Scroll to navigation

DIST_POINT_NEW(3) Library Functions Manual DIST_POINT_NEW(3)

NAME

DIST_POINT_new, DIST_POINT_free, CRL_DIST_POINTS_new, CRL_DIST_POINTS_free, DIST_POINT_NAME_new, DIST_POINT_NAME_free, ISSUING_DIST_POINT_new, ISSUING_DIST_POINT_freeX.509 CRL distribution point extensions

SYNOPSIS

#include <openssl/x509v3.h>

DIST_POINT *
DIST_POINT_new(void);

void
DIST_POINT_free(DIST_POINT *dp);

CRL_DIST_POINTS *
CRL_DIST_POINTS_new(void);

void
CRL_DIST_POINTS_free(CRL_DIST_POINTS *dps);

DIST_POINT_NAME *
DIST_POINT_NAME_new(void);

void
DIST_POINT_NAME_free(DIST_POINT_NAME *name);

ISSUING_DIST_POINT *
ISSUING_DIST_POINT_new(void);

void
ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *dp);

DESCRIPTION

Using the CRL distribution point extension, a certificate can specify where to obtain certificate revocation lists that might later revoke it.

() allocates and initializes an empty DIST_POINT object, representing an ASN.1 DistributionPoint structure defined in RFC 5280 section 4.2.1.13. It can hold issuer names, distribution point names, and reason flags. () frees dp.

() allocates and initializes an empty CRL_DIST_POINTS object, which is a STACK_OF(DIST_POINT) and represents the ASN.1 CRLDistributionPoints structure defined in RFC 5280 section 4.2.1.13. It can be used as an extension in X509 and in X509_CRL objects. () frees dps.

() allocates and initializes an empty DIST_POINT_NAME object, representing an ASN.1 DistributionPointName structure defined in RFC 5280 section 4.2.1.13. It is used by the DIST_POINT and ISSUING_DIST_POINT objects and can hold multiple names, each representing a different way to obtain the same CRL. () frees name.

() allocates and initializes an empty ISSUING_DIST_POINT object, representing an ASN.1 IssuingDistributionPoint structure defined in RFC 5280 section 5.2.5. Using this extension, a CRL can specify which distribution point it was issued from and which kinds of certificates and revocation reasons it covers. () frees dp.

RETURN VALUES

DIST_POINT_new(), CRL_DIST_POINTS_new(), DIST_POINT_NAME_new(), and ISSUING_DIST_POINT_new() return the new DIST_POINT, CRL_DIST_POINTS, DIST_POINT_NAME, or ISSUING_DIST_POINT object, respectively, or NULL if an error occurs.

SEE ALSO

d2i_DIST_POINT(3), GENERAL_NAMES_new(3), X509_CRL_new(3), X509_EXTENSION_new(3), X509_NAME_new(3), X509_new(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:

  • section 4.2.1.13: CRL Distribution Points
  • section 5.2.5: Issuing Distribution Point

HISTORY

DIST_POINT_new(), DIST_POINT_free(), CRL_DIST_POINTS_new(), CRL_DIST_POINTS_free(), DIST_POINT_NAME_new(), and DIST_POINT_NAME_free() first appeared in OpenSSL 0.9.3 and have been available since OpenBSD 2.6.

ISSUING_DIST_POINT_new() and ISSUING_DIST_POINT_free() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

June 6, 2019 Linux 6.4.0-150700.53.16-default