10Sstevel@tonic-gate /* x509v3.h */ 20Sstevel@tonic-gate /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 30Sstevel@tonic-gate * project 1999. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate /* ==================================================================== 6*2139Sjp161948 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 90Sstevel@tonic-gate * modification, are permitted provided that the following conditions 100Sstevel@tonic-gate * are met: 110Sstevel@tonic-gate * 120Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright 130Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 140Sstevel@tonic-gate * 150Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 160Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in 170Sstevel@tonic-gate * the documentation and/or other materials provided with the 180Sstevel@tonic-gate * distribution. 190Sstevel@tonic-gate * 200Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this 210Sstevel@tonic-gate * software must display the following acknowledgment: 220Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project 230Sstevel@tonic-gate * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 240Sstevel@tonic-gate * 250Sstevel@tonic-gate * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 260Sstevel@tonic-gate * endorse or promote products derived from this software without 270Sstevel@tonic-gate * prior written permission. For written permission, please contact 280Sstevel@tonic-gate * licensing@OpenSSL.org. 290Sstevel@tonic-gate * 300Sstevel@tonic-gate * 5. Products derived from this software may not be called "OpenSSL" 310Sstevel@tonic-gate * nor may "OpenSSL" appear in their names without prior written 320Sstevel@tonic-gate * permission of the OpenSSL Project. 330Sstevel@tonic-gate * 340Sstevel@tonic-gate * 6. Redistributions of any form whatsoever must retain the following 350Sstevel@tonic-gate * acknowledgment: 360Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project 370Sstevel@tonic-gate * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 380Sstevel@tonic-gate * 390Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 400Sstevel@tonic-gate * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 410Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 420Sstevel@tonic-gate * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 430Sstevel@tonic-gate * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 440Sstevel@tonic-gate * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 450Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 460Sstevel@tonic-gate * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 470Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 480Sstevel@tonic-gate * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 490Sstevel@tonic-gate * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 500Sstevel@tonic-gate * OF THE POSSIBILITY OF SUCH DAMAGE. 510Sstevel@tonic-gate * ==================================================================== 520Sstevel@tonic-gate * 530Sstevel@tonic-gate * This product includes cryptographic software written by Eric Young 540Sstevel@tonic-gate * (eay@cryptsoft.com). This product includes software written by Tim 550Sstevel@tonic-gate * Hudson (tjh@cryptsoft.com). 560Sstevel@tonic-gate * 570Sstevel@tonic-gate */ 580Sstevel@tonic-gate #ifndef HEADER_X509V3_H 590Sstevel@tonic-gate #define HEADER_X509V3_H 600Sstevel@tonic-gate 610Sstevel@tonic-gate #include <openssl/bio.h> 620Sstevel@tonic-gate #include <openssl/x509.h> 630Sstevel@tonic-gate #include <openssl/conf.h> 640Sstevel@tonic-gate 650Sstevel@tonic-gate #ifdef __cplusplus 660Sstevel@tonic-gate extern "C" { 670Sstevel@tonic-gate #endif 680Sstevel@tonic-gate 690Sstevel@tonic-gate /* Forward reference */ 700Sstevel@tonic-gate struct v3_ext_method; 710Sstevel@tonic-gate struct v3_ext_ctx; 720Sstevel@tonic-gate 730Sstevel@tonic-gate /* Useful typedefs */ 740Sstevel@tonic-gate 750Sstevel@tonic-gate typedef void * (*X509V3_EXT_NEW)(void); 760Sstevel@tonic-gate typedef void (*X509V3_EXT_FREE)(void *); 77*2139Sjp161948 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); 780Sstevel@tonic-gate typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); 790Sstevel@tonic-gate typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); 800Sstevel@tonic-gate typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); 810Sstevel@tonic-gate typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); 82*2139Sjp161948 typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); 830Sstevel@tonic-gate typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); 84*2139Sjp161948 typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); 850Sstevel@tonic-gate 860Sstevel@tonic-gate /* V3 extension structure */ 870Sstevel@tonic-gate 880Sstevel@tonic-gate struct v3_ext_method { 890Sstevel@tonic-gate int ext_nid; 900Sstevel@tonic-gate int ext_flags; 910Sstevel@tonic-gate /* If this is set the following four fields are ignored */ 920Sstevel@tonic-gate