libcrypto/man/X509_EXTENSION_set_object.3

*a197a99eSschwarze.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.19 2024/12/28 11:04:09 schwarze Exp $
877d0413Sschwarze.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
a0fbd016Sschwarze.\"
fcf58271Sschwarze.\" This file is a derived work.
fcf58271Sschwarze.\" The changes are covered by the following Copyright and license:
fcf58271Sschwarze.\"
*a197a99eSschwarze.\" Copyright (c) 2016, 2021, 2024 Ingo Schwarze <schwarze@openbsd.org>
fcf58271Sschwarze.\"
fcf58271Sschwarze.\" Permission to use, copy, modify, and distribute this software for any
fcf58271Sschwarze.\" purpose with or without fee is hereby granted, provided that the above
fcf58271Sschwarze.\" copyright notice and this permission notice appear in all copies.
fcf58271Sschwarze.\"
fcf58271Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
fcf58271Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
fcf58271Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
fcf58271Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
fcf58271Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
fcf58271Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
fcf58271Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
fcf58271Sschwarze.\"
fcf58271Sschwarze.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
a0fbd016Sschwarze.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" Redistribution and use in source and binary forms, with or without
a0fbd016Sschwarze.\" modification, are permitted provided that the following conditions
a0fbd016Sschwarze.\" are met:
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" 1. Redistributions of source code must retain the above copyright
a0fbd016Sschwarze.\"    notice, this list of conditions and the following disclaimer.
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" 2. Redistributions in binary form must reproduce the above copyright
a0fbd016Sschwarze.\"    notice, this list of conditions and the following disclaimer in
a0fbd016Sschwarze.\"    the documentation and/or other materials provided with the
a0fbd016Sschwarze.\"    distribution.
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" 3. All advertising materials mentioning features or use of this
a0fbd016Sschwarze.\"    software must display the following acknowledgment:
a0fbd016Sschwarze.\"    "This product includes software developed by the OpenSSL Project
a0fbd016Sschwarze.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
a0fbd016Sschwarze.\"    endorse or promote products derived from this software without
a0fbd016Sschwarze.\"    prior written permission. For written permission, please contact
a0fbd016Sschwarze.\"    openssl-core@openssl.org.
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" 5. Products derived from this software may not be called "OpenSSL"
a0fbd016Sschwarze.\"    nor may "OpenSSL" appear in their names without prior written
a0fbd016Sschwarze.\"    permission of the OpenSSL Project.
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" 6. Redistributions of any form whatsoever must retain the following
a0fbd016Sschwarze.\"    acknowledgment:
a0fbd016Sschwarze.\"    "This product includes software developed by the OpenSSL Project
a0fbd016Sschwarze.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
a0fbd016Sschwarze.\"
a0fbd016Sschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
a0fbd016Sschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
a0fbd016Sschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
a0fbd016Sschwarze.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
a0fbd016Sschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
a0fbd016Sschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
a0fbd016Sschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
a0fbd016Sschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
a0fbd016Sschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
a0fbd016Sschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
a0fbd016Sschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
a0fbd016Sschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE.
a0fbd016Sschwarze.\"
*a197a99eSschwarze.Dd $Mdocdate: December 28 2024 $
a0fbd016Sschwarze.Dt X509_EXTENSION_SET_OBJECT 3
a0fbd016Sschwarze.Os
a0fbd016Sschwarze.Sh NAME
fcf58271Sschwarze.Nm X509_EXTENSION_new ,
877d0413Sschwarze.Nm X509_EXTENSION_dup ,
fcf58271Sschwarze.Nm X509_EXTENSION_free ,
fcf58271Sschwarze.Nm X509_EXTENSION_create_by_NID ,
fcf58271Sschwarze.Nm X509_EXTENSION_create_by_OBJ ,
a0fbd016Sschwarze.Nm X509_EXTENSION_set_object ,
a0fbd016Sschwarze.Nm X509_EXTENSION_set_critical ,
a0fbd016Sschwarze.Nm X509_EXTENSION_set_data ,
a0fbd016Sschwarze.Nm X509_EXTENSION_get_object ,
a0fbd016Sschwarze.Nm X509_EXTENSION_get_critical ,
*a197a99eSschwarze.Nm X509_EXTENSION_get_data ,
*a197a99eSschwarze.Nm X509_supported_extension
49864eb8Sschwarze.\" In the next line, the capital "E" is not a typo.
