libcrypto/man/X509V3_get_d2i.3

 $NetBSD: X509V3_get_d2i.3,v 1.1.1.1 2023/04/18 14:19:15 christos Exp $

 Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)

 Standard preamble:
 ========================================================================
..
..

..
 Set up some character translations and predefined strings. \*(-- will
 give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 double quote, and \*(R" will give a right double quote. \*(C+ will
 give a nicer C++. Capital omega is used to do unbreakable dashes and
 therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
 nothing in troff, for use with C<>.
.tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF

 Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #]
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
 ========================================================================

 Title "X509V3_get_d2i 3"  X509V3_get_d2i 3 "2020-12-10" "1.1.1i" "OpenSSL"
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
.nh
 "NAME"
X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
 "LIBRARY"
libcrypto, -lcrypto
 "SYNOPSIS"
 Header "SYNOPSIS" .Vb 1
 #include <openssl/x509v3.h>
\&
 void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
  int *idx);
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
  int crit, unsigned long flags);
\&
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
\&
 void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
 int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
  unsigned long flags);
\&
 void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
 int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
  unsigned long flags);
\&
 void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
 int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
  unsigned long flags);
\&
 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
 const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
 const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
.Ve
 "DESCRIPTION"
 Header "DESCRIPTION" \fBX509V3_get_ext_d2i() looks for an extension with \s-1OID\s0 nid in the extensions
\fBx and, if found, decodes it. If idx is \s-1NULL\s0 then only one
occurrence of an extension is permissible otherwise the first extension after
index *idx is returned and *idx updated to the location of the extension.
If crit is not \s-1NULL\s0 then *crit is set to a status value: -2 if the
extension occurs multiple times (this is only returned if idx is \s-1NULL\s0),
\-1 if the extension could not be found, 0 if the extension is found and is
not critical and 1 if critical. A pointer to an extension specific structure
or \s-1NULL\s0 is returned.

\fBX509V3_add1_i2d() adds extension value to \s-1STACK\s0 *x (allocating a new
\s-1STACK\s0 if necessary) using \s-1OID\s0 nid and criticality crit according
to flags.

\fBX509V3_EXT_d2i() attempts to decode the \s-1ASN.1\s0 data contained in extension
\fBext and returns a pointer to an extension specific structure or \s-1NULL\s0
if the extension could not be decoded (invalid syntax or not supported).

\fBX509V3_EXT_i2d() encodes the extension specific structure ext
with \s-1OID\s0 ext_nid and criticality crit.

\fBX509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
certificate x, they are otherwise identical to X509V3_get_d2i() and
\fBX509V3_add_i2d().

\fBX509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions
of \s-1CRL\s0 crl, they are otherwise identical to X509V3_get_d2i() and
\fBX509V3_add_i2d().

\fBX509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
extensions of X509_REVOKED structure r (i.e for \s-1CRL\s0 entry extensions),
they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

\fBX509_get0_extensions(), X509_CRL_get0_extensions() and
\fBX509_REVOKED_get0_extensions() return a stack of all the extensions
of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively.
 "NOTES"
 Header "NOTES" In almost all cases an extension can occur at most once and multiple
occurrences is an error. Therefore, the idx parameter is usually \s-1NULL\s0.

The flags parameter may be one of the following values.

\fBX509V3_ADD_DEFAULT appends a new extension only if the extension does
not already exist. An error is returned if the extension does already
exist.

\fBX509V3_ADD_APPEND appends a new extension, ignoring whether the extension
already exists.

\fBX509V3_ADD_REPLACE replaces an extension if it exists otherwise appends
a new extension.

\fBX509V3_ADD_REPLACE_EXISTING replaces an existing extension if it exists
otherwise returns an error.

\fBX509V3_ADD_KEEP_EXISTING appends a new extension only if the extension does
not already exist. An error is not returned if the extension does already
exist.

\fBX509V3_ADD_DELETE extension nid is deleted: no new extension is added.

If X509V3_ADD_SILENT is ored with flags: any error returned will not
be added to the error queue.

