFO_EXTENSION
;
332 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY
)
333 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION
)
335 struct ISSUING_DIST_POINT_st
{
336 DIST_POINT_NAME
*distpoint
;
339 ASN1_BIT_STRING
*onlysomereasons
;
344 /* Values in idp_flags field */
346 # define IDP_PRESENT 0x1
347 /* IDP values inconsistent */
348 # define IDP_INVALID 0x2
350 # define IDP_ONLYUSER 0x4
352 # define IDP_ONLYCA 0x8
354 # define IDP_ONLYATTR 0x10
355 /* indirectCRL true */
356 # define IDP_INDIRECT 0x20
357 /* onlysomereasons present */
358 # define IDP_REASONS 0x40
360 # define X509V3_conf_err(val) ERR_add_error_data(6, \
361 "section:", (val)->section, \
362 ",name:", (val)->name, ",value:", (val)->value)
364 # define X509V3_set_ctx_test(ctx) \
365 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
366 # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
368 # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
371 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
372 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
376 # define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
378 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
379 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
383 # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
385 /* X509_PURPOSE stuff */
387 # define EXFLAG_BCONS 0x1
388 # define EXFLAG_KUSAGE 0x2
389 # define EXFLAG_XKUSAGE 0x4
390 # define EXFLAG_NSCERT 0x8
392 # define EXFLAG_CA 0x10
393 # define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */
394 # define EXFLAG_V1 0x40
395 # define EXFLAG_INVALID 0x80
396 /* EXFLAG_SET is set to indicate that some values have been precomputed */
397 # define EXFLAG_SET 0x100
398 # define EXFLAG_CRITICAL 0x200
399 # define EXFLAG_PROXY 0x400
401 # define EXFLAG_INVALID_POLICY 0x800
402 # define EXFLAG_FRESHEST 0x1000
403 # define EXFLAG_SS 0x2000 /* cert is apparently self-signed */
405 # define EXFLAG_BCONS_CRITICAL 0x10000
406 # define EXFLAG_AKID_CRITICAL 0x20000
407 # define EXFLAG_SKID_CRITICAL 0x40000
408 # define EXFLAG_SAN_CRITICAL 0x80000
410 # define KU_DIGITAL_SIGNATURE 0x0080
411 # define KU_NON_REPUDIATION 0x0040
412 # define KU_KEY_ENCIPHERMENT 0x0020
413 # define KU_DATA_ENCIPHERMENT 0x0010
414 # define KU_KEY_AGREEMENT 0x0008
415 # define KU_KEY_CERT_SIGN 0x0004
416 # define KU_CRL_SIGN 0x0002
417 # define KU_ENCIPHER_ONLY 0x0001
418 # define KU_DECIPHER_ONLY 0x8000
420 # define NS_SSL_CLIENT 0x80
421 # define NS_SSL_SERVER 0x40
422 # define NS_SMIME 0x20
423 # define NS_OBJSIGN 0x10
424 # define NS_SSL_CA 0x04
425 # define NS_SMIME_CA 0x02
426 # define NS_OBJSIGN_CA 0x01
427 # define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
429 # define XKU_SSL_SERVER 0x1
430 # define XKU_SSL_CLIENT 0x2
431 # define XKU_SMIME 0x4
432 # define XKU_CODE_SIGN 0x8
433 # define XKU_SGC 0x10
434 # define XKU_OCSP_SIGN 0x20
435 # define XKU_TIMESTAMP 0x40
436 # define XKU_DVCS 0x80
437 # define XKU_ANYEKU 0x100
439 # define X509_PURPOSE_DYNAMIC 0x1
440 # define X509_PURPOSE_DYNAMIC_NAME 0x2
442 typedef struct x509_purpose_st
{
444 int trust
; /* Default trust ID */
446 int (*check_purpose
) (const struct x509_purpose_st
*, const X509
*, int);
453 generate_stack_macros("X509_PURPOSE");
457 # define X509_PURPOSE_SSL_CLIENT 1
458 # define X509_PURPOSE_SSL_SERVER 2
459 # define X509_PURPOSE_NS_SSL_SERVER 3
460 # define X509_PURPOSE_SMIME_SIGN 4