49864eb8Sschwarze.\" The ASN.1 structure is called "Extension", not "extension".
fcf58271Sschwarze.Nd create, change, and inspect X.509 Extension objects
a0fbd016Sschwarze.Sh SYNOPSIS
fcf58271Sschwarze.In openssl/x509.h
fcf58271Sschwarze.Ft X509_EXTENSION *
fcf58271Sschwarze.Fn X509_EXTENSION_new void
877d0413Sschwarze.Ft X509_EXTENSION *
877d0413Sschwarze.Fn X509_EXTENSION_dup "X509_EXTENSION *ex"
fcf58271Sschwarze.Ft void
fcf58271Sschwarze.Fn X509_EXTENSION_free "X509_EXTENSION *ex"
fcf58271Sschwarze.Ft X509_EXTENSION *
fcf58271Sschwarze.Fo X509_EXTENSION_create_by_NID
fcf58271Sschwarze.Fa "X509_EXTENSION **ex"
fcf58271Sschwarze.Fa "int nid"
fcf58271Sschwarze.Fa "int crit"
fcf58271Sschwarze.Fa "ASN1_OCTET_STRING *data"
fcf58271Sschwarze.Fc
fcf58271Sschwarze.Ft X509_EXTENSION *
fcf58271Sschwarze.Fo X509_EXTENSION_create_by_OBJ
fcf58271Sschwarze.Fa "X509_EXTENSION **ex"
877d0413Sschwarze.Fa "const ASN1_OBJECT *obj"
fcf58271Sschwarze.Fa "int crit"
fcf58271Sschwarze.Fa "ASN1_OCTET_STRING *data"
fcf58271Sschwarze.Fc
a0fbd016Sschwarze.Ft int
a0fbd016Sschwarze.Fo X509_EXTENSION_set_object
a0fbd016Sschwarze.Fa "X509_EXTENSION *ex"
5e64f191Sschwarze.Fa "const ASN1_OBJECT *obj"
a0fbd016Sschwarze.Fc
a0fbd016Sschwarze.Ft int
a0fbd016Sschwarze.Fo X509_EXTENSION_set_critical
a0fbd016Sschwarze.Fa "X509_EXTENSION *ex"
a0fbd016Sschwarze.Fa "int crit"
a0fbd016Sschwarze.Fc
a0fbd016Sschwarze.Ft int
a0fbd016Sschwarze.Fo X509_EXTENSION_set_data
a0fbd016Sschwarze.Fa "X509_EXTENSION *ex"
a0fbd016Sschwarze.Fa "ASN1_OCTET_STRING *data"
a0fbd016Sschwarze.Fc
a0fbd016Sschwarze.Ft ASN1_OBJECT *
a0fbd016Sschwarze.Fo X509_EXTENSION_get_object
a0fbd016Sschwarze.Fa "X509_EXTENSION *ex"
a0fbd016Sschwarze.Fc
a0fbd016Sschwarze.Ft int
a0fbd016Sschwarze.Fo X509_EXTENSION_get_critical
5e64f191Sschwarze.Fa "const X509_EXTENSION *ex"
a0fbd016Sschwarze.Fc
a0fbd016Sschwarze.Ft ASN1_OCTET_STRING *
a0fbd016Sschwarze.Fo X509_EXTENSION_get_data
877d0413Sschwarze.Fa "X509_EXTENSION *ex"
a0fbd016Sschwarze.Fc
*a197a99eSschwarze.Ft int
*a197a99eSschwarze.Fo X509_supported_extension
*a197a99eSschwarze.Fa "X509_EXTENSION *ex"
*a197a99eSschwarze.Fc
a0fbd016Sschwarze.Sh DESCRIPTION
fcf58271Sschwarze.Fn X509_EXTENSION_new
fcf58271Sschwarzeallocates and initializes an empty
fcf58271Sschwarze.Vt X509_EXTENSION
56bc162bSschwarzeobject, representing an ASN.1
56bc162bSschwarze.Vt Extension
56bc162bSschwarzestructure defined in RFC 5280 section 4.1.
