2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
\r
5 /* ====================================================================
\r
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
\r
8 * Redistribution and use in source and binary forms, with or without
\r
9 * modification, are permitted provided that the following conditions
\r
12 * 1. Redistributions of source code must retain the above copyright
\r
13 * notice, this list of conditions and the following disclaimer.
\r
15 * 2. Redistributions in binary form must reproduce the above copyright
\r
16 * notice, this list of conditions and the following disclaimer in
\r
17 * the documentation and/or other materials provided with the
\r
20 * 3. All advertising materials mentioning features or use of this
\r
21 * software must display the following acknowledgment:
\r
22 * "This product includes software developed by the OpenSSL Project
\r
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
\r
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
\r
26 * endorse or promote products derived from this software without
\r
27 * prior written permission. For written permission, please contact
\r
28 * licensing@OpenSSL.org.
\r
30 * 5. Products derived from this software may not be called "OpenSSL"
\r
31 * nor may "OpenSSL" appear in their names without prior written
\r
32 * permission of the OpenSSL Project.
\r
34 * 6. Redistributions of any form whatsoever must retain the following
\r
36 * "This product includes software developed by the OpenSSL Project
\r
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
\r
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
\r
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
\r
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
\r
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
\r
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
\r
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
\r
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
\r
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
\r
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
\r
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
\r
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
\r
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
\r
51 * ====================================================================
\r
53 * This product includes cryptographic software written by Eric Young
\r
54 * (eay@cryptsoft.com). This product includes software written by Tim
\r
55 * Hudson (tjh@cryptsoft.com).
\r
58 #ifndef HEADER_X509V3_H
\r
59 #define HEADER_X509V3_H
\r
61 #include <openssl/bio.h>
\r
62 #include <openssl/x509.h>
\r
63 #include <openssl/conf.h>
\r
69 /* Forward reference */
\r
70 struct v3_ext_method;
\r
73 /* Useful typedefs */
\r
75 typedef void * (*X509V3_EXT_NEW)(void);
\r
76 typedef void (*X509V3_EXT_FREE)(void *);
\r
77 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
\r
78 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
\r
79 typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
\r
80 typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
\r
81 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
\r
82 typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
\r
83 typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
\r
84 typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
\r
86 /* V3 extension structure */
\r
88 struct v3_ext_method {
\r
91 /* If this is set the following four fields are ignored */
\r
93 /* Old style ASN1 calls */
\r
94 X509V3_EXT_NEW ext_new;
\r
95 X509V3_EXT_FREE ext_free;
\r
99 /* The following pair is used for string extensions */
\r
100 X509V3_EXT_I2S i2s;
\r
101 X509V3_EXT_S2I s2i;
\r
103 /* The following pair is used for multi-valued extensions */
\r
104 X509V3_EXT_I2V i2v;
\r
105 X509V3_EXT_V2I v2i;
\r
107 /* The following are used for raw extensions */
\r
108 X509V3_EXT_I2R i2r;
\r