461 # define X509_PURPOSE_SMIME_ENCRYPT 5
462 # define X509_PURPOSE_CRL_SIGN 6
463 # define X509_PURPOSE_ANY 7
464 # define X509_PURPOSE_OCSP_HELPER 8
465 # define X509_PURPOSE_TIMESTAMP_SIGN 9
467 # define X509_PURPOSE_MIN 1
468 # define X509_PURPOSE_MAX 9
470 /* Flags for X509V3_EXT_print() */
472 # define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
473 /* Return error for unknown extensions */
474 # define X509V3_EXT_DEFAULT 0
475 /* Print error for unknown extensions */
476 # define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
477 /* ASN1 parse unknown extensions */
478 # define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
479 /* BIO_dump unknown extensions */
480 # define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
482 /* Flags for X509V3_add1_i2d */
484 # define X509V3_ADD_OP_MASK 0xfL
485 # define X509V3_ADD_DEFAULT 0L
486 # define X509V3_ADD_APPEND 1L
487 # define X509V3_ADD_REPLACE 2L
488 # define X509V3_ADD_REPLACE_EXISTING 3L
489 # define X509V3_ADD_KEEP_EXISTING 4L
490 # define X509V3_ADD_DELETE 5L
491 # define X509V3_ADD_SILENT 0x10
493 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS
)
495 DECLARE_ASN1_FUNCTIONS(SXNET
)
496 DECLARE_ASN1_FUNCTIONS(SXNETID
)
498 DECLARE_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL
)
500 int SXNET_add_id_asc(SXNET
**psx
, const char *zone
, const char *user
, int userlen
);
501 int SXNET_add_id_ulong(SXNET
**psx
, unsigned long lzone
, const char *user
,
503 int SXNET_add_id_INTEGER(SXNET
**psx
, ASN1_INTEGER
*izone
, const char *user
,
506 ASN1_OCTET_STRING
*SXNET_get_id_asc(SXNET
*sx
, const char *zone
);
507 ASN1_OCTET_STRING
*SXNET_get_id_ulong(SXNET
*sx
, unsigned long lzone
);
508 ASN1_OCTET_STRING
*SXNET_get_id_INTEGER(SXNET
*sx
, ASN1_INTEGER
*zone
);
510 DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID
)
512 DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD
)
514 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME
)
515 DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME
)
516 int GENERAL_NAME_cmp(GENERAL_NAME
*a
, GENERAL_NAME
*b
);
518 ASN1_BIT_STRING
*v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD
*method
,
520 STACK_OF(CONF_VALUE
) *nval
);
521 STACK_OF(CONF_VALUE
) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD
*method
,
522 ASN1_BIT_STRING
*bits
,
523 STACK_OF(CONF_VALUE
) *extlist
);
524 char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD
*method
, ASN1_IA5STRING
*ia5
);
525 ASN1_IA5STRING
*s2i_ASN1_IA5STRING(X509V3_EXT_METHOD
*method
,
526 X509V3_CTX
*ctx
, const char *str
);
528 STACK_OF(CONF_VALUE
) *i2v_GENERAL_NAME(X509V3_EXT_METHOD
*method
,
530 STACK_OF(CONF_VALUE
) *ret
);
531 int GENERAL_NAME_print(BIO
*out
, GENERAL_NAME
*gen
);
533 DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES
)
535 STACK_OF(CONF_VALUE
) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD
*method
,
537 STACK_OF(CONF_VALUE
) *extlist
);
538 GENERAL_NAMES
*v2i_GENERAL_NAMES(const X509V3_EXT_METHOD
*method
,
539 X509V3_CTX
*ctx
, STACK_OF(CONF_VALUE
) *nval
);
541 DECLARE_ASN1_FUNCTIONS(OTHERNAME
)
542 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME
)
543 int OTHERNAME_cmp(OTHERNAME
*a
, OTHERNAME
*b
);
544 void GENERAL_NAME_set0_value(GENERAL_NAME
*a
, int type
, void *value
);
545 void *GENERAL_NAME_get0_value(const GENERAL_NAME
*a
, int *ptype
);
546 int GENERAL_NAME_set0_othername(GENERAL_NAME
*gen
