| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | X509V3_set_ctx,
|
|---|
| 6 | X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
|
|---|
| 7 |
|
|---|
| 8 | =head1 SYNOPSIS
|
|---|
| 9 |
|
|---|
| 10 | #include <openssl/x509v3.h>
|
|---|
| 11 |
|
|---|
| 12 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
|
|---|
| 13 | X509_REQ *req, X509_CRL *crl, int flags);
|
|---|
| 14 | int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);
|
|---|
| 15 |
|
|---|
| 16 | =head1 DESCRIPTION
|
|---|
| 17 |
|
|---|
| 18 | X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
|
|---|
| 19 | providing details potentially needed by functions producing X509 v3 extensions,
|
|---|
| 20 | e.g., to look up values for filling in authority key identifiers.
|
|---|
| 21 | Any of I<subject>, I<req>, or I<crl> may be provided, pointing to a certificate,
|
|---|
| 22 | certification request, or certificate revocation list, respectively.
|
|---|
| 23 | When constructing the subject key identifier of a certificate by computing a
|
|---|
| 24 | hash value of its public key, the public key is taken from I<subject> or I<req>.
|
|---|
| 25 | Similarly, when constructing subject alternative names from any email addresses
|
|---|
| 26 | contained in a subject DN, the subject DN is taken from I<subject> or I<req>.
|
|---|
| 27 | If I<subject> or I<crl> is provided, I<issuer> should point to its issuer,
|
|---|
| 28 | for instance to help generating an authority key identifier extension.
|
|---|
| 29 | Note that if I<subject> is provided, I<issuer> may be the same as I<subject>,
|
|---|
| 30 | which means that I<subject> is self-issued (or even self-signed).
|
|---|
| 31 | I<flags> may be 0
|
|---|
| 32 | or contain B<X509V3_CTX_TEST>, which means that just the syntax of
|
|---|
| 33 | extension definitions is to be checked without actually producing an extension,
|
|---|
| 34 | or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
|
|---|
| 35 | defined in some configuration section shall replace any already existing
|
|---|
| 36 | extension with the same OID.
|
|---|
| 37 |
|
|---|
| 38 | X509V3_set_issuer_pkey() explicitly sets the issuer private key of
|
|---|
| 39 | the certificate that has been provided in I<ctx>.
|
|---|
| 40 | This should be done for self-issued certificates (which may be self-signed
|
|---|
| 41 | or not) to provide fallback data for the authority key identifier extension.
|
|---|
| 42 |
|
|---|
| 43 | =head1 RETURN VALUES
|
|---|
| 44 |
|
|---|
| 45 | X509V3_set_ctx() and X509V3_set_issuer_pkey()
|
|---|
| 46 | return 1 on success and 0 on error.
|
|---|
| 47 |
|
|---|
| 48 | =head1 SEE ALSO
|
|---|
| 49 |
|
|---|
| 50 | L<X509_add_ext(3)>
|
|---|
| 51 |
|
|---|
| 52 | =head1 HISTORY
|
|---|
| 53 |
|
|---|
| 54 | X509V3_set_issuer_pkey() was added in OpenSSL 3.0.
|
|---|
| 55 |
|
|---|
| 56 | CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
|
|---|
| 57 |
|
|---|
| 58 | =head1 COPYRIGHT
|
|---|
| 59 |
|
|---|
| 60 | Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 61 |
|
|---|
| 62 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 63 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 64 | in the file LICENSE in the source distribution or at
|
|---|
| 65 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 66 |
|
|---|
| 67 | =cut
|
|---|