ASN1_ITEM_EXP *it; 930Sstevel@tonic-gate /* Old style ASN1 calls */ 940Sstevel@tonic-gate X509V3_EXT_NEW ext_new; 950Sstevel@tonic-gate X509V3_EXT_FREE ext_free; 960Sstevel@tonic-gate X509V3_EXT_D2I d2i; 970Sstevel@tonic-gate X509V3_EXT_I2D i2d; 980Sstevel@tonic-gate 990Sstevel@tonic-gate /* The following pair is used for string extensions */ 1000Sstevel@tonic-gate X509V3_EXT_I2S i2s; 1010Sstevel@tonic-gate X509V3_EXT_S2I s2i; 1020Sstevel@tonic-gate 1030Sstevel@tonic-gate /* The following pair is used for multi-valued extensions */ 1040Sstevel@tonic-gate X509V3_EXT_I2V i2v; 1050Sstevel@tonic-gate X509V3_EXT_V2I v2i; 1060Sstevel@tonic-gate 1070Sstevel@tonic-gate /* The following are used for raw extensions */ 1080Sstevel@tonic-gate X509V3_EXT_I2R i2r; 1090Sstevel@tonic-gate X509V3_EXT_R2I r2i; 1100Sstevel@tonic-gate 1110Sstevel@tonic-gate void *usr_data; /* Any extension specific data */ 1120Sstevel@tonic-gate }; 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate typedef struct X509V3_CONF_METHOD_st { 1150Sstevel@tonic-gate char * (*get_string)(void *db, char *section, char *value); 1160Sstevel@tonic-gate STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); 1170Sstevel@tonic-gate void (*free_string)(void *db, char * string); 1180Sstevel@tonic-gate void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); 1190Sstevel@tonic-gate } X509V3_CONF_METHOD; 1200Sstevel@tonic-gate 1210Sstevel@tonic-gate /* Context specific info */ 1220Sstevel@tonic-gate struct v3_ext_ctx { 1230Sstevel@tonic-gate #define CTX_TEST 0x1 1240Sstevel@tonic-gate int flags; 1250Sstevel@tonic-gate X509 *issuer_cert; 1260Sstevel@tonic-gate X509 *subject_cert; 1270Sstevel@tonic-gate X509_REQ *subject_req; 1280Sstevel@tonic-gate X509_CRL *crl; 1290Sstevel@tonic-gate X509V3_CONF_METHOD *db_meth; 1300Sstevel@tonic-gate void *db; 1310Sstevel@tonic-gate /* Maybe more here */ 1320Sstevel@tonic-gate }; 1330Sstevel@tonic-gate 1340Sstevel@tonic-gate typedef struct v3_ext_method X509V3_EXT_METHOD; 1350Sstevel@tonic-gate 1360Sstevel@tonic-gate DECLARE_STACK_OF(X509V3_EXT_METHOD) 1370Sstevel@tonic-gate 1380Sstevel@tonic-gate /* ext_flags values */ 1390Sstevel@tonic-gate #define X509V3_EXT_DYNAMIC 0x1 1400Sstevel@tonic-gate #define X509V3_EXT_CTX_DEP 0x2 1410Sstevel@tonic-gate #define X509V3_EXT_MULTILINE 0x4 1420Sstevel@tonic-gate 1430Sstevel@tonic-gate typedef BIT_STRING_BITNAME ENUMERATED_NAMES; 1440Sstevel@tonic-gate 1450Sstevel@tonic-gate typedef struct BASIC_CONSTRAINTS_st { 1460Sstevel@tonic-gate int ca; 1470Sstevel@tonic-gate ASN1_INTEGER *pathlen; 1480Sstevel@tonic-gate } BASIC_CONSTRAINTS; 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate 1510Sstevel@tonic-gate typedef struct PKEY_USAGE_PERIOD_st { 1520Sstevel@tonic-gate ASN1_GENERALIZEDTIME *notBefore; 1530Sstevel@tonic-gate ASN1_GENERALIZEDTIME *notAfter; 1540Sstevel@tonic-gate } PKEY_USAGE_PERIOD; 1550Sstevel@tonic-gate 1560Sstevel@tonic-gate typedef struct otherName_st { 1570Sstevel@tonic-gate ASN1_OBJECT *type_id; 1580Sstevel@tonic-gate ASN1_TYPE *value; 1590Sstevel@tonic-gate } OTHERNAME; 1600Sstevel@tonic-gate 1610Sstevel@tonic-gate typedef struct EDIPartyName_st { 1620Sstevel@tonic-gate ASN1_STRING *nameAssigner; 1630Sstevel@tonic-gate ASN1_STRING *partyName; 1640Sstevel@tonic-gate } EDIPARTYNAME; 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate typedef struct GENERAL_NAME_st { 1670Sstevel@tonic-gate 1680Sstevel@tonic-gate #define GEN_OTHERNAME 0 1690Sstevel@tonic-gate #define GEN_EMAIL 1 1700Sstevel@tonic-gate #define GEN_DNS 2 1710Sstevel@tonic-gate #define GEN_X400 3 1720Sstevel@tonic-gate #define GEN_DIRNAME 4 1730Sstevel@tonic-gate #define GEN_EDIPARTY 5 1740Sstevel@tonic-gate #define GEN_URI 6 1750Sstevel@tonic-gate #define GEN_IPADD 7 1760Sstevel@tonic-gate #define GEN_RID 8 1770Sstevel@tonic-gate 1780Sstevel@tonic-gate int type; 1790Sstevel@tonic-gate union { 1800Sstevel@tonic-gate char *ptr; 1810Sstevel@tonic-gate OTHERNAME *otherName; /* otherName */ 1820Sstevel@tonic-gate ASN1_IA5STRING *rfc822Name; 1830Sstevel@tonic-gate ASN1_IA5STRING *dNSName; 1840Sstevel@tonic-gate ASN1_TYPE *x400Address; 1850Sstevel@tonic-gate X509_NAME *directoryName; 1860Sstevel@tonic-gate EDIPARTYNAME *ediPartyName; 1870Sstevel@tonic-gate ASN1_IA5STRING *uniformResourceIdentifier; 1880Sstevel@tonic-gate ASN1_OCTET_STRING *iPAddress; 1890Sstevel@tonic-gate ASN1_OBJECT *registeredID; 1900Sstevel@tonic-gate 1910Sstevel@tonic-gate /* Old names */ 1920Sstevel@tonic-gate ASN1_OCTET_STRING *ip; /* iPAddress */ 1930Sstevel@tonic-gate X509_NAME *dirn; /* dirn */ 1940Sstevel@tonic-gate ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ 1950Sstevel@tonic-gate ASN1_OBJECT *rid; /* registeredID */ 1960Sstevel@tonic-gate ASN1_TYPE *other; /* x400Address */ 1970Sstevel@tonic-gate } d; 1980Sstevel@tonic-gate } GENERAL_NAME; 1990Sstevel@tonic-gate 2000Sstevel@tonic-gate typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; 2010Sstevel@tonic-gate 2020Sstevel@tonic-gate typedef struct