,
547 ASN1_OBJECT
*oid
, ASN1_TYPE
*value
);
548 int GENERAL_NAME_get0_otherName(const GENERAL_NAME
*gen
,
549 ASN1_OBJECT
**poid
, ASN1_TYPE
**pvalue
);
551 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD
*method
,
552 const ASN1_OCTET_STRING
*ia5
);
553 ASN1_OCTET_STRING
*s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD
*method
,
554 X509V3_CTX
*ctx
, const char *str
);
556 DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE
)
557 int i2a_ACCESS_DESCRIPTION(BIO
*bp
, const ACCESS_DESCRIPTION
*a
);
559 DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE
)
561 DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES
)
562 DECLARE_ASN1_FUNCTIONS(POLICYINFO
)
563 DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO
)
564 DECLARE_ASN1_FUNCTIONS(USERNOTICE
)
565 DECLARE_ASN1_FUNCTIONS(NOTICEREF
)
567 DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS
)
568 DECLARE_ASN1_FUNCTIONS(DIST_POINT
)
569 DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME
)
570 DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT
)
572 int DIST_POINT_set_dpname(DIST_POINT_NAME
*dpn
, const X509_NAME
*iname
);
574 int NAME_CONSTRAINTS_check(X509
*x
, NAME_CONSTRAINTS
*nc
);
575 int NAME_CONSTRAINTS_check_CN(X509
*x
, NAME_CONSTRAINTS
*nc
);
577 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION
)
578 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS
)
580 DECLARE_ASN1_ITEM(POLICY_MAPPING
)
581 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING
)
582 DECLARE_ASN1_ITEM(POLICY_MAPPINGS
)
584 DECLARE_ASN1_ITEM(GENERAL_SUBTREE
)
585 DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE
)
587 DECLARE_ASN1_ITEM(NAME_CONSTRAINTS
)
588 DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS
)
590 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS
)
591 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS
)
593 GENERAL_NAME
*a2i_GENERAL_NAME(GENERAL_NAME
*out
,
594 const X509V3_EXT_METHOD
*method
,
595 X509V3_CTX
*ctx
, int gen_type
,
596 const char *value
, int is_nc
);
598 # ifdef OPENSSL_CONF_H
599 GENERAL_NAME
*v2i_GENERAL_NAME(const X509V3_EXT_METHOD
*method
,
600 X509V3_CTX
*ctx
, CONF_VALUE
*cnf
);
601 GENERAL_NAME
*v2i_GENERAL_NAME_ex(GENERAL_NAME
*out
,
602 const X509V3_EXT_METHOD
*method
,
603 X509V3_CTX
*ctx
, CONF_VALUE
*cnf
,
606 void X509V3_conf_free(CONF_VALUE
*val
);
608 X509_EXTENSION
*X509V3_EXT_nconf_nid(CONF
*conf
, X509V3_CTX
*ctx
, int ext_nid
,
610 X509_EXTENSION
*X509V3_EXT_nconf(CONF
*conf
, X509V3_CTX
*ctx
, const char *name
,
612 int X509V3_EXT_add_nconf_sk(CONF
*conf
, X509V3_CTX
*ctx
, const char *section
,
613 STACK_OF(X509_EXTENSION
) **sk
);
614 int X509V3_EXT_add_nconf(CONF
*conf
, X509V3_CTX
*ctx
, const char *section
,
616 int X509V3_EXT_REQ_add_nconf(CONF
*conf
, X509V3_CTX
*ctx
, const char *section
,
618 int X509V3_EXT_CRL_add_nconf(CONF
*conf
, X509V3_CTX
*ctx
, const char *section
,
621 X509_EXTENSION
*X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE
) *conf
,
622 X509V3_CTX
*ctx
, int ext_nid
,
624 X509_EXTENSION
*X509V3_EXT_conf(LHASH_OF(CONF_VALUE
) *conf
, X509V3_CTX
*ctx
,
625 const char *name
, const char *value
);
626 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE
) *conf
, X509V3_CTX
*ctx
,
627 const char *section
, X509
*cert
);
628 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE
) *conf
, X509V3_CTX
*ctx
,
629 const char *section
, X509_REQ
*req
);
