diff options
author | Damian Hobson-Garcia <dhobsong@igel.co.jp> | 2021-06-03 15:41:27 +0900 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-24 14:08:05 +0100 |
commit | dab96a4f60f12b162f02ce2ddf4f70bb1e24bd5b (patch) | |
tree | d0f970424887398a3f5c63b63b4e43708da44ede /doc | |
parent | d10b020e2e389f4e5f5c84ce8d4512536dd3027a (diff) |
x509_acert: Load attributes from config file section
Several of the attribute values defined for use by attribute certificates
use multi-valued data in an ASN.1 SEQUENCE. Allow reading of these values
from a configuration file, similar to how generic X.509 extensions are
handled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/build.info | 6 | ||||
-rw-r--r-- | doc/man3/X509_ACERT_add_attr_nconf.pod | 63 |
2 files changed, 69 insertions, 0 deletions
diff --git a/doc/build.info b/doc/build.info index 373f61476e..c7cb6d5d4f 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2811,6 +2811,10 @@ DEPEND[html/man3/X509_ACERT_add1_attr.html]=man3/X509_ACERT_add1_attr.pod GENERATE[html/man3/X509_ACERT_add1_attr.html]=man3/X509_ACERT_add1_attr.pod DEPEND[man/man3/X509_ACERT_add1_attr.3]=man3/X509_ACERT_add1_attr.pod GENERATE[man/man3/X509_ACERT_add1_attr.3]=man3/X509_ACERT_add1_attr.pod +DEPEND[html/man3/X509_ACERT_add_attr_nconf.html]=man3/X509_ACERT_add_attr_nconf.pod +GENERATE[html/man3/X509_ACERT_add_attr_nconf.html]=man3/X509_ACERT_add_attr_nconf.pod +DEPEND[man/man3/X509_ACERT_add_attr_nconf.3]=man3/X509_ACERT_add_attr_nconf.pod +GENERATE[man/man3/X509_ACERT_add_attr_nconf.3]=man3/X509_ACERT_add_attr_nconf.pod DEPEND[html/man3/X509_ACERT_get0_holder_baseCertId.html]=man3/X509_ACERT_get0_holder_baseCertId.pod GENERATE[html/man3/X509_ACERT_get0_holder_baseCertId.html]=man3/X509_ACERT_get0_holder_baseCertId.pod DEPEND[man/man3/X509_ACERT_get0_holder_baseCertId.3]=man3/X509_ACERT_get0_holder_baseCertId.pod @@ -3658,6 +3662,7 @@ html/man3/UI_new.html \ html/man3/X509V3_get_d2i.html \ html/man3/X509V3_set_ctx.html \ html/man3/X509_ACERT_add1_attr.html \ +html/man3/X509_ACERT_add_attr_nconf.html \ html/man3/X509_ACERT_get0_holder_baseCertId.html \ html/man3/X509_ACERT_get_attr.html \ html/man3/X509_ACERT_print_ex.html \ @@ -4309,6 +4314,7 @@ man/man3/UI_new.3 \ man/man3/X509V3_get_d2i.3 \ man/man3/X509V3_set_ctx.3 \ man/man3/X509_ACERT_add1_attr.3 \ +man/man3/X509_ACERT_add_attr_nconf.3 \ man/man3/X509_ACERT_get0_holder_baseCertId.3 \ man/man3/X509_ACERT_get_attr.3 \ man/man3/X509_ACERT_print_ex.3 \ diff --git a/doc/man3/X509_ACERT_add_attr_nconf.pod b/doc/man3/X509_ACERT_add_attr_nconf.pod new file mode 100644 index 0000000000..a16d31c3f3 --- /dev/null +++ b/doc/man3/X509_ACERT_add_attr_nconf.pod @@ -0,0 +1,63 @@ +=pod + +=head1 NAME + +X509_ACERT_add_attr_nconf +- Add attributes to X509_ACERT from configuration section + +=head1 SYNOPSIS + + #include <openssl/x509_acert.h> + + int X509_ACERT_add_attr_nconf(CONF *conf, const char *section, + X509_ACERT *acert); + +=head1 DESCRIPTION + +X509_ACERT_add_attr_nconf() adds one or more B<X509_ATTRIBUTE>s to the +existing B<X509_ACERT> structure I<acert>. The attributes are read +from a I<section> of the I<conf> object. + +The give I<section> of the configuration should contain attribute +descriptions of the form: + + attribute_name = value + +The format of B<value> will vary depending on the B<attribute_name>. +B<value> can either be a string value or an B<ASN1_TYPE> +object. + +To encode an B<ASN1_TYPE> object, use the prefix "ASN1:" followed by +the object description that uses the same syntax as L<ASN1_generate_nconf(3)>. +For example: + + id-aca-group = ASN1:SEQUENCE:ietfattr + + [ietfattr] + values = SEQUENCE:groups + + [groups] + 1.string = UTF8:mygroup1 + +=head1 RETURN VALUES + +X509_ACERT_add_attr_nconf() returns 1 for success and 0 for failure. + +=head1 SEE ALSO + +L<ASN1_generate_nconf(3)>. + +=head1 HISTORY + +The function X509_ACERT_add_attr_nconf() was added in OpenSSL 3.4. + +=head1 COPYRIGHT + +Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut |