NAME
X509_keyid_set1
,
X509_keyid_get0
,
X509_alias_set1
,
X509_alias_get0
—
auxiliary certificate data for
PKCS#12
SYNOPSIS
#include
<openssl/x509.h>
int
X509_keyid_set1
(X509 *x,
const unsigned char *data, int
len);
unsigned char *
X509_keyid_get0
(X509 *x,
int *plen);
int
X509_alias_set1
(X509 *x,
const unsigned char *data, int
len);
unsigned char *
X509_alias_get0
(X509 *x,
int *plen);
DESCRIPTION
These functions store non-standard auxiliary data in x and retrieve it.
The len bytes of
data stored using
X509_keyid_set1
()
will be written to the
localKeyID
attribute of the PKCS#12 structure if
PKCS12_create(3) is later called on x, and the
data stored using
X509_alias_set1
()
will be written to the
friendlyName
attribute. If data points to a NUL-terminated string,
-1 can be passed as the len argument to let
len be calculated internally using
strlen(3).
If a NULL
pointer is passed as the
data argument, the respective auxiliary data stored in
x, if any, is removed from x and
freed.
Conversely,
PKCS12_parse(3) retrieves these attributes from a PKCS#12 structure
such that they can subsequently be accessed with
X509_keyid_get0
()
and
X509_alias_get0
().
Unless NULL
is passed for the
plen argument, these functions store the size of the
returned buffer in bytes in *plen. After the call, the
returned buffer is not necessarily NUL-terminated, but it may contain
internal NUL bytes.
API design is very incomplete; given the complexity of PKCS#12, that's probably an asset rather than a defect. The PKCS#12 standard defines many attributes that cannot be stored in X509 objects.
To associate certificates with alternative names and key
identifiers, X.509 certificate extensions are more commonly used than
PKCS#12 attributes, for example using
X509_EXTENSION_create_by_NID(3) with
NID_subject_alt_name
or
NID_subject_key_identifier
.
RETURN VALUES
X509_keyid_set1
() and
X509_alias_set1
() return 1 if
data is NULL
or if the input
data was successfully copied into
x, or 0 if data is not
NULL
but could not be copied because
x is NULL
or memory allocation
failed.
X509_keyid_get0
() and
X509_alias_get0
() return an internal pointer to an
array of bytes or NULL
if x
does not contain auxiliary data of the requested kind.
SEE ALSO
ASN1_STRING_set(3), X509_CERT_AUX_new(3), X509_EXTENSION_new(3), X509_new(3), X509V3_get_d2i(3)
HISTORY
X509_alias_set1
() and
X509_alias_get0
() first appeared in OpenSSL 0.9.5
and have been available since OpenBSD 2.7.
X509_keyid_set1
() first appeared in
OpenSSL 0.9.6 and has been available since OpenBSD
2.9.
X509_keyid_get0
() first appeared in
OpenSSL 0.9.8 and has been available since OpenBSD
4.5.