109 X509V3_EXT_R2I r2i;
\r
111 void *usr_data; /* Any extension specific data */
\r
114 typedef struct X509V3_CONF_METHOD_st {
\r
115 char * (*get_string)(void *db, char *section, char *value);
\r
116 STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
\r
117 void (*free_string)(void *db, char * string);
\r
118 void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
\r
119 } X509V3_CONF_METHOD;
\r
121 /* Context specific info */
\r
122 struct v3_ext_ctx {
\r
123 #define CTX_TEST 0x1
\r
126 X509 *subject_cert;
\r
127 X509_REQ *subject_req;
\r
129 X509V3_CONF_METHOD *db_meth;
\r
131 /* Maybe more here */
\r
134 typedef struct v3_ext_method X509V3_EXT_METHOD;
\r
136 DECLARE_STACK_OF(X509V3_EXT_METHOD)
\r
138 /* ext_flags values */
\r
139 #define X509V3_EXT_DYNAMIC 0x1
\r
140 #define X509V3_EXT_CTX_DEP 0x2
\r
141 #define X509V3_EXT_MULTILINE 0x4
\r
143 typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
\r
145 typedef struct BASIC_CONSTRAINTS_st {
\r
147 ASN1_INTEGER *pathlen;
\r
148 } BASIC_CONSTRAINTS;
\r
151 typedef struct PKEY_USAGE_PERIOD_st {
\r
152 ASN1_GENERALIZEDTIME *notBefore;
\r
153 ASN1_GENERALIZEDTIME *notAfter;
\r
154 } PKEY_USAGE_PERIOD;
\r
156 typedef struct otherName_st {
\r
157 ASN1_OBJECT *type_id;
\r
161 typedef struct EDIPartyName_st {
\r
162 ASN1_STRING *nameAssigner;
\r
163 ASN1_STRING *partyName;
\r
166 typedef struct GENERAL_NAME_st {
\r
168 #define GEN_OTHERNAME 0
\r
169 #define GEN_EMAIL 1
\r
172 #define GEN_DIRNAME 4
\r
173 #define GEN_EDIPARTY 5
\r
175 #define GEN_IPADD 7
\r
181 OTHERNAME *otherName; /* otherName */
\r
182 ASN1_IA5STRING *rfc822Name;
\r
183 ASN1_IA5STRING *dNSName;
\r
184 ASN1_TYPE *x400Address;
\r
185 X509_NAME *directoryName;
\r
186 EDIPARTYNAME *ediPartyName;
\r
187 ASN1_IA5STRING *uniformResourceIdentifier;
\r
188 ASN1_OCTET_STRING *iPAddress;
\r
189 ASN1_OBJECT *registeredID;
\r
192 ASN1_OCTET_STRING *ip; /* iPAddress */
\r
193 X509_NAME *dirn; /* dirn */
\r
194 ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
\r
195 ASN1_OBJECT *rid; /* registeredID */
\r
196 ASN1_TYPE *other; /* x400Address */
\r
200 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
\r
202 typedef struct ACCESS_DESCRIPTION_st {
\r
203 ASN1_OBJECT *method;
\r
204 GENERAL_NAME *location;
\r
205 } ACCESS_DESCRIPTION;
\r
207 typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
\r
209 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
\r
211 DECLARE_STACK_OF(GENERAL_NAME)
\r
212 DECLARE_ASN1_SET_OF(GENERAL_NAME)
\r
214 DECLARE_STACK_OF(ACCESS_DESCRIPTION)
\r
215 DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
\r
217 typedef struct DIST_POINT_NAME_st {
\r
220 GENERAL_NAMES *fullname;
\r
221 STACK_OF(X509_NAME_ENTRY) *relativename;
\r
225 typedef struct DIST_POINT_st {
\r
226 DIST_POINT_NAME *distpoint;
\r
227 ASN1_BIT_STRING *reasons;
\r
228 GENERAL_NAMES *CRLissuer;
\r
231 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
\r
233 DECLARE_STACK_OF(DIST_POINT)
\r
234 DECLARE_ASN1_SET_OF(DIST_POINT)
\r
236 typedef struct AUTHORITY_KEYID_st {
\r
237 ASN1_OCTET_STRING *keyid;
\r
238 GENERAL_NAMES *issuer;
\r
239 ASN1_INTEGER *serial;
\r
242 /* Strong extranet structures */
\r
244 typedef struct SXNET_ID_st {
\r
245 ASN1_INTEGER *zone;
\r
246 ASN1_OCTET_STRING *user;
\r
249 DECLARE_STACK_OF(SXNETID)
\r
250 DECLARE_ASN1_SET_OF(SXNETID)
\r
252 typedef struct SXNET_st {
\r
253 ASN1_INTEGER *version;
\r
254 STACK_OF(SXNETID) *ids;
\r
257 typedef struct NOTICEREF_st {
\r
258 ASN1_STRING *organization;
\r
259 STACK_OF(ASN1_INTEGER) *noticenos;
\r
262 typedef struct USERNOTICE_st {
\r
263 NOTICEREF *noticeref;
\r
264 ASN1_STRING *exptext;
\r
267 typedef struct POLICYQUALINFO_st {
\r
268 ASN1_OBJECT *pqualid;
\r
270 ASN1_IA5STRING *cpsuri;
\r
271 USERNOTICE *usernotice;
\r
276 DECLARE_STACK_OF(POLICYQUALINFO)
\r
277 DECLARE_ASN1_SET_OF(POLICYQUALINFO)
\r
279 typedef struct POLICYINFO_st {
\r
280 ASN1_OBJECT *policyid;