fcf58271SschwarzeIt is a wrapper object around specific extension objects of different
fcf58271Sschwarzetypes and stores an extension type identifier and a criticality
fcf58271Sschwarzeflag in addition to the DER-encoded form of the wrapped object.
fcf58271Sschwarze.Vt X509_EXTENSION
fcf58271Sschwarzeobjects can be used for X.509 v3 certificates inside
fcf58271Sschwarze.Vt X509_CINF
fcf58271Sschwarzeobjects and for X.509 v2 certificate revocation lists inside
fcf58271Sschwarze.Vt X509_CRL_INFO
fcf58271Sschwarzeand
fcf58271Sschwarze.Vt X509_REVOKED
fcf58271Sschwarzeobjects.
fcf58271Sschwarze.Pp
877d0413Sschwarze.Fn X509_EXTENSION_dup
877d0413Sschwarzecreates a deep copy of
877d0413Sschwarze.Fa ex
877d0413Sschwarzeusing
877d0413Sschwarze.Xr ASN1_item_dup 3 .
877d0413Sschwarze.Pp
fcf58271Sschwarze.Fn X509_EXTENSION_free
fcf58271Sschwarzefrees
fcf58271Sschwarze.Fa ex
fcf58271Sschwarzeand all objects it is using.
fcf58271Sschwarze.Pp
fcf58271Sschwarze.Fn X509_EXTENSION_create_by_NID
fcf58271Sschwarzecreates an extension of type
fcf58271Sschwarze.Fa nid
fcf58271Sschwarzeand criticality
fcf58271Sschwarze.Fa crit
fcf58271Sschwarzeusing data
fcf58271Sschwarze.Fa data .
fcf58271SschwarzeThe created extension is returned and written to
fcf58271Sschwarze.Pf * Fa ex
fcf58271Sschwarzereusing or allocating a new extension if necessary, so
fcf58271Sschwarze.Pf * Fa ex
fcf58271Sschwarzeshould either be
fcf58271Sschwarze.Dv NULL
fcf58271Sschwarzeor a valid
fcf58271Sschwarze.Vt X509_EXTENSION
fcf58271Sschwarzestructure.
fcf58271SschwarzeIt must not be an uninitialised pointer.
fcf58271Sschwarze.Pp
fcf58271Sschwarze.Fn X509_EXTENSION_create_by_OBJ
fcf58271Sschwarzeis identical to
fcf58271Sschwarze.Fn X509_EXTENSION_create_by_NID
fcf58271Sschwarzeexcept that it creates an extension using
fcf58271Sschwarze.Fa obj
fcf58271Sschwarzeinstead of a NID.
fcf58271Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_set_object
a0fbd016Sschwarzesets the extension type of
a0fbd016Sschwarze.Fa ex
a0fbd016Sschwarzeto
a0fbd016Sschwarze.Fa obj .
a0fbd016SschwarzeThe
a0fbd016Sschwarze.Fa obj
a0fbd016Sschwarzepointer is duplicated internally so
a0fbd016Sschwarze.Fa obj
a0fbd016Sschwarzeshould be freed up after use.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_set_critical
a0fbd016Sschwarzesets the criticality of
a0fbd016Sschwarze.Fa ex
a0fbd016Sschwarzeto
a0fbd016Sschwarze.Fa crit .
a0fbd016SschwarzeIf
a0fbd016Sschwarze.Fa crit
a0fbd016Sschwarzeis zero, the extension in non-critical, otherwise it is critical.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_set_data
a0fbd016Sschwarzesets the data in extension
a0fbd016Sschwarze.Fa ex
a0fbd016Sschwarzeto
a0fbd016Sschwarze.Fa data .