ACCESS_DESCRIPTION_st { 2030Sstevel@tonic-gate ASN1_OBJECT *method; 2040Sstevel@tonic-gate GENERAL_NAME *location; 2050Sstevel@tonic-gate } ACCESS_DESCRIPTION; 2060Sstevel@tonic-gate 2070Sstevel@tonic-gate typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; 2080Sstevel@tonic-gate 2090Sstevel@tonic-gate typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; 2100Sstevel@tonic-gate 2110Sstevel@tonic-gate DECLARE_STACK_OF(GENERAL_NAME) 2120Sstevel@tonic-gate DECLARE_ASN1_SET_OF(GENERAL_NAME) 2130Sstevel@tonic-gate 2140Sstevel@tonic-gate DECLARE_STACK_OF(ACCESS_DESCRIPTION) 2150Sstevel@tonic-gate DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) 2160Sstevel@tonic-gate 2170Sstevel@tonic-gate typedef struct DIST_POINT_NAME_st { 2180Sstevel@tonic-gate int type; 2190Sstevel@tonic-gate union { 2200Sstevel@tonic-gate GENERAL_NAMES *fullname; 2210Sstevel@tonic-gate STACK_OF(X509_NAME_ENTRY) *relativename; 2220Sstevel@tonic-gate } name; 2230Sstevel@tonic-gate } DIST_POINT_NAME; 2240Sstevel@tonic-gate 2250Sstevel@tonic-gate typedef struct DIST_POINT_st { 2260Sstevel@tonic-gate DIST_POINT_NAME *distpoint; 2270Sstevel@tonic-gate ASN1_BIT_STRING *reasons; 2280Sstevel@tonic-gate GENERAL_NAMES *CRLissuer; 2290Sstevel@tonic-gate } DIST_POINT; 2300Sstevel@tonic-gate 2310Sstevel@tonic-gate typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; 2320Sstevel@tonic-gate 2330Sstevel@tonic-gate DECLARE_STACK_OF(DIST_POINT) 2340Sstevel@tonic-gate DECLARE_ASN1_SET_OF(DIST_POINT) 2350Sstevel@tonic-gate 2360Sstevel@tonic-gate typedef struct AUTHORITY_KEYID_st { 2370Sstevel@tonic-gate ASN1_OCTET_STRING *keyid; 2380Sstevel@tonic-gate GENERAL_NAMES *issuer; 2390Sstevel@tonic-gate ASN1_INTEGER *serial; 2400Sstevel@tonic-gate } AUTHORITY_KEYID; 2410Sstevel@tonic-gate 2420Sstevel@tonic-gate /* Strong extranet structures */ 2430Sstevel@tonic-gate 2440Sstevel@tonic-gate typedef struct SXNET_ID_st { 2450Sstevel@tonic-gate ASN1_INTEGER *zone; 2460Sstevel@tonic-gate ASN1_OCTET_STRING *user; 2470Sstevel@tonic-gate } SXNETID; 2480Sstevel@tonic-gate 2490Sstevel@tonic-gate DECLARE_STACK_OF(SXNETID) 2500Sstevel@tonic-gate DECLARE_ASN1_SET_OF(SXNETID) 2510Sstevel@tonic-gate 2520Sstevel@tonic-gate typedef struct SXNET_st { 2530Sstevel@tonic-gate ASN1_INTEGER *version; 2540Sstevel@tonic-gate STACK_OF(SXNETID) *ids; 2550Sstevel@tonic-gate } SXNET; 2560Sstevel@tonic-gate 2570Sstevel@tonic-gate typedef struct NOTICEREF_st { 2580Sstevel@tonic-gate ASN1_STRING *organization; 2590Sstevel@tonic-gate STACK_OF(ASN1_INTEGER) *noticenos; 2600Sstevel@tonic-gate } NOTICEREF; 2610Sstevel@tonic-gate 2620Sstevel@tonic-gate typedef struct USERNOTICE_st { 2630Sstevel@tonic-gate NOTICEREF *noticeref; 2640Sstevel@tonic-gate ASN1_STRING *exptext; 2650Sstevel@tonic-gate } USERNOTICE; 2660Sstevel@tonic-gate 2670Sstevel@tonic-gate typedef struct POLICYQUALINFO_st { 2680Sstevel@tonic-gate ASN1_OBJECT *pqualid; 2690Sstevel@tonic-gate union { 2700Sstevel@tonic-gate ASN1_IA5STRING *cpsuri; 2710Sstevel@tonic-gate USERNOTICE *usernotice; 2720Sstevel@tonic-gate ASN1_TYPE *other; 2730Sstevel@tonic-gate } d; 2740Sstevel@tonic-gate } POLICYQUALINFO; 2750Sstevel@tonic-gate 2760Sstevel@tonic-gate DECLARE_STACK_OF(POLICYQUALINFO) 2770Sstevel@tonic-gate DECLARE_ASN1_SET_OF(POLICYQUALINFO) 2780Sstevel@tonic-gate 2790Sstevel@tonic-gate typedef struct POLICYINFO_st { 2800Sstevel@tonic-gate ASN1_OBJECT *policyid; 2810Sstevel@tonic-gate STACK_OF(POLICYQUALINFO) *qualifiers; 2820Sstevel@tonic-gate } POLICYINFO; 2830Sstevel@tonic-gate 2840Sstevel@tonic-gate typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; 2850Sstevel@tonic-gate 2860Sstevel@tonic-gate DECLARE_STACK_OF(POLICYINFO) 2870Sstevel@tonic-gate DECLARE_ASN1_SET_OF(POLICYINFO) 2880Sstevel@tonic-gate 289*2139Sjp161948 typedef struct POLICY_MAPPING_st { 290*2139Sjp161948 ASN1_OBJECT *issuerDomainPolicy; 291*2139Sjp161948 ASN1_OBJECT *subjectDomainPolicy; 292*2139Sjp161948 } POLICY_MAPPING; 293*2139Sjp161948 294*2139Sjp161948 DECLARE_STACK_OF(POLICY_MAPPING) 295*2139Sjp161948 296*2139Sjp161948 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; 297*2139Sjp161948 298*2139Sjp161948 typedef struct GENERAL_SUBTREE_st { 299*2139Sjp161948 GENERAL_NAME *base; 300*2139Sjp161948 ASN1_INTEGER *minimum; 301*2139Sjp161948 ASN1_INTEGER *maximum; 302*2139Sjp161948 } GENERAL_SUBTREE; 303*2139Sjp161948 304*2139Sjp161948 DECLARE_STACK_OF(GENERAL_SUBTREE) 305*2139Sjp161948 306*2139Sjp161948 typedef struct NAME_CONSTRAINTS_st { 307*2139Sjp161948 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; 308*2139Sjp161948 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; 309*2139Sjp161948 } NAME_CONSTRAINTS; 310*2139Sjp161948 311*2139Sjp161948 typedef struct POLICY_CONSTRAINTS_st { 312*2139Sjp161948 ASN1_INTEGER *requireExplicitPolicy; 313*2139Sjp161948 ASN1_INTEGER *inhibitPolicyMapping; 314*2139Sjp161948 } POLICY_CONSTRAINTS; 315*2139Sjp161948 316*2139Sjp161948 /* Proxy certificate structures, see RFC 3820 */ 317*2139Sjp161948 typedef