NAME¶

X509v3_addr_inherits, X509v3_asid_inherits — RFC 3779 inheritance

SYNOPSIS¶

#include <openssl/x509v3.h>

int
X509v3_addr_inherits(IPAddrBlocks *addrblocks);

int
X509v3_asid_inherits(ASIdentifiers *asids);

DESCRIPTION¶

X509v3_addr_inherits() determines if there is at least one address family in addrblocks that uses inheritance.

X509v3_asid_inherits() is intended to determine if at least one of the list of autonomous system numbers or the list of routing domain identifiers uses inheritance.

RETURN VALUES¶

X509v3_addr_inherits() returns 1 if and only if addrblocks contains at least one IPAddressFamily object that is correctly marked “inherit”: its IPAddressChoice is of type IPAddressChoice_inherit and its inherit element is present. Otherwise it returns 0.

X509v3_asid_inherits() returns 1 if and only if at least one of the asnum or the rdi lists has type ASIdentifierChoice_inherit. Otherwise it returns 0.

SEE ALSO¶

ASIdentifiers_new(3), ASRange_new(3), crypto(3), IPAddressRange_new(3), X509_new(3), X509v3_addr_add_inherit(3), X509v3_asid_add_inherit(3)

STANDARDS¶

RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:

• section 2: IP Address delegation extension
• section 2.2.3.5: Element inherit
• section 3: AS identifiers delegation extension
• section 3.2.3.3: Element inherit

HISTORY¶

These functions first appeared in OpenSSL 0.9.8e and have been available since OpenBSD 7.1.

BUGS¶

X509v3_asid_inherits() ignores whether the inherit element is present or absent in the list that is considered to use inheritance.

There is no API that determines whether all lists contained in an ASIdentifiers or an IPAddrBlocks object inherit. See RFC 9287, 5.1.2 for an example where this is relevant.