a0fbd016SschwarzeThe
a0fbd016Sschwarze.Fa data
a0fbd016Sschwarzepointer is duplicated internally.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_get_object
a0fbd016Sschwarzereturns the extension type of
a0fbd016Sschwarze.Fa ex
a0fbd016Sschwarzeas an
a0fbd016Sschwarze.Vt ASN1_OBJECT
a0fbd016Sschwarzepointer.
a0fbd016SschwarzeThe returned pointer is an internal value which must not be freed up.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_get_critical
*a197a99eSschwarzetests whether
a0fbd016Sschwarze.Fa ex
*a197a99eSschwarzeis critical.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_get_data
a0fbd016Sschwarzereturns the data of extension
a0fbd016Sschwarze.Fa ex .
a0fbd016SschwarzeThe returned pointer is an internal value which must not be freed up.
a0fbd016Sschwarze.Pp
*a197a99eSschwarze.Fn X509_supported_extension
*a197a99eSschwarzechecks whether
*a197a99eSschwarze.Fa ex
*a197a99eSschwarzeis of a type supported by the verifier.
*a197a99eSschwarzeThe list of supported extension types is hardcoded into the library.
*a197a99eSschwarzeIf an extension is critical but unsupported,
*a197a99eSschwarzethe certificate will normally be rejected.
*a197a99eSschwarze.Pp
a0fbd016SschwarzeThese functions manipulate the contents of an extension directly.
a0fbd016SschwarzeMost applications will want to parse or encode and add an extension:
a0fbd016Sschwarzethey should use the extension encode and decode functions instead
a0fbd016Sschwarzesuch as
a0fbd016Sschwarze.Xr X509_add1_ext_i2d 3
a0fbd016Sschwarzeand
a0fbd016Sschwarze.Xr X509_get_ext_d2i 3 .
a0fbd016Sschwarze.Pp
a0fbd016SschwarzeThe
a0fbd016Sschwarze.Fa data
a0fbd016Sschwarzeassociated with an extension is the extension encoding in an
a0fbd016Sschwarze.Vt ASN1_OCTET_STRING
a0fbd016Sschwarzestructure.
a0fbd016Sschwarze.Sh RETURN VALUES
fcf58271Sschwarze.Fn X509_EXTENSION_new ,
877d0413Sschwarze.Fn X509_EXTENSION_dup ,
fcf58271Sschwarze.Fn X509_EXTENSION_create_by_NID ,
a0fbd016Sschwarzeand
a0fbd016Sschwarze.Fn X509_EXTENSION_create_by_OBJ
a0fbd016Sschwarzereturn an
a0fbd016Sschwarze.Vt X509_EXTENSION
a0fbd016Sschwarzepointer or
a0fbd016Sschwarze.Dv NULL
a0fbd016Sschwarzeif an error occurs.
a0fbd016Sschwarze.Pp
fcf58271Sschwarze.Fn X509_EXTENSION_set_object ,
fcf58271Sschwarze.Fn X509_EXTENSION_set_critical ,
fcf58271Sschwarzeand
fcf58271Sschwarze.Fn X509_EXTENSION_set_data
fcf58271Sschwarzereturn 1 for success or 0 for failure.
fcf58271Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_get_object
a0fbd016Sschwarzereturns an
a0fbd016Sschwarze.Vt ASN1_OBJECT
a0fbd016Sschwarzepointer.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_get_critical
a0fbd016Sschwarzereturns 0 for non-critical or 1 for critical.
a0fbd016Sschwarze.Pp
a0fbd016Sschwarze.Fn X509_EXTENSION_get_data
a0fbd016Sschwarzereturns an
a0fbd016Sschwarze.Vt ASN1_OCTET_STRING
a0fbd016Sschwarzepointer.