struct PROXY_POLICY_st 318*2139Sjp161948 { 319*2139Sjp161948 ASN1_OBJECT *policyLanguage; 320*2139Sjp161948 ASN1_OCTET_STRING *policy; 321*2139Sjp161948 } PROXY_POLICY; 322*2139Sjp161948 323*2139Sjp161948 typedef struct PROXY_CERT_INFO_EXTENSION_st 324*2139Sjp161948 { 325*2139Sjp161948 ASN1_INTEGER *pcPathLengthConstraint; 326*2139Sjp161948 PROXY_POLICY *proxyPolicy; 327*2139Sjp161948 } PROXY_CERT_INFO_EXTENSION; 328*2139Sjp161948 329*2139Sjp161948 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) 330*2139Sjp161948 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) 331*2139Sjp161948 332*2139Sjp161948 3330Sstevel@tonic-gate #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ 3340Sstevel@tonic-gate ",name:", val->name, ",value:", val->value); 3350Sstevel@tonic-gate 3360Sstevel@tonic-gate #define X509V3_set_ctx_test(ctx) \ 3370Sstevel@tonic-gate X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) 3380Sstevel@tonic-gate #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; 3390Sstevel@tonic-gate 3400Sstevel@tonic-gate #define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ 3410Sstevel@tonic-gate 0,0,0,0, \ 3420Sstevel@tonic-gate 0,0, \ 3430Sstevel@tonic-gate (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ 3440Sstevel@tonic-gate (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ 3450Sstevel@tonic-gate NULL, NULL, \ 3460Sstevel@tonic-gate table} 3470Sstevel@tonic-gate 3480Sstevel@tonic-gate #define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ 3490Sstevel@tonic-gate 0,0,0,0, \ 3500Sstevel@tonic-gate (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ 3510Sstevel@tonic-gate (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ 3520Sstevel@tonic-gate 0,0,0,0, \ 3530Sstevel@tonic-gate NULL} 3540Sstevel@tonic-gate 3550Sstevel@tonic-gate #define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 3560Sstevel@tonic-gate 3570Sstevel@tonic-gate 3580Sstevel@tonic-gate /* X509_PURPOSE stuff */ 3590Sstevel@tonic-gate 3600Sstevel@tonic-gate #define EXFLAG_BCONS 0x1 3610Sstevel@tonic-gate #define EXFLAG_KUSAGE 0x2 3620Sstevel@tonic-gate #define EXFLAG_XKUSAGE 0x4 3630Sstevel@tonic-gate #define EXFLAG_NSCERT 0x8 3640Sstevel@tonic-gate 3650Sstevel@tonic-gate #define EXFLAG_CA 0x10 3660Sstevel@tonic-gate #define EXFLAG_SS 0x20 3670Sstevel@tonic-gate #define EXFLAG_V1 0x40 3680Sstevel@tonic-gate #define EXFLAG_INVALID 0x80 3690Sstevel@tonic-gate #define EXFLAG_SET 0x100 3700Sstevel@tonic-gate #define EXFLAG_CRITICAL 0x200 371*2139Sjp161948 #define EXFLAG_PROXY 0x400 372*2139Sjp161948 373*2139Sjp161948 #define EXFLAG_INVALID_POLICY 0x400 3740Sstevel@tonic-gate 3750Sstevel@tonic-gate #define KU_DIGITAL_SIGNATURE 0x0080 3760Sstevel@tonic-gate #define KU_NON_REPUDIATION 0x0040 3770Sstevel@tonic-gate #define KU_KEY_ENCIPHERMENT 0x0020 3780Sstevel@tonic-gate #define KU_DATA_ENCIPHERMENT 0x0010 3790Sstevel@tonic-gate #define KU_KEY_AGREEMENT 0x0008 3800Sstevel@tonic-gate #define KU_KEY_CERT_SIGN 0x0004 3810Sstevel@tonic-gate #define KU_CRL_SIGN 0x0002 3820Sstevel@tonic-gate #define KU_ENCIPHER_ONLY 0x0001 3830Sstevel@tonic-gate #define KU_DECIPHER_ONLY 0x8000 3840Sstevel@tonic-gate 3850Sstevel@tonic-gate #define NS_SSL_CLIENT 0x80 3860Sstevel@tonic-gate #define NS_SSL_SERVER 0x40 3870Sstevel@tonic-gate #define NS_SMIME 0x20 3880Sstevel@tonic-gate #define NS_OBJSIGN 0x10 3890Sstevel@tonic-gate #define NS_SSL_CA 0x04 3900Sstevel@tonic-gate #define NS_SMIME_CA 0x02 3910Sstevel@tonic-gate #define NS_OBJSIGN_CA 0x01 3920Sstevel@tonic-gate #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) 3930Sstevel@tonic-gate 3940Sstevel@tonic-gate #define XKU_SSL_SERVER 0x1 3950Sstevel@tonic-gate #define XKU_SSL_CLIENT 0x2 3960Sstevel@tonic-gate #define XKU_SMIME 0x4 3970Sstevel@tonic-gate #define XKU_CODE_SIGN 0x8 3980Sstevel@tonic-gate #define XKU_SGC 0x10 3990Sstevel@tonic-gate #define XKU_OCSP_SIGN 0x20 4000Sstevel@tonic-gate #define XKU_TIMESTAMP 0x40 4010Sstevel@tonic-gate #define XKU_DVCS 0x80 4020Sstevel@tonic-gate 4030Sstevel@tonic-gate #define X509_PURPOSE_DYNAMIC 0x1 4040Sstevel@tonic-gate #define X509_PURPOSE_DYNAMIC_NAME 0x2 4050Sstevel@tonic-gate 4060Sstevel@tonic-gate typedef struct x509_purpose_st { 4070Sstevel@tonic-gate int purpose; 4080Sstevel@tonic-gate int trust; /* Default trust ID */ 4090Sstevel@tonic-gate int flags; 4100Sstevel@tonic-gate int (*check_purpose)(const struct x509_purpose_st *, 4110Sstevel@tonic-gate const X509 *, int); 4120Sstevel@tonic-gate char *name; 4130Sstevel@tonic-gate char *sname; 4140Sstevel@tonic-gate void *usr_data; 4150Sstevel@tonic-gate } X509_PURPOSE; 4160Sstevel@tonic-gate 4170Sstevel@tonic-gate #define X509_PURPOSE_SSL_CLIENT 1 4180Sstevel@tonic-gate #define X509_PURPOSE_SSL_SERVER 2 4190Sstevel@tonic-gate #define X509_PURPOSE_NS_SSL_SERVER 3 4200Sstevel@tonic-gate #define X509_PURPOSE_SMIME_SIGN 4 4210Sstevel@tonic-gate #define X509_PURPOSE_SMIME_ENCRYPT 5 4220Sstevel@tonic-gate #define X509_PURPOSE_CRL_SIGN 6 4230Sstevel@tonic-gate #define