*** UNIX MANUAL PAGE BROWSER ***

X509_EXTENSION_SET_OBJECT(3) FreeBSD Library Functions Manual NAME X509_EXTENSION_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data, X509_supported_extension - create, change, and inspect X.509 Extension objects SYNOPSIS #include <openssl/x509.h> X509_EXTENSION * X509_EXTENSION_new(void); X509_EXTENSION * X509_EXTENSION_dup(X509_EXTENSION *ex); void X509_EXTENSION_free(X509_EXTENSION *ex); X509_EXTENSION * X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data); X509_EXTENSION * X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data); int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); ASN1_OCTET_STRING * X509_EXTENSION_get_data(X509_EXTENSION *ex); int X509_supported_extension(X509_EXTENSION *ex); DESCRIPTION X509_EXTENSION_new() allocates and initializes an empty X509_EXTENSION object, representing an ASN.1 Extension structure defined in RFC 5280 section 4.1. It is a wrapper object around specific extension objects of different types and stores an extension type identifier and a criticality flag in addition to the DER-encoded form of the wrapped object. X509_EXTENSION objects can be used for X.509 v3 certificates inside X509_CINF objects and for X.509 v2 certificate revocation lists inside X509_CRL_INFO and X509_REVOKED objects. X509_EXTENSION_dup() creates a deep copy of ex using ASN1_item_dup(3). X509_EXTENSION_free() frees ex and all objects it is using. X509_EXTENSION_create_by_NID() creates an extension of type nid and criticality crit using data data. The created extension is returned and written to *ex reusing or allocating a new extension if necessary, so *ex should either be NULL or a valid X509_EXTENSION structure. It must not be an uninitialised pointer. X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID() except that it creates an extension using obj instead of a NID. X509_EXTENSION_set_object() sets the extension type of ex to obj. The obj pointer is duplicated internally so obj should be freed up after use. X509_EXTENSION_set_critical() sets the criticality of ex to crit. If crit is zero, the extension in non-critical, otherwise it is critical. X509_EXTENSION_set_data() sets the data in extension ex to data. The data pointer is duplicated internally. X509_EXTENSION_get_object() returns the extension type of ex as an ASN1_OBJECT pointer. The returned pointer is an internal value which must not be freed up. X509_EXTENSION_get_critical() tests whether ex is critical. X509_EXTENSION_get_data() returns the data of extension ex. The returned pointer is an internal value which must not be freed up. X509_supported_extension() checks whether ex is of a type supported by the verifier. The list of supported extension types is hardcoded into the library. If an extension is critical but unsupported, the certificate will normally be rejected. These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d(3) and X509_get_ext_d2i(3). The data associated with an extension is the extension encoding in an ASN1_OCTET_STRING structure. RETURN VALUES X509_EXTENSION_new(), X509_EXTENSION_dup(), X509_EXTENSION_create_by_NID(), and X509_EXTENSION_create_by_OBJ() return an X509_EXTENSION pointer or NULL if an error occurs. X509_EXTENSION_set_object(), X509_EXTENSION_set_critical(), and X509_EXTENSION_set_data() return 1 for success or 0 for failure. X509_EXTENSION_get_object() returns an ASN1_OBJECT pointer. X509_EXTENSION_get_critical() returns 0 for non-critical or 1 for critical. X509_EXTENSION_get_data() returns an ASN1_OCTET_STRING pointer. X509_supported_extension() returns 1 if the type of ex is supported by the verifier or 0 otherwise. SEE ALSO ACCESS_DESCRIPTION_new(3), AUTHORITY_KEYID_new(3), BASIC_CONSTRAINTS_new(3), d2i_X509_EXTENSION(3), DIST_POINT_new(3), ESS_SIGNING_CERT_new(3), EXTENDED_KEY_USAGE_new(3), GENERAL_NAME_new(3), NAME_CONSTRAINTS_new(3), OCSP_CRLID_new(3), OCSP_SERVICELOC_new(3), PKEY_USAGE_PERIOD_new(3), POLICYINFO_new(3), TS_REQ_new(3), X509_check_ca(3), X509_check_host(3), X509_check_issued(3), X509_get_extension_flags(3), X509_REQ_add_extensions(3), X509V3_EXT_get_nid(3), X509V3_EXT_print(3), X509V3_extensions_print(3), X509V3_get_d2i(3), X509v3_get_ext_by_NID(3) STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile HISTORY X509_EXTENSION_new() and X509_EXTENSION_free() first appeared in SSLeay 0.6.2, X509_EXTENSION_dup() in SSLeay 0.6.5, and X509_EXTENSION_create_by_NID(), X509_EXTENSION_create_by_OBJ(), X509_EXTENSION_set_object(), X509_EXTENSION_set_critical(), X509_EXTENSION_set_data(), X509_EXTENSION_get_object(), X509_EXTENSION_get_critical(), and X509_EXTENSION_get_data() in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4. X509_supported_extension() first appeared in OpenSSL 0.9.7 and has been available since OpenBSD 3.2. FreeBSD 14.1-RELEASE-p8 December 28, 2024 FreeBSD 14.1-RELEASE-p8