\r
281 STACK_OF(POLICYQUALINFO) *qualifiers;
\r
284 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
\r
286 DECLARE_STACK_OF(POLICYINFO)
\r
287 DECLARE_ASN1_SET_OF(POLICYINFO)
\r
289 typedef struct POLICY_MAPPING_st {
\r
290 ASN1_OBJECT *issuerDomainPolicy;
\r
291 ASN1_OBJECT *subjectDomainPolicy;
\r
294 DECLARE_STACK_OF(POLICY_MAPPING)
\r
296 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
\r
298 typedef struct GENERAL_SUBTREE_st {
\r
299 GENERAL_NAME *base;
\r
300 ASN1_INTEGER *minimum;
\r
301 ASN1_INTEGER *maximum;
\r
304 DECLARE_STACK_OF(GENERAL_SUBTREE)
\r
306 typedef struct NAME_CONSTRAINTS_st {
\r
307 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
\r
308 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
\r
309 } NAME_CONSTRAINTS;
\r
311 typedef struct POLICY_CONSTRAINTS_st {
\r
312 ASN1_INTEGER *requireExplicitPolicy;
\r
313 ASN1_INTEGER *inhibitPolicyMapping;
\r
314 } POLICY_CONSTRAINTS;
\r
316 /* Proxy certificate structures, see RFC 3820 */
\r
317 typedef struct PROXY_POLICY_st
\r
319 ASN1_OBJECT *policyLanguage;
\r
320 ASN1_OCTET_STRING *policy;
\r
323 typedef struct PROXY_CERT_INFO_EXTENSION_st
\r
325 ASN1_INTEGER *pcPathLengthConstraint;
\r
326 PROXY_POLICY *proxyPolicy;
\r
327 } PROXY_CERT_INFO_EXTENSION;
\r
329 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
\r
330 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
\r
333 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
\r
334 ",name:", val->name, ",value:", val->value);
\r
336 #define X509V3_set_ctx_test(ctx) \
\r
337 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
\r
338 #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
\r
340 #define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
\r
343 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
\r
344 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
\r
348 #define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
\r
350 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
\r
351 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
\r
355 #define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
\r
358 /* X509_PURPOSE stuff */
\r
360 #define EXFLAG_BCONS 0x1
\r
361 #define EXFLAG_KUSAGE 0x2
\r
362 #define EXFLAG_XKUSAGE 0x4
\r
363 #define EXFLAG_NSCERT 0x8
\r
365 #define EXFLAG_CA 0x10
\r
366 #define EXFLAG_SS 0x20
\r
367 #define EXFLAG_V1 0x40
\r
368 #define EXFLAG_INVALID 0x80
\r
369 #define EXFLAG_SET 0x100
\r
370 #define EXFLAG_CRITICAL 0x200
\r
371 #define EXFLAG_PROXY 0x400
\r
373 #define EXFLAG_INVALID_POLICY 0x400
\r
375 #define KU_DIGITAL_SIGNATURE 0x0080
\r
376 #define KU_NON_REPUDIATION 0x0040
\r
377 #define KU_KEY_ENCIPHERMENT 0x0020
\r
378 #define KU_DATA_ENCIPHERMENT 0x0010
\r
379 #define KU_KEY_AGREEMENT 0x0008
\r
380 #define KU_KEY_CERT_SIGN 0x0004
\r
381 #define KU_CRL_SIGN 0x0002
\r
382 #define KU_ENCIPHER_ONLY 0x0001
\r
383 #define KU_DECIPHER_ONLY 0x8000
\r
385 #define NS_SSL_CLIENT 0x80
\r
386 #define NS_SSL_SERVER 0x40
\r
387 #define NS_SMIME 0x20
\r
388 #define NS_OBJSIGN 0x10
\r
389 #define NS_SSL_CA 0x04
\r
390 #define NS_SMIME_CA 0x02
\r
391 #define NS_OBJSIGN_CA 0x01
\r
392 #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
\r
394 #define XKU_SSL_SERVER 0x1
\r
395 #define XKU_SSL_CLIENT 0x2
\r
396 #define XKU_SMIME 0x4
\r
397 #define XKU_CODE_SIGN 0x8
\r
398 #define XKU_SGC 0x10
\r
399 #define XKU_OCSP_SIGN 0x20
\r
400 #define XKU_TIMESTAMP 0x40
\r
401 #define XKU_DVCS 0x80
\r
403 #define X509_PURPOSE_DYNAMIC 0x1
\r
404 #define X509_PURPOSE_DYNAMIC_NAME 0x2
\r
406 typedef struct x509_purpose_st {
\r
408 int trust; /* Default trust ID */
\r
410 int (*check_purpose)(const struct x509_purpose_st *,
\r
411 const X509 *, int);
\r
417 #define X509_PURPOSE_SSL_CLIENT 1
\r
418 #define X509_PURPOSE_SSL_SERVER 2
\r
419 #define X509_PURPOSE_NS_SSL_SERVER 3
\r
420 #define X509_PURPOSE_SMIME_SIGN 4
\r
421 #define X509_PURPOSE_SMIME_ENCRYPT 5
\r