X509_PURPOSE_ANY 7 4240Sstevel@tonic-gate #define X509_PURPOSE_OCSP_HELPER 8 4250Sstevel@tonic-gate 4260Sstevel@tonic-gate #define X509_PURPOSE_MIN 1 4270Sstevel@tonic-gate #define X509_PURPOSE_MAX 8 4280Sstevel@tonic-gate 4290Sstevel@tonic-gate /* Flags for X509V3_EXT_print() */ 4300Sstevel@tonic-gate 4310Sstevel@tonic-gate #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) 4320Sstevel@tonic-gate /* Return error for unknown extensions */ 4330Sstevel@tonic-gate #define X509V3_EXT_DEFAULT 0 4340Sstevel@tonic-gate /* Print error for unknown extensions */ 4350Sstevel@tonic-gate #define X509V3_EXT_ERROR_UNKNOWN (1L << 16) 4360Sstevel@tonic-gate /* ASN1 parse unknown extensions */ 4370Sstevel@tonic-gate #define X509V3_EXT_PARSE_UNKNOWN (2L << 16) 4380Sstevel@tonic-gate /* BIO_dump unknown extensions */ 4390Sstevel@tonic-gate #define X509V3_EXT_DUMP_UNKNOWN (3L << 16) 4400Sstevel@tonic-gate 4410Sstevel@tonic-gate /* Flags for X509V3_add1_i2d */ 4420Sstevel@tonic-gate 4430Sstevel@tonic-gate #define X509V3_ADD_OP_MASK 0xfL 4440Sstevel@tonic-gate #define X509V3_ADD_DEFAULT 0L 4450Sstevel@tonic-gate #define X509V3_ADD_APPEND 1L 4460Sstevel@tonic-gate #define X509V3_ADD_REPLACE 2L 4470Sstevel@tonic-gate #define X509V3_ADD_REPLACE_EXISTING 3L 4480Sstevel@tonic-gate #define X509V3_ADD_KEEP_EXISTING 4L 4490Sstevel@tonic-gate #define X509V3_ADD_DELETE 5L 4500Sstevel@tonic-gate #define X509V3_ADD_SILENT 0x10 4510Sstevel@tonic-gate 4520Sstevel@tonic-gate DECLARE_STACK_OF(X509_PURPOSE) 4530Sstevel@tonic-gate 4540Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) 4550Sstevel@tonic-gate 4560Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(SXNET) 4570Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(SXNETID) 4580Sstevel@tonic-gate 4590Sstevel@tonic-gate int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 4600Sstevel@tonic-gate int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 4610Sstevel@tonic-gate int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 4620Sstevel@tonic-gate 4630Sstevel@tonic-gate ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); 4640Sstevel@tonic-gate ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); 4650Sstevel@tonic-gate ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); 4660Sstevel@tonic-gate 4670Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) 4680Sstevel@tonic-gate 4690Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) 4700Sstevel@tonic-gate 4710Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) 4720Sstevel@tonic-gate 473*2139Sjp161948 474*2139Sjp161948 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 475*2139Sjp161948 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 476*2139Sjp161948 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 477*2139Sjp161948 ASN1_BIT_STRING *bits, 478*2139Sjp161948 STACK_OF(CONF_VALUE) *extlist); 479*2139Sjp161948 4800Sstevel@tonic-gate STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); 4810Sstevel@tonic-gate int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); 4820Sstevel@tonic-gate 4830Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) 4840Sstevel@tonic-gate 4850Sstevel@tonic-gate STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, 4860Sstevel@tonic-gate GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); 4870Sstevel@tonic-gate GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, 4880Sstevel@tonic-gate X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 4890Sstevel@tonic-gate 4900Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(OTHERNAME) 4910Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) 4920Sstevel@tonic-gate 4930Sstevel@tonic-gate char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); 4940Sstevel@tonic-gate ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 4950Sstevel@tonic-gate 4960Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) 4970Sstevel@tonic-gate int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); 4980Sstevel@tonic-gate 4990Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) 5000Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(POLICYINFO) 5010Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) 5020Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(USERNOTICE) 5030Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(NOTICEREF) 5040Sstevel@tonic-gate 5050Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) 5060Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(DIST_POINT) 5070Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) 5080Sstevel@tonic-gate 5090Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) 5100Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) 5110Sstevel@tonic-gate 512*2139Sjp161948 DECLARE_ASN1_ITEM(POLICY_MAPPING) 513*2139Sjp161948 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) 514*2139Sjp161948 DECLARE_ASN1_ITEM(POLICY_MAPPINGS) 515*2139Sjp161948 516*2139Sjp161948 DECLARE_ASN1_ITEM(GENERAL_SUBTREE) 517*2139Sjp161948 DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) 