NAME¶

X509_keyid_set1, X509_keyid_get0, X509_alias_set1, X509_alias_get0 — auxiliary certificate data for PKCS#12

SYNOPSIS¶

#include <openssl/x509.h>

int
X509_keyid_set1(X509 *x, const unsigned char *data, int len);

unsigned char *
X509_keyid_get0(X509 *x, int *plen);

int
X509_alias_set1(X509 *x, const unsigned char *data, int len);

unsigned char *
X509_alias_get0(X509 *x, int *plen);

DESCRIPTION¶

These functions store non-standard auxiliary data in x and retrieve it.

The len bytes of data stored using X509_keyid_set1() will be written to the localKeyID attribute of the PKCS#12 structure if PKCS12_create(3) is later called on x, and the data stored using X509_alias_set1() will be written to the friendlyName attribute. If data points to a NUL-terminated string, -1 can be passed as the len argument to let len be calculated internally using strlen(3). If a NULL pointer is passed as the data argument, the respective auxiliary data stored in x, if any, is removed from x and freed.

Conversely, PKCS12_parse(3) retrieves these attributes from a PKCS#12 structure such that they can subsequently be accessed with X509_keyid_get0() and X509_alias_get0(). Unless NULL is passed for the plen argument, these functions store the size of the returned buffer in bytes in *plen. After the call, the returned buffer is not necessarily NUL-terminated, but it may contain internal NUL bytes.

API design is very incomplete; given the complexity of PKCS#12, that's probably an asset rather than a defect. The PKCS#12 standard defines many attributes that cannot be stored in X509 objects.

To associate certificates with alternative names and key identifiers, X.509 certificate extensions are more commonly used than PKCS#12 attributes, for example using X509_EXTENSION_create_by_NID(3) with NID_subject_alt_name or NID_subject_key_identifier.

RETURN VALUES¶

X509_keyid_set1() and X509_alias_set1() return 1 if data is NULL or if the input data was successfully copied into x, or 0 if data is not NULL but could not be copied because x is NULL or memory allocation failed.

X509_keyid_get0() and X509_alias_get0() return an internal pointer to an array of bytes or NULL if x does not contain auxiliary data of the requested kind.

SEE ALSO¶

ASN1_STRING_set(3), X509_CERT_AUX_new(3), X509_EXTENSION_new(3), X509_new(3), X509V3_get_d2i(3)

HISTORY¶

X509_alias_set1() and X509_alias_get0() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

X509_keyid_set1() first appeared in OpenSSL 0.9.6 and has been available since OpenBSD 2.9.

X509_keyid_get0() first appeared in OpenSSL 0.9.8 and has been available since OpenBSD 4.5.