NAME
X509_EXTENSION_new
,
X509_EXTENSION_dup
,
X509_EXTENSION_free
,
X509_EXTENSION_create_by_NID
,
X509_EXTENSION_create_by_OBJ
,
X509_EXTENSION_set_object
,
X509_EXTENSION_set_critical
,
X509_EXTENSION_set_data
,
X509_EXTENSION_get_object
,
X509_EXTENSION_get_critical
,
X509_EXTENSION_get_data
—
create, change, and inspect X.509
Extension objects
SYNOPSIS
#include
<openssl/x509.h>
X509_EXTENSION *
X509_EXTENSION_new
(void);
X509_EXTENSION *
X509_EXTENSION_dup
(X509_EXTENSION
*ex);
void
X509_EXTENSION_free
(X509_EXTENSION
*ex);
X509_EXTENSION *
X509_EXTENSION_create_by_NID
(X509_EXTENSION
**ex, int nid, int crit,
ASN1_OCTET_STRING *data);
X509_EXTENSION *
X509_EXTENSION_create_by_OBJ
(X509_EXTENSION
**ex, const ASN1_OBJECT *obj,
int crit, ASN1_OCTET_STRING
*data);
int
X509_EXTENSION_set_object
(X509_EXTENSION
*ex, const ASN1_OBJECT *obj);
int
X509_EXTENSION_set_critical
(X509_EXTENSION
*ex, int crit);
int
X509_EXTENSION_set_data
(X509_EXTENSION
*ex, ASN1_OCTET_STRING *data);
ASN1_OBJECT *
X509_EXTENSION_get_object
(X509_EXTENSION
*ex);
int
X509_EXTENSION_get_critical
(const
X509_EXTENSION *ex);
ASN1_OCTET_STRING *
X509_EXTENSION_get_data
(X509_EXTENSION
*ex);
DESCRIPTION
X509_EXTENSION_new
()
allocates and initializes an empty X509_EXTENSION
object, representing an ASN.1 Extension structure
defined in RFC 5280 section 4.1. It is a wrapper object around specific
extension objects of different types and stores an extension type identifier
and a criticality flag in addition to the DER-encoded form of the wrapped
object. X509_EXTENSION objects can be used for X.509
v3 certificates inside X509_CINF objects and for X.509
v2 certificate revocation lists inside X509_CRL_INFO
and X509_REVOKED objects.
X509_EXTENSION_dup
()
creates a deep copy of ex using
ASN1_item_dup(3).
X509_EXTENSION_free
()
frees ex and all objects it is using.
X509_EXTENSION_create_by_NID
()
creates an extension of type nid and criticality
crit using data data. The
created extension is returned and written to *ex
reusing or allocating a new extension if necessary, so
*ex should either be NULL
or a
valid X509_EXTENSION structure. It must not be an
uninitialised pointer.
X509_EXTENSION_create_by_OBJ
()
is identical to X509_EXTENSION_create_by_NID
()
except that it creates an extension using obj instead
of a NID.
X509_EXTENSION_set_object
()
sets the extension type of ex to
obj. The obj pointer is
duplicated internally so obj should be freed up after
use.
X509_EXTENSION_set_critical
()
sets the criticality of ex to
crit. If crit is zero, the
extension in non-critical, otherwise it is critical.
X509_EXTENSION_set_data
()
sets the data in extension ex to
data. The data pointer is
duplicated internally.
X509_EXTENSION_get_object
()
returns the extension type of ex as an
ASN1_OBJECT pointer. The returned pointer is an
internal value which must not be freed up.
X509_EXTENSION_get_critical
()
returns the criticality of extension ex it returns 1
for critical and 0 for non-critical.
X509_EXTENSION_get_data
()
returns the data of extension ex. The returned pointer
is an internal value which must not be freed up.
These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d(3) and X509_get_ext_d2i(3).
The data associated with an extension is the extension encoding in an ASN1_OCTET_STRING structure.
RETURN VALUES
X509_EXTENSION_new
(),
X509_EXTENSION_dup
(),
X509_EXTENSION_create_by_NID
(), and
X509_EXTENSION_create_by_OBJ
() return an
X509_EXTENSION pointer or NULL
if an error occurs.
X509_EXTENSION_set_object
(),
X509_EXTENSION_set_critical
(), and
X509_EXTENSION_set_data
() return 1 for success or 0
for failure.
X509_EXTENSION_get_object
() returns an
ASN1_OBJECT pointer.
X509_EXTENSION_get_critical
() returns 0
for non-critical or 1 for critical.
X509_EXTENSION_get_data
() returns an
ASN1_OCTET_STRING pointer.
SEE ALSO
ACCESS_DESCRIPTION_new(3), AUTHORITY_KEYID_new(3), BASIC_CONSTRAINTS_new(3), d2i_X509_EXTENSION(3), DIST_POINT_new(3), ESS_SIGNING_CERT_new(3), EXTENDED_KEY_USAGE_new(3), GENERAL_NAME_new(3), NAME_CONSTRAINTS_new(3), OCSP_CRLID_new(3), OCSP_SERVICELOC_new(3), PKEY_USAGE_PERIOD_new(3), POLICYINFO_new(3), TS_REQ_new(3), X509_check_ca(3), X509_check_host(3), X509_check_issued(3), X509_get_extension_flags(3), X509_REQ_add_extensions(3), X509V3_EXT_get_nid(3), X509V3_EXT_print(3), X509V3_extensions_print(3), X509V3_get_d2i(3), X509v3_get_ext_by_NID(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
HISTORY
X509_EXTENSION_new
() and
X509_EXTENSION_free
() first appeared in SSLeay
0.6.2, X509_EXTENSION_dup
() in SSLeay 0.6.5, and
X509_EXTENSION_create_by_NID
(),
X509_EXTENSION_create_by_OBJ
(),
X509_EXTENSION_set_object
(),
X509_EXTENSION_set_critical
(),
X509_EXTENSION_set_data
(),
X509_EXTENSION_get_object
(),
X509_EXTENSION_get_critical
(), and
X509_EXTENSION_get_data
() in SSLeay 0.8.0. These
functions have been available since OpenBSD 2.4.