518*2139Sjp161948 519*2139Sjp161948 DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) 520*2139Sjp161948 DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) 521*2139Sjp161948 522*2139Sjp161948 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) 523*2139Sjp161948 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) 524*2139Sjp161948 5250Sstevel@tonic-gate #ifdef HEADER_CONF_H 526*2139Sjp161948 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 527*2139Sjp161948 CONF_VALUE *cnf); 528*2139Sjp161948 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, 529*2139Sjp161948 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); 5300Sstevel@tonic-gate void X509V3_conf_free(CONF_VALUE *val); 5310Sstevel@tonic-gate 5320Sstevel@tonic-gate X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); 5330Sstevel@tonic-gate X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); 5340Sstevel@tonic-gate int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); 5350Sstevel@tonic-gate int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); 5360Sstevel@tonic-gate int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); 5370Sstevel@tonic-gate int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); 5380Sstevel@tonic-gate 5390Sstevel@tonic-gate X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); 5400Sstevel@tonic-gate X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); 5410Sstevel@tonic-gate int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); 5420Sstevel@tonic-gate int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); 5430Sstevel@tonic-gate int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); 5440Sstevel@tonic-gate 5450Sstevel@tonic-gate int X509V3_add_value_bool_nf(char *name, int asn1_bool, 5460Sstevel@tonic-gate STACK_OF(CONF_VALUE) **extlist); 5470Sstevel@tonic-gate int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); 5480Sstevel@tonic-gate int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); 5490Sstevel@tonic-gate void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); 5500Sstevel@tonic-gate void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); 5510Sstevel@tonic-gate #endif 5520Sstevel@tonic-gate 5530Sstevel@tonic-gate char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); 5540Sstevel@tonic-gate STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); 5550Sstevel@tonic-gate void X509V3_string_free(X509V3_CTX *ctx, char *str); 5560Sstevel@tonic-gate void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); 5570Sstevel@tonic-gate void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 5580Sstevel@tonic-gate X509_REQ *req, X509_CRL *crl, int flags); 5590Sstevel@tonic-gate 5600Sstevel@tonic-gate int X509V3_add_value(const char *name, const char *value, 5610Sstevel@tonic-gate STACK_OF(CONF_VALUE) **extlist); 5620Sstevel@tonic-gate int X509V3_add_value_uchar(const char *name, const unsigned char *value, 5630Sstevel@tonic-gate STACK_OF(CONF_VALUE) **extlist); 5640Sstevel@tonic-gate int X509V3_add_value_bool(const char *name, int asn1_bool, 5650Sstevel@tonic-gate STACK_OF(CONF_VALUE) **extlist); 5660Sstevel@tonic-gate int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, 5670Sstevel@tonic-gate STACK_OF(CONF_VALUE) **extlist); 5680Sstevel@tonic-gate char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); 5690Sstevel@tonic-gate ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); 5700Sstevel@tonic-gate char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); 5710Sstevel@tonic-gate char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); 5720Sstevel@tonic-gate int X509V3_EXT_add(X509V3_EXT_METHOD *ext); 5730Sstevel@tonic-gate int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); 5740Sstevel@tonic-gate int X509V3_EXT_add_alias(int nid_to, int nid_from); 5750Sstevel@tonic-gate void X509V3_EXT_cleanup(void); 5760Sstevel@tonic-gate 5770Sstevel@tonic-gate X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); 5780Sstevel@tonic-gate X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); 5790Sstevel@tonic-gate int X509V3_add_standard_extensions(void); 5800Sstevel@tonic-gate STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); 5810Sstevel@tonic-gate void *X509V3_EXT_d2i(X509_EXTENSION *ext); 5820Sstevel@tonic-gate void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); 5830Sstevel@tonic-gate 5840Sstevel@tonic-gate 5850Sstevel@tonic-gate X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); 5860Sstevel@tonic-gate int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); 5870Sstevel@tonic-gate 5880Sstevel@tonic-gate char *hex_to_string(unsigned char *buffer, long len); 5890Sstevel@tonic-gate unsigned char *string_to_hex(char *str, long *len); 5900Sstevel@tonic-gate int name_cmp(const char *name, const char *cmp); 5910Sstevel@tonic-gate 5920Sstevel@tonic-gate void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, 5930Sstevel@tonic-gate int ml); 5940Sstevel@tonic-gate int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); 