diff options
| author | Richard Levitte <levitte@openssl.org> | 2016-07-25 17:02:56 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2016-07-25 17:36:39 +0200 |
| commit | fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94 (patch) | |
| tree | e18b998d2adf160cfdb25312dcb89b0ead1b0075 /doc | |
| parent | 3067095e8a2cca3d33fa0af77788bc45da68b76b (diff) | |
Make it possible for external code to set the certiciate proxy path length
This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.
Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/crypto/X509_get_extension_flags.pod | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod index 473ef28b6d..0fc42e8b92 100644 --- a/doc/crypto/X509_get_extension_flags.pod +++ b/doc/crypto/X509_get_extension_flags.pod @@ -4,8 +4,12 @@ X509_get0_subject_key_id, X509_get_pathlen, -X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, -X509_set_proxy_flag - retrieve certificate extension data +X509_get_extension_flags, +X509_get_key_usage, +X509_get_extended_key_usage, +X509_set_proxy_flag, +X509_set_proxy_pathlen, +X509_get_proxy_pathlen - retrieve certificate extension data =head1 SYNOPSIS @@ -17,6 +21,8 @@ X509_set_proxy_flag - retrieve certificate extension data uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); void X509_set_proxy_flag(X509 *x); + void X509_set_proxy_path_length(int l); + long X509_get_proxy_pathlen(X509 *x); =head1 DESCRIPTION @@ -107,6 +113,13 @@ X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones. +X509_set_proxy_pathlen() sets the proxy certificate path length for the given +certificate B<x>. This is for the users who need to mark non-RFC3820 proxy +certificates as such, as OpenSSL only detects RFC3820 compliant ones. + +X509_get_proxy_pathlen() returns the proxy certificate path length for the +given certificate B<x> if it is a proxy certicate. + =head1 NOTES The value of the flags correspond to extension values which are cached @@ -138,13 +151,17 @@ X509_get0_subject_key_id() returns the subject key identifier as a pointer to an B<ASN1_OCTET_STRING> structure or B<NULL> if the extension is absent or an error occurred during parsing. +X509_get_proxy_pathlen() returns the path length value if the given +certificate is a proxy one and has a path length set, and -1 otherwise. + =head1 SEE ALSO L<X509_check_purpose(3)> =head1 HISTORY -X509_get_pathlen() and X509_set_proxy_flag() were added in OpenSSL 1.1.0. +X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and +X509_get_proxy_pathlen() were added in OpenSSL 1.1.0. =head1 COPYRIGHT |