630 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE
) *conf
, X509V3_CTX
*ctx
,
631 const char *section
, X509_CRL
*crl
);
633 int X509V3_add_value_bool_nf(const char *name
, int asn1_bool
,
634 STACK_OF(CONF_VALUE
) **extlist
);
635 int X509V3_get_value_bool(const CONF_VALUE
*value
, int *asn1_bool
);
636 int X509V3_get_value_int(const CONF_VALUE
*value
, ASN1_INTEGER
**aint
);
637 void X509V3_set_nconf(X509V3_CTX
*ctx
, CONF
*conf
);
638 void X509V3_set_conf_lhash(X509V3_CTX
*ctx
, LHASH_OF(CONF_VALUE
) *lhash
);
641 char *X509V3_get_string(X509V3_CTX
*ctx
, const char *name
, const char *section
);
642 STACK_OF(CONF_VALUE
) *X509V3_get_section(X509V3_CTX
*ctx
, const char *section
);
643 void X509V3_string_free(X509V3_CTX
*ctx
, char *str
);
644 void X509V3_section_free(X509V3_CTX
*ctx
, STACK_OF(CONF_VALUE
) *section
);
645 void X509V3_set_ctx(X509V3_CTX
*ctx
, X509
*issuer
, X509
*subject
,
646 X509_REQ
*req
, X509_CRL
*crl
, int flags
);
648 int X509V3_add_value(const char *name
, const char *value
,
649 STACK_OF(CONF_VALUE
) **extlist
);
650 int X509V3_add_value_uchar(const char *name
, const unsigned char *value
,
651 STACK_OF(CONF_VALUE
) **extlist
);
652 int X509V3_add_value_bool(const char *name
, int asn1_bool
,
653 STACK_OF(CONF_VALUE
) **extlist
);
654 int X509V3_add_value_int(const char *name
, const ASN1_INTEGER
*aint
,
655 STACK_OF(CONF_VALUE
) **extlist
);
656 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD
*meth
, const ASN1_INTEGER
*aint
);
657 ASN1_INTEGER
*s2i_ASN1_INTEGER(X509V3_EXT_METHOD
*meth
, const char *value
);
658 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD
*meth
, const ASN1_ENUMERATED
*aint
);
659 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD
*meth
,
660 const ASN1_ENUMERATED
*aint
);
661 int X509V3_EXT_add(X509V3_EXT_METHOD
*ext
);
662 int X509V3_EXT_add_list(X509V3_EXT_METHOD
*extlist
);
663 int X509V3_EXT_add_alias(int nid_to
, int nid_from
);
664 void X509V3_EXT_cleanup(void);
666 const X509V3_EXT_METHOD
*X509V3_EXT_get(X509_EXTENSION
*ext
);
667 const X509V3_EXT_METHOD
*X509V3_EXT_get_nid(int nid
);
668 int X509V3_add_standard_extensions(void);
669 STACK_OF(CONF_VALUE
) *X509V3_parse_list(const char *line
);
670 void *X509V3_EXT_d2i(X509_EXTENSION
*ext
);
671 void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION
) *x
, int nid
, int *crit
,
674 X509_EXTENSION
*X509V3_EXT_i2d(int ext_nid
, int crit
, void *ext_struc
);
675 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION
) **x
, int nid
, void *value
,
676 int crit
, unsigned long flags
);
678 #ifndef OPENSSL_NO_DEPRECATED_1_1_0
679 /* The new declarations are in crypto.h, but the old ones were here. */
680 # define hex_to_string OPENSSL_buf2hexstr
681 # define string_to_hex OPENSSL_hexstr2buf
684 void X509V3_EXT_val_prn(BIO
*out
, STACK_OF(CONF_VALUE
) *val
, int indent
,
686 int X509V3_EXT_print(BIO
*out
, X509_EXTENSION
*ext
, unsigned long flag
,
688 #ifndef OPENSSL_NO_STDIO
689 int X509V3_EXT_print_fp(FILE *out
, X509_EXTENSION
*ext
, int flag
, int indent
);
691 int X509V3_extensions_print(BIO
*out
, const char *title
,
692 const STACK_OF(X509_EXTENSION
) *exts
,
693 unsigned long flag
, int indent
);
695 int X509_check_ca(X509
*x
);
696 int X509_check_purpose(X509
*x
, int id
, int ca
);
697 int X509_supported_extension(X509_EXTENSION
*ex
);
698 int X509_PURPOSE_set(int *p
, int purpose
);
699 int X509_check_issued(X509
*issuer
