1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryX509V3_set_ctx, 6*b077aed3SPierre ProncheryX509V3_set_issuer_pkey - X.509 v3 extension generation utilities 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/x509v3.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 13*b077aed3SPierre Pronchery X509_REQ *req, X509_CRL *crl, int flags); 14*b077aed3SPierre Pronchery int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); 15*b077aed3SPierre Pronchery 16*b077aed3SPierre Pronchery=head1 DESCRIPTION 17*b077aed3SPierre Pronchery 18*b077aed3SPierre ProncheryX509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, 19*b077aed3SPierre Proncheryproviding details potentially needed by functions producing X509 v3 extensions, 20*b077aed3SPierre Proncherye.g., to look up values for filling in authority key identifiers. 21*b077aed3SPierre ProncheryAny of I<subject>, I<req>, or I<crl> may be provided, pointing to a certificate, 22*b077aed3SPierre Proncherycertification request, or certificate revocation list, respectively. 23*b077aed3SPierre ProncheryWhen constructing the subject key identifier of a certificate by computing a 24*b077aed3SPierre Proncheryhash value of its public key, the public key is taken from I<subject> or I<req>. 25*b077aed3SPierre ProncherySimilarly, when constructing subject alternative names from any email addresses 26*b077aed3SPierre Proncherycontained in a subject DN, the subject DN is taken from I<subject> or I<req>. 27*b077aed3SPierre ProncheryIf I<subject> or I<crl> is provided, I<issuer> should point to its issuer, 28*b077aed3SPierre Proncheryfor instance to help generating an authority key identifier extension. 29*b077aed3SPierre ProncheryNote that if I<subject> is provided, I<issuer> may be the same as I<subject>, 30*b077aed3SPierre Proncherywhich means that I<subject> is self-issued (or even self-signed). 31*b077aed3SPierre ProncheryI<flags> may be 0 32*b077aed3SPierre Proncheryor contain B<X509V3_CTX_TEST>, which means that just the syntax of 33*b077aed3SPierre Proncheryextension definitions is to be checked without actually producing an extension, 34*b077aed3SPierre Proncheryor B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as 35*b077aed3SPierre Proncherydefined in some configuration section shall replace any already existing 36*b077aed3SPierre Proncheryextension with the same OID. 37*b077aed3SPierre Pronchery 38*b077aed3SPierre ProncheryX509V3_set_issuer_pkey() explicitly sets the issuer private key of 39*b077aed3SPierre Proncherythe certificate that has been provided in I<ctx>. 40*b077aed3SPierre ProncheryThis should be done for self-issued certificates (which may be self-signed 41*b077aed3SPierre Proncheryor not) to provide fallback data for the authority key identifier extension. 42*b077aed3SPierre Pronchery 43*b077aed3SPierre Pronchery=head1 RETURN VALUES 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryX509V3_set_ctx() and X509V3_set_issuer_pkey() 46*b077aed3SPierre Proncheryreturn 1 on success and 0 on error. 47*b077aed3SPierre Pronchery 48*b077aed3SPierre Pronchery=head1 SEE ALSO 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryL<X509_add_ext(3)> 51*b077aed3SPierre Pronchery 52*b077aed3SPierre Pronchery=head1 HISTORY 53*b077aed3SPierre Pronchery 54*b077aed3SPierre ProncheryX509V3_set_issuer_pkey() was added in OpenSSL 3.0. 55*b077aed3SPierre Pronchery 56*b077aed3SPierre ProncheryCTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. 57*b077aed3SPierre Pronchery 58*b077aed3SPierre Pronchery=head1 COPYRIGHT 59*b077aed3SPierre Pronchery 60*b077aed3SPierre ProncheryCopyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 61*b077aed3SPierre Pronchery 62*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 63*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 64*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 65*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 66*b077aed3SPierre Pronchery 67*b077aed3SPierre Pronchery=cut 68