table of contents
X509_KEYID_SET1(3) | Library Functions Manual | X509_KEYID_SET1(3) |
NAME¶
X509_keyid_set1
,
X509_keyid_get0
,
X509_alias_set1
,
X509_alias_get0
— auxiliary
certificate data for PKCS#12
SYNOPSIS¶
#include
<openssl/x509.h>
int
X509_keyid_set1
(X509 *x,
const unsigned char *data, int
len);
unsigned char *
X509_keyid_get0
(X509 *x,
int *plen);
int
X509_alias_set1
(X509 *x,
const unsigned char *data, int
len);
unsigned char *
X509_alias_get0
(X509 *x,
int *plen);
DESCRIPTION¶
These functions store non-standard auxiliary data in x and retrieve it.
The len bytes of
data stored using
X509_keyid_set1
()
will be written to the
localKeyID
attribute of the PKCS#12 structure if PKCS12_create(3) is
later called on x, and the data
stored using
X509_alias_set1
()
will be written to the
friendlyName
attribute. If data points to a NUL-terminated string,
-1 can be passed as the len argument to let
len be calculated internally using
strlen(3). If a NULL
pointer is
passed as the data argument, the respective auxiliary
data stored in x, if any, is removed from
x and freed.
Conversely, PKCS12_parse(3)
retrieves these attributes from a PKCS#12 structure such that they can
subsequently be accessed with
X509_keyid_get0
()
and
X509_alias_get0
().
Unless NULL
is passed for the
plen argument, these functions store the size of the
returned buffer in bytes in *plen. After the call, the
returned buffer is not necessarily NUL-terminated, but it may contain
internal NUL bytes.
API design is very incomplete; given the complexity of PKCS#12, that's probably an asset rather than a defect. The PKCS#12 standard defines many attributes that cannot be stored in X509 objects.
To associate certificates with alternative names and key
identifiers, X.509 certificate extensions are more commonly used than
PKCS#12 attributes, for example using
X509_EXTENSION_create_by_NID(3) with
NID_subject_alt_name
or
NID_subject_key_identifier
.
RETURN VALUES¶
X509_keyid_set1
() and
X509_alias_set1
() return 1 if
data is NULL
or if the input
data was successfully copied into
x, or 0 if data is not
NULL
but could not be copied because
x is NULL
or memory allocation
failed.
X509_keyid_get0
() and
X509_alias_get0
() return an internal pointer to an
array of bytes or NULL
if x
does not contain auxiliary data of the requested kind.
SEE ALSO¶
ASN1_STRING_set(3), X509_CERT_AUX_new(3), X509_EXTENSION_new(3), X509_new(3), X509V3_get_d2i(3)
HISTORY¶
X509_alias_set1
() and
X509_alias_get0
() first appeared in OpenSSL 0.9.5
and have been available since OpenBSD 2.7.
X509_keyid_set1
() first appeared in
OpenSSL 0.9.6 and has been available since OpenBSD
2.9.
X509_keyid_get0
() first appeared in
OpenSSL 0.9.8 and has been available since OpenBSD
4.5.
July 9, 2021 | Linux 6.4.0-150600.23.30-default |