, X509
*subject
);
700 int X509_check_akid(const X509
*issuer
, const AUTHORITY_KEYID
*akid
);
701 void X509_set_proxy_flag(X509
*x
);
702 void X509_set_proxy_pathlen(X509
*x
, long l
);
703 long X509_get_proxy_pathlen(X509
*x
);
705 uint32_t X509_get_extension_flags(X509
*x
);
706 uint32_t X509_get_key_usage(X509
*x
);
707 uint32_t X509_get_extended_key_usage(X509
*x
);
708 const ASN1_OCTET_STRING
*X509_get0_subject_key_id(X509
*x
);
709 const ASN1_OCTET_STRING
*X509_get0_authority_key_id(X509
*x
);
710 const GENERAL_NAMES
*X509_get0_authority_issuer(X509
*x
);
711 const ASN1_INTEGER
*X509_get0_authority_serial(X509
*x
);
713 int X509_PURPOSE_get_count(void);
714 X509_PURPOSE
*X509_PURPOSE_get0(int idx
);
715 int X509_PURPOSE_get_by_sname(const char *sname
);
716 int X509_PURPOSE_get_by_id(int id
);
717 int X509_PURPOSE_add(int id
, int trust
, int flags
,
718 int (*ck
) (const X509_PURPOSE
*, const X509
*, int),
719 const char *name
, const char *sname
, void *arg
);
720 char *X509_PURPOSE_get0_name(const X509_PURPOSE
*xp
);
721 char *X509_PURPOSE_get0_sname(const X509_PURPOSE
*xp
);
722 int X509_PURPOSE_get_trust(const X509_PURPOSE
*xp
);
723 void X509_PURPOSE_cleanup(void);
724 int X509_PURPOSE_get_id(const X509_PURPOSE
*);
726 STACK_OF(OPENSSL_STRING
) *X509_get1_email(X509
*x
);
727 STACK_OF(OPENSSL_STRING
) *X509_REQ_get1_email(X509_REQ
*x
);
728 void X509_email_free(STACK_OF(OPENSSL_STRING
) *sk
);
729 STACK_OF(OPENSSL_STRING
) *X509_get1_ocsp(X509
*x
);
730 /* Flags for X509_check_* functions */
733 * Always check subject name for host match even if subject alt names present
735 # define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
736 /* Disable wildcard matching for dnsName fields and common name. */
737 # define X509_CHECK_FLAG_NO_WILDCARDS 0x2
738 /* Wildcards must not match a partial label. */
739 # define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
740 /* Allow (non-partial) wildcards to match multiple labels. */
741 # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
742 /* Constraint verifier subdomain patterns to match a single labels. */
743 # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
744 /* Never check the subject CN */
745 # define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
747 * Match reference identifiers starting with "." to any sub-domain.
748 * This is a non-public flag, turned on implicitly when the subject
749 * reference identity is a DNS name.
751 # define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
753 int X509_check_host(X509
*x
, const char *chk
, size_t chklen
,
754 unsigned int flags
, char **peername
);
755 int X509_check_email(X509
*x
, const char *chk
, size_t chklen
,
757 int X509_check_ip(X509
*x
, const unsigned char *chk
, size_t chklen
,
759 int X509_check_ip_asc(X509
*x
, const char *ipasc
, unsigned int flags
);
761 ASN1_OCTET_STRING
*a2i_IPADDRESS(const char *ipasc
);
762 ASN1_OCTET_STRING
*a2i_IPADDRESS_NC(const char *ipasc
);
763 int X509V3_NAME_from_section(X509_NAME
*nm
, STACK_OF(CONF_VALUE
) *dn_sk
,
764 unsigned long chtype
);
766 void X509_POLICY_NODE_print(BIO
*out
, X509_POLICY_NODE
*node
, int indent
);
768 generate_stack_macros("X509_POLICY_NODE");
772 #ifndef OPENSSL_NO_RFC3779
773 typedef struct ASRange_st
{
774 ASN1_INTEGER
*min
, *max
;
777 # define ASIdOrRange_id 0
778 # define ASIdOrRange_range 1
780 typedef struct ASIdOrRange_st
{