5950Sstevel@tonic-gate int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); 5960Sstevel@tonic-gate 5970Sstevel@tonic-gate int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); 5980Sstevel@tonic-gate 599*2139Sjp161948 int X509_check_ca(X509 *x); 6000Sstevel@tonic-gate int X509_check_purpose(X509 *x, int id, int ca); 6010Sstevel@tonic-gate int X509_supported_extension(X509_EXTENSION *ex); 6020Sstevel@tonic-gate int X509_PURPOSE_set(int *p, int purpose); 6030Sstevel@tonic-gate int X509_check_issued(X509 *issuer, X509 *subject); 6040Sstevel@tonic-gate int X509_PURPOSE_get_count(void); 6050Sstevel@tonic-gate X509_PURPOSE * X509_PURPOSE_get0(int idx); 6060Sstevel@tonic-gate int X509_PURPOSE_get_by_sname(char *sname); 6070Sstevel@tonic-gate int X509_PURPOSE_get_by_id(int id); 6080Sstevel@tonic-gate int X509_PURPOSE_add(int id, int trust, int flags, 6090Sstevel@tonic-gate int (*ck)(const X509_PURPOSE *, const X509 *, int), 6100Sstevel@tonic-gate char *name, char *sname, void *arg); 6110Sstevel@tonic-gate char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); 6120Sstevel@tonic-gate char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); 6130Sstevel@tonic-gate int X509_PURPOSE_get_trust(X509_PURPOSE *xp); 6140Sstevel@tonic-gate void X509_PURPOSE_cleanup(void); 6150Sstevel@tonic-gate int X509_PURPOSE_get_id(X509_PURPOSE *); 6160Sstevel@tonic-gate 6170Sstevel@tonic-gate STACK *X509_get1_email(X509 *x); 6180Sstevel@tonic-gate STACK *X509_REQ_get1_email(X509_REQ *x); 6190Sstevel@tonic-gate void X509_email_free(STACK *sk); 6200Sstevel@tonic-gate 621*2139Sjp161948 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); 622*2139Sjp161948 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); 623*2139Sjp161948 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, 624*2139Sjp161948 unsigned long chtype); 625*2139Sjp161948 626*2139Sjp161948 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); 6270Sstevel@tonic-gate 6280Sstevel@tonic-gate /* BEGIN ERROR CODES */ 6290Sstevel@tonic-gate /* The following lines are auto generated by the script mkerr.pl. Any changes 6300Sstevel@tonic-gate * made after this point may be overwritten when the script is next run. 6310Sstevel@tonic-gate */ 6320Sstevel@tonic-gate void ERR_load_X509V3_strings(void); 6330Sstevel@tonic-gate 6340Sstevel@tonic-gate /* Error codes for the X509V3 functions. */ 6350Sstevel@tonic-gate 6360Sstevel@tonic-gate /* Function codes. */ 6370Sstevel@tonic-gate #define X509V3_F_COPY_EMAIL 122 6380Sstevel@tonic-gate #define X509V3_F_COPY_ISSUER 123 639*2139Sjp161948 #define X509V3_F_DO_DIRNAME 144 6400Sstevel@tonic-gate #define X509V3_F_DO_EXT_CONF 124 6410Sstevel@tonic-gate #define X509V3_F_DO_EXT_I2D 135 642*2139Sjp161948 #define X509V3_F_DO_EXT_NCONF 151 643*2139Sjp161948 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 6440Sstevel@tonic-gate #define X509V3_F_HEX_TO_STRING 111 6450Sstevel@tonic-gate #define X509V3_F_I2S_ASN1_ENUMERATED 121 646*2139Sjp161948 #define X509V3_F_I2S_ASN1_IA5STRING 149 6470Sstevel@tonic-gate #define X509V3_F_I2S_ASN1_INTEGER 120 6480Sstevel@tonic-gate #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 6490Sstevel@tonic-gate #define X509V3_F_NOTICE_SECTION 132 6500Sstevel@tonic-gate #define X509V3_F_NREF_NOS 133 6510Sstevel@tonic-gate #define X509V3_F_POLICY_SECTION 131 652*2139Sjp161948 #define X509V3_F_PROCESS_PCI_VALUE 150 6530Sstevel@tonic-gate #define X509V3_F_R2I_CERTPOL 130 654*2139Sjp161948 #define X509V3_F_R2I_PCI 149 6550Sstevel@tonic-gate #define X509V3_F_S2I_ASN1_IA5STRING 100 6560Sstevel@tonic-gate #define X509V3_F_S2I_ASN1_INTEGER 108 6570Sstevel@tonic-gate #define X509V3_F_S2I_ASN1_OCTET_STRING 112 6580Sstevel@tonic-gate #define X509V3_F_S2I_ASN1_SKEY_ID 114 659*2139Sjp161948 #define X509V3_F_S2I_SKEY_ID 115 6600Sstevel@tonic-gate #define X509V3_F_STRING_TO_HEX 113 661*2139Sjp161948 #define X509V3_F_SXNET_ADD_ID_ASC 125 6620Sstevel@tonic-gate #define X509V3_F_SXNET_ADD_ID_INTEGER 126 6630Sstevel@tonic-gate #define X509V3_F_SXNET_ADD_ID_ULONG 127 6640Sstevel@tonic-gate #define X509V3_F_SXNET_GET_ID_ASC 128 6650Sstevel@tonic-gate #define X509V3_F_SXNET_GET_ID_ULONG 129 6660Sstevel@tonic-gate #define X509V3_F_V2I_ASN1_BIT_STRING 101 667*2139Sjp161948 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 6680Sstevel@tonic-gate #define X509V3_F_V2I_AUTHORITY_KEYID 119 6690Sstevel@tonic-gate #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 6700Sstevel@tonic-gate #define X509V3_F_V2I_CRLD 134 671*2139Sjp161948 #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 6720Sstevel@tonic-gate #define X509V3_F_V2I_GENERAL_NAMES 118 673*2139Sjp161948 #define X509V3_F_V2I_GENERAL_NAME_EX 117 674*2139Sjp161948 #define X509V3_F_V2I_ISSUER_ALT 153 675*2139Sjp161948 #define X509V3_F_V2I_NAME_CONSTRAINTS 147 676*2139Sjp161948 #define X509V3_F_V2I_POLICY_CONSTRAINTS 146 677*2139Sjp161948 #define X509V3_F_V2I_POLICY_MAPPINGS 145 678*2139Sjp161948 #define X509V3_F_V2I_SUBJECT_ALT 154 6790Sstevel@tonic-gate #define