*a197a99eSschwarze.Pp
*a197a99eSschwarze.Fn X509_supported_extension
*a197a99eSschwarzereturns 1 if the type of
*a197a99eSschwarze.Fa ex
*a197a99eSschwarzeis supported by the verifier or 0 otherwise.
a0fbd016Sschwarze.Sh SEE ALSO
b365cb80Sschwarze.Xr ACCESS_DESCRIPTION_new 3 ,
b365cb80Sschwarze.Xr AUTHORITY_KEYID_new 3 ,
b365cb80Sschwarze.Xr BASIC_CONSTRAINTS_new 3 ,
49864eb8Sschwarze.Xr d2i_X509_EXTENSION 3 ,
b365cb80Sschwarze.Xr DIST_POINT_new 3 ,
c4c55c71Sschwarze.Xr ESS_SIGNING_CERT_new 3 ,
b365cb80Sschwarze.Xr EXTENDED_KEY_USAGE_new 3 ,
c4c55c71Sschwarze.Xr GENERAL_NAME_new 3 ,
b365cb80Sschwarze.Xr NAME_CONSTRAINTS_new 3 ,
fcf58271Sschwarze.Xr OCSP_CRLID_new 3 ,
fcf58271Sschwarze.Xr OCSP_SERVICELOC_new 3 ,
b365cb80Sschwarze.Xr PKEY_USAGE_PERIOD_new 3 ,
b365cb80Sschwarze.Xr POLICYINFO_new 3 ,
c4c55c71Sschwarze.Xr TS_REQ_new 3 ,
c4c55c71Sschwarze.Xr X509_check_ca 3 ,
c4c55c71Sschwarze.Xr X509_check_host 3 ,
c4c55c71Sschwarze.Xr X509_check_issued 3 ,
5bcdf354Sschwarze.Xr X509_get_extension_flags 3 ,
43caf4b1Sschwarze.Xr X509_REQ_add_extensions 3 ,
f9473784Stb.Xr X509V3_EXT_get_nid 3 ,
6211ded6Sschwarze.Xr X509V3_EXT_print 3 ,
80a0aabaSschwarze.Xr X509V3_extensions_print 3 ,
fcf58271Sschwarze.Xr X509V3_get_d2i 3 ,
c6fb9ef1Sjmc.Xr X509v3_get_ext_by_NID 3
fcf58271Sschwarze.Sh STANDARDS
fcf58271SschwarzeRFC 5280: Internet X.509 Public Key Infrastructure Certificate and
fcf58271SschwarzeCertificate Revocation List (CRL) Profile
d9d184f2Sschwarze.Sh HISTORY
10e00d17Sschwarze.Fn X509_EXTENSION_new
10e00d17Sschwarzeand
10e00d17Sschwarze.Fn X509_EXTENSION_free
877d0413Sschwarzefirst appeared in SSLeay 0.6.2,
877d0413Sschwarze.Fn X509_EXTENSION_dup
877d0413Sschwarzein SSLeay 0.6.5, and
10e00d17Sschwarze.Fn X509_EXTENSION_create_by_NID ,
10e00d17Sschwarze.Fn X509_EXTENSION_create_by_OBJ ,
10e00d17Sschwarze.Fn X509_EXTENSION_set_object ,
10e00d17Sschwarze.Fn X509_EXTENSION_set_critical ,
10e00d17Sschwarze.Fn X509_EXTENSION_set_data ,
10e00d17Sschwarze.Fn X509_EXTENSION_get_object ,
10e00d17Sschwarze.Fn X509_EXTENSION_get_critical ,
10e00d17Sschwarzeand
10e00d17Sschwarze.Fn X509_EXTENSION_get_data
877d0413Sschwarzein SSLeay 0.8.0.
10e00d17SschwarzeThese functions have been available since
d9d184f2Sschwarze.Ox 2.4 .
*a197a99eSschwarze.Pp
*a197a99eSschwarze.Fn X509_supported_extension
*a197a99eSschwarzefirst appeared in OpenSSL 0.9.7 and has been available since
*a197a99eSschwarze.Ox 3.2 .