789 generate_stack_macros("ASIdOrRange");
792 typedef STACK_OF(ASIdOrRange
) ASIdOrRanges
;
794 # define ASIdentifierChoice_inherit 0
795 # define ASIdentifierChoice_asIdsOrRanges 1
797 typedef struct ASIdentifierChoice_st
{
801 ASIdOrRanges
*asIdsOrRanges
;
803 } ASIdentifierChoice
;
805 typedef struct ASIdentifiers_st
{
806 ASIdentifierChoice
*asnum
, *rdi
;
809 DECLARE_ASN1_FUNCTIONS(ASRange
)
810 DECLARE_ASN1_FUNCTIONS(ASIdOrRange
)
811 DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice
)
812 DECLARE_ASN1_FUNCTIONS(ASIdentifiers
)
814 typedef struct IPAddressRange_st
{
815 ASN1_BIT_STRING
*min
, *max
;
818 # define IPAddressOrRange_addressPrefix 0
819 # define IPAddressOrRange_addressRange 1
821 typedef struct IPAddressOrRange_st
{
824 ASN1_BIT_STRING
*addressPrefix
;
825 IPAddressRange
*addressRange
;
830 generate_stack_macros("IPAddressOrRange");
833 typedef STACK_OF(IPAddressOrRange
) IPAddressOrRanges
;
835 # define IPAddressChoice_inherit 0
836 # define IPAddressChoice_addressesOrRanges 1
838 typedef struct IPAddressChoice_st
{
842 IPAddressOrRanges
*addressesOrRanges
;
846 typedef struct IPAddressFamily_st
{
847 ASN1_OCTET_STRING
*addressFamily
;
848 IPAddressChoice
*ipAddressChoice
;
852 generate_stack_macros("IPAddressFamily");
856 typedef STACK_OF(IPAddressFamily
) IPAddrBlocks
;
858 DECLARE_ASN1_FUNCTIONS(IPAddressRange
)
859 DECLARE_ASN1_FUNCTIONS(IPAddressOrRange
)
860 DECLARE_ASN1_FUNCTIONS(IPAddressChoice
)
861 DECLARE_ASN1_FUNCTIONS(IPAddressFamily
)
864 * API tag for elements of the ASIdentifer SEQUENCE.
866 # define V3_ASID_ASNUM 0
867 # define V3_ASID_RDI 1
870 * AFI values, assigned by IANA. It'd be nice to make the AFI
871 * handling code totally generic, but there are too many little things
872 * that would need to be defined for other address families for it to
873 * be worth the trouble.
875 # define IANA_AFI_IPV4 1
876 # define IANA_AFI_IPV6 2
879 * Utilities to construct and extract values from RFC3779 extensions,
880 * since some of the encodings (particularly for IP address prefixes
881 * and ranges) are a bit tedious to work with directly.
883 int X509v3_asid_add_inherit(ASIdentifiers
*asid
, int which
);
884 int X509v3_asid_add_id_or_range(ASIdentifiers
*asid
, int which
,
885 ASN1_INTEGER
*min
, ASN1_INTEGER
*max
);
886 int X509v3_addr_add_inherit(IPAddrBlocks
*addr
,
887 const unsigned afi
, const unsigned *safi
);
888 int X509v3_addr_add_prefix(IPAddrBlocks
*addr
,
889 const unsigned afi
, const unsigned *safi
,
890 unsigned char *a
, const int prefixlen
);
891 int X509v3_addr_add_range(IPAddrBlocks
*addr
,
892 const unsigned afi
, const unsigned *safi
,
893 unsigned char *min
, unsigned char *max
);
894 unsigned X509v3_addr_get_afi(const IPAddressFamily
*f
);
895 int X509v3_addr_get_range(IPAddressOrRange
*aor
, const unsigned afi
,
896 unsigned char *min
, unsigned char *max
,
902 int X509v3_asid_is_canonical(ASIdentifiers
*asid
);
903 int X509v3_addr_is_canonical(IPAddrBlocks
*addr
);
904 int X509v3_asid_canonize(ASIdentifiers
*asid
);
905 int X509v3_addr_canonize(IPAddrBlocks
*addr
);
908 * Tests for inheritance and containment.
910 int X509v3_asid_inherits(ASIdentifiers
*asid
);
911 int X509v3_addr_inherits(IPAddrBlocks
*addr
);
912 int X509v3_asid_subset(ASIdentifiers
*a
, ASIdentifiers
*b
);
913 int X509v3_addr_subset(IPAddrBlocks
*a
, IPAddrBlocks
*b
);
916 * Check whether RFC 3779 extensions nest properly in chains.