X509V3_F_V3_GENERIC_EXTENSION 116 680*2139Sjp161948 #define X509V3_F_X509V3_ADD1_I2D 140 6810Sstevel@tonic-gate #define X509V3_F_X509V3_ADD_VALUE 105 6820Sstevel@tonic-gate #define X509V3_F_X509V3_EXT_ADD 104 6830Sstevel@tonic-gate #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 6840Sstevel@tonic-gate #define X509V3_F_X509V3_EXT_CONF 107 6850Sstevel@tonic-gate #define X509V3_F_X509V3_EXT_I2D 136 686*2139Sjp161948 #define X509V3_F_X509V3_EXT_NCONF 152 687*2139Sjp161948 #define X509V3_F_X509V3_GET_SECTION 142 688*2139Sjp161948 #define X509V3_F_X509V3_GET_STRING 143 6890Sstevel@tonic-gate #define X509V3_F_X509V3_GET_VALUE_BOOL 110 6900Sstevel@tonic-gate #define X509V3_F_X509V3_PARSE_LIST 109 6910Sstevel@tonic-gate #define X509V3_F_X509_PURPOSE_ADD 137 6920Sstevel@tonic-gate #define X509V3_F_X509_PURPOSE_SET 141 6930Sstevel@tonic-gate 6940Sstevel@tonic-gate /* Reason codes. */ 6950Sstevel@tonic-gate #define X509V3_R_BAD_IP_ADDRESS 118 6960Sstevel@tonic-gate #define X509V3_R_BAD_OBJECT 119 6970Sstevel@tonic-gate #define X509V3_R_BN_DEC2BN_ERROR 100 6980Sstevel@tonic-gate #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 699*2139Sjp161948 #define X509V3_R_DIRNAME_ERROR 149 7000Sstevel@tonic-gate #define X509V3_R_DUPLICATE_ZONE_ID 133 7010Sstevel@tonic-gate #define X509V3_R_ERROR_CONVERTING_ZONE 131 7020Sstevel@tonic-gate #define X509V3_R_ERROR_CREATING_EXTENSION 144 7030Sstevel@tonic-gate #define X509V3_R_ERROR_IN_EXTENSION 128 7040Sstevel@tonic-gate #define X509V3_R_EXPECTED_A_SECTION_NAME 137 7050Sstevel@tonic-gate #define X509V3_R_EXTENSION_EXISTS 145 7060Sstevel@tonic-gate #define X509V3_R_EXTENSION_NAME_ERROR 115 7070Sstevel@tonic-gate #define X509V3_R_EXTENSION_NOT_FOUND 102 7080Sstevel@tonic-gate #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 7090Sstevel@tonic-gate #define X509V3_R_EXTENSION_VALUE_ERROR 116 710*2139Sjp161948 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 7110Sstevel@tonic-gate #define X509V3_R_ILLEGAL_HEX_DIGIT 113 712*2139Sjp161948 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 7130Sstevel@tonic-gate #define X509V3_R_INVALID_BOOLEAN_STRING 104 7140Sstevel@tonic-gate #define X509V3_R_INVALID_EXTENSION_STRING 105 7150Sstevel@tonic-gate #define X509V3_R_INVALID_NAME 106 7160Sstevel@tonic-gate #define X509V3_R_INVALID_NULL_ARGUMENT 107 7170Sstevel@tonic-gate #define X509V3_R_INVALID_NULL_NAME 108 7180Sstevel@tonic-gate #define X509V3_R_INVALID_NULL_VALUE 109 7190Sstevel@tonic-gate #define X509V3_R_INVALID_NUMBER 140 7200Sstevel@tonic-gate #define X509V3_R_INVALID_NUMBERS 141 7210Sstevel@tonic-gate #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 7220Sstevel@tonic-gate #define X509V3_R_INVALID_OPTION 138 7230Sstevel@tonic-gate #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 724*2139Sjp161948 #define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 7250Sstevel@tonic-gate #define X509V3_R_INVALID_PURPOSE 146 7260Sstevel@tonic-gate #define X509V3_R_INVALID_SECTION 135 7270Sstevel@tonic-gate #define X509V3_R_INVALID_SYNTAX 143 7280Sstevel@tonic-gate #define X509V3_R_ISSUER_DECODE_ERROR 126 7290Sstevel@tonic-gate #define X509V3_R_MISSING_VALUE 124 7300Sstevel@tonic-gate #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 7310Sstevel@tonic-gate #define X509V3_R_NO_CONFIG_DATABASE 136 7320Sstevel@tonic-gate #define X509V3_R_NO_ISSUER_CERTIFICATE 121 7330Sstevel@tonic-gate #define X509V3_R_NO_ISSUER_DETAILS 127 7340Sstevel@tonic-gate #define X509V3_R_NO_POLICY_IDENTIFIER 139 735*2139Sjp161948 #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 7360Sstevel@tonic-gate #define X509V3_R_NO_PUBLIC_KEY 114 7370Sstevel@tonic-gate #define X509V3_R_NO_SUBJECT_DETAILS 125 7380Sstevel@tonic-gate #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 739*2139Sjp161948 #define X509V3_R_OPERATION_NOT_DEFINED 148 740*2139Sjp161948 #define X509V3_R_OTHERNAME_ERROR 147 741*2139Sjp161948 #define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 742*2139Sjp161948 #define X509V3_R_POLICY_PATH_LENGTH 156 743*2139Sjp161948 #define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 744*2139Sjp161948 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 745*2139Sjp161948 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 746*2139Sjp161948 #define X509V3_R_SECTION_NOT_FOUND 150 7470Sstevel@tonic-gate #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 7480Sstevel@tonic-gate #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 7490Sstevel@tonic-gate #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 7500Sstevel@tonic-gate #define X509V3_R_UNKNOWN_EXTENSION 129 7510Sstevel@tonic-gate #define X509V3_R_UNKNOWN_EXTENSION_NAME 130 7520Sstevel@tonic-gate #define X509V3_R_UNKNOWN_OPTION 120 7530Sstevel@tonic-gate #define X509V3_R_UNSUPPORTED_OPTION 117 7540Sstevel@tonic-gate #define X509V3_R_USER_TOO_LONG 132 7550Sstevel@tonic-gate 7560Sstevel@tonic-gate #ifdef __cplusplus 7570Sstevel@tonic-gate } 7580Sstevel@tonic-gate #endif 7590Sstevel@tonic-gate #endif 760