The function X509V3_get_d2i() will return \s-1NULL\s0 if the extension is not
found, occurs multiple times or cannot be decoded. It is possible to
determine the precise reason by checking the value of *crit.
 "SUPPORTED EXTENSIONS"
 Header "SUPPORTED EXTENSIONS" The following sections contain a list of all supported extensions
including their name and \s-1NID.\s0
 "\s-1PKIX\s0 Certificate Extensions"
 Subsection "PKIX Certificate Extensions" The following certificate extensions are defined in \s-1PKIX\s0 standards such as
\s-1RFC5280.\s0

.Vb 3
 Basic Constraints NID_basic_constraints
 Key Usage NID_key_usage
 Extended Key Usage NID_ext_key_usage
\&
 Subject Key Identifier NID_subject_key_identifier
 Authority Key Identifier NID_authority_key_identifier
\&
 Private Key Usage Period NID_private_key_usage_period
\&
 Subject Alternative Name NID_subject_alt_name
 Issuer Alternative Name NID_issuer_alt_name
\&
 Authority Information Access NID_info_access
 Subject Information Access NID_sinfo_access
\&
 Name Constraints NID_name_constraints
\&
 Certificate Policies NID_certificate_policies
 Policy Mappings NID_policy_mappings
 Policy Constraints NID_policy_constraints
 Inhibit Any Policy NID_inhibit_any_policy
\&
 TLS Feature NID_tlsfeature
.Ve
 "Netscape Certificate Extensions"
 Subsection "Netscape Certificate Extensions" The following are (largely obsolete) Netscape certificate extensions.

.Vb 8
 Netscape Cert Type NID_netscape_cert_type
 Netscape Base Url NID_netscape_base_url
 Netscape Revocation Url NID_netscape_revocation_url
 Netscape CA Revocation Url NID_netscape_ca_revocation_url
 Netscape Renewal Url NID_netscape_renewal_url
 Netscape CA Policy Url NID_netscape_ca_policy_url
 Netscape SSL Server Name NID_netscape_ssl_server_name
 Netscape Comment NID_netscape_comment
.Ve
 "Miscellaneous Certificate Extensions"
 Subsection "Miscellaneous Certificate Extensions" .Vb 2
 Strong Extranet ID NID_sxnet
 Proxy Certificate Information NID_proxyCertInfo
.Ve
 "\s-1PKIX CRL\s0 Extensions"
 Subsection "PKIX CRL Extensions" The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0

.Vb 6
 CRL Number NID_crl_number
 CRL Distribution Points NID_crl_distribution_points
 Delta CRL Indicator NID_delta_crl
 Freshest CRL NID_freshest_crl
 Invalidity Date NID_invalidity_date
 Issuing Distribution Point NID_issuing_distribution_point
.Ve

The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0

.Vb 2
 CRL Reason Code NID_crl_reason
 Certificate Issuer NID_certificate_issuer
.Ve
 "\s-1OCSP\s0 Extensions"
 Subsection "OCSP Extensions" .Vb 7
 OCSP Nonce NID_id_pkix_OCSP_Nonce
 OCSP CRL ID NID_id_pkix_OCSP_CrlID
 Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses
 OCSP No Check NID_id_pkix_OCSP_noCheck
 OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff
 OCSP Service Locator NID_id_pkix_OCSP_serviceLocator
 Hold Instruction Code NID_hold_instruction_code
.Ve
 "Certificate Transparency Extensions"
 Subsection "Certificate Transparency Extensions" The following extensions are used by certificate transparency, \s-1RFC6962\s0

.Vb 2
 CT Precertificate SCTs NID_ct_precert_scts
 CT Certificate SCTs NID_ct_cert_scts
.Ve
 "RETURN VALUES"
 Header "RETURN VALUES" \fBX509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension
specific structure of \s-1NULL\s0 if an error occurs.

\fBX509V3_EXT_i2d() returns a pointer to an X509_EXTENSION structure
or \s-1NULL\s0 if an error occurs.

\fBX509V3_add1_i2d() returns 1 if the operation is successful and 0 if it
fails due to a non-fatal error (extension not found, already exists,
cannot be encoded) or -1 due to a fatal error such as a memory allocation
failure.

\fBX509_get0_extensions(), X509_CRL_get0_extensions() and
\fBX509_REVOKED_get0_extensions() return a stack of extensions. They return
\s-1NULL\s0 if no extensions are present.
 "SEE ALSO"
 Header "SEE ALSO" \fBd2i_X509\|(3),
\fBERR_get_error\|(3),
\fBX509_CRL_get0_by_serial\|(3),
\fBX509_get0_signature\|(3),
\fBX509_get_ext_d2i\|(3),
\fBX509_get_extension_flags\|(3),
\fBX509_get_pubkey\|(3),
\fBX509_get_subject_name\|(3),
\fBX509_get_version\|(3),
\fBX509_NAME_add_entry_by_txt\|(3),
\fBX509_NAME_ENTRY_get_object\|(3),
\fBX509_NAME_get_index_by_NID\|(3),
\fBX509_NAME_print_ex\|(3),
\fBX509_new\|(3),
\fBX509_sign\|(3),
\fBX509_verify_cert\|(3)
 "COPYRIGHT"
 Header "COPYRIGHT" Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.