918 int X509v3_asid_validate_path(X509_STORE_CTX
*);
919 int X509v3_addr_validate_path(X509_STORE_CTX
*);
920 int X509v3_asid_validate_resource_set(STACK_OF(X509
) *chain
,
922 int allow_inheritance
);
923 int X509v3_addr_validate_resource_set(STACK_OF(X509
) *chain
,
924 IPAddrBlocks
*ext
, int allow_inheritance
);
926 #endif /* OPENSSL_NO_RFC3779 */
929 generate_stack_macros("ASN1_STRING");
935 typedef struct NamingAuthority_st NAMING_AUTHORITY
;
936 typedef struct ProfessionInfo_st PROFESSION_INFO
;
937 typedef struct Admissions_st ADMISSIONS
;
938 typedef struct AdmissionSyntax_st ADMISSION_SYNTAX
;
939 DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY
)
940 DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO
)
941 DECLARE_ASN1_FUNCTIONS(ADMISSIONS
)
942 DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX
)
944 generate_stack_macros("PROFESSION_INFO")
945 .generate_stack_macros("ADMISSIONS");
947 typedef STACK_OF(PROFESSION_INFO
) PROFESSION_INFOS
;
949 const ASN1_OBJECT
*NAMING_AUTHORITY_get0_authorityId(
950 const NAMING_AUTHORITY
*n
);
951 const ASN1_IA5STRING
*NAMING_AUTHORITY_get0_authorityURL(
952 const NAMING_AUTHORITY
*n
);
953 const ASN1_STRING
*NAMING_AUTHORITY_get0_authorityText(
954 const NAMING_AUTHORITY
*n
);
955 void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY
*n
,
956 ASN1_OBJECT
* namingAuthorityId
);
957 void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY
*n
,
958 ASN1_IA5STRING
* namingAuthorityUrl
);
959 void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY
*n
,
960 ASN1_STRING
* namingAuthorityText
);
962 const GENERAL_NAME
*ADMISSION_SYNTAX_get0_admissionAuthority(
963 const ADMISSION_SYNTAX
*as
);
964 void ADMISSION_SYNTAX_set0_admissionAuthority(
965 ADMISSION_SYNTAX
*as
, GENERAL_NAME
*aa
);
966 const STACK_OF(ADMISSIONS
) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
967 const ADMISSION_SYNTAX
*as
);
968 void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
969 ADMISSION_SYNTAX
*as
, STACK_OF(ADMISSIONS
) *a
);
970 const GENERAL_NAME
*ADMISSIONS_get0_admissionAuthority(const ADMISSIONS
*a
);
971 void ADMISSIONS_set0_admissionAuthority(ADMISSIONS
*a
, GENERAL_NAME
*aa
);
972 const NAMING_AUTHORITY
*ADMISSIONS_get0_namingAuthority(const ADMISSIONS
*a
);
973 void ADMISSIONS_set0_namingAuthority(ADMISSIONS
*a
, NAMING_AUTHORITY
*na
);
974 const PROFESSION_INFOS
*ADMISSIONS_get0_professionInfos(const ADMISSIONS
*a
);
975 void ADMISSIONS_set0_professionInfos(ADMISSIONS
*a
, PROFESSION_INFOS
*pi
);
976 const ASN1_OCTET_STRING
*PROFESSION_INFO_get0_addProfessionInfo(
977 const PROFESSION_INFO
*pi
);
978 void PROFESSION_INFO_set0_addProfessionInfo(
979 PROFESSION_INFO
*pi
, ASN1_OCTET_STRING
*aos
);
980 const NAMING_AUTHORITY
*PROFESSION_INFO_get0_namingAuthority(
981 const PROFESSION_INFO
*pi
);
982 void PROFESSION_INFO_set0_namingAuthority(
983 PROFESSION_INFO
*pi
, NAMING_AUTHORITY
*na
);
984 const STACK_OF(ASN1_STRING
) *PROFESSION_INFO_get0_professionItems(
985 const PROFESSION_INFO
*pi
);
986 void PROFESSION_INFO_set0_professionItems(
987 PROFESSION_INFO
*pi
, STACK_OF(ASN1_STRING
) *as
);
988 const STACK_OF(ASN1_OBJECT
) *PROFESSION_INFO_get0_professionOIDs(
989 const PROFESSION_INFO
*pi
);
990 void PROFESSION_INFO_set0_professionOIDs(
991 PROFESSION_INFO
*pi
, STACK_OF(ASN1_OBJECT
) *po
);
992 const ASN1_PRINTABLESTRING
*PROFESSION_INFO_get0_registrationNumber(
993 const PROFESSION_INFO
*pi
);
994 void PROFESSION_INFO_set0_registrationNumber(
995 PROFESSION_INFO
*pi
, ASN1_PRINTABLESTRING
*rn
);