422 #define X509_PURPOSE_CRL_SIGN 6
\r
423 #define X509_PURPOSE_ANY 7
\r
424 #define X509_PURPOSE_OCSP_HELPER 8
\r
426 #define X509_PURPOSE_MIN 1
\r
427 #define X509_PURPOSE_MAX 8
\r
429 /* Flags for X509V3_EXT_print() */
\r
431 #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
\r
432 /* Return error for unknown extensions */
\r
433 #define X509V3_EXT_DEFAULT 0
\r
434 /* Print error for unknown extensions */
\r
435 #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
\r
436 /* ASN1 parse unknown extensions */
\r
437 #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
\r
438 /* BIO_dump unknown extensions */
\r
439 #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
\r
441 /* Flags for X509V3_add1_i2d */
\r
443 #define X509V3_ADD_OP_MASK 0xfL
\r
444 #define X509V3_ADD_DEFAULT 0L
\r
445 #define X509V3_ADD_APPEND 1L
\r
446 #define X509V3_ADD_REPLACE 2L
\r
447 #define X509V3_ADD_REPLACE_EXISTING 3L
\r
448 #define X509V3_ADD_KEEP_EXISTING 4L
\r
449 #define X509V3_ADD_DELETE 5L
\r
450 #define X509V3_ADD_SILENT 0x10
\r
452 DECLARE_STACK_OF(X509_PURPOSE)
\r
454 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
\r
456 DECLARE_ASN1_FUNCTIONS(SXNET)
\r
457 DECLARE_ASN1_FUNCTIONS(SXNETID)
\r
459 int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
\r
460 int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
\r
461 int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
\r
463 ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
\r
464 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
\r
465 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
\r
467 DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
\r
469 DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
\r
471 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
\r
474 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
\r
475 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
\r
476 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
\r
477 ASN1_BIT_STRING *bits,
\r
478 STACK_OF(CONF_VALUE) *extlist);
\r
480 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
\r
481 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
\r
483 DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
\r
485 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
\r
486 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
\r
487 GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
\r
488 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
\r
490 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
\r
491 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
\r
493 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
\r
494 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
\r
496 DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
\r
497 int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
\r
499 DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
\r
500 DECLARE_ASN1_FUNCTIONS(POLICYINFO)
\r
501 DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
\r
502 DECLARE_ASN1_FUNCTIONS(USERNOTICE)
\r
503 DECLARE_ASN1_FUNCTIONS(NOTICEREF)
\r
505 DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
\r
506 DECLARE_ASN1_FUNCTIONS(DIST_POINT)
\r
507 DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
\r
509 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
\r
510 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
\r
512 DECLARE_ASN1_ITEM(POLICY_MAPPING)
\r
513 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
\r
514 DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
\r
516 DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
\r
517 DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
\r
519 DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
\r
520 DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
\r
522 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
\r
523 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
\r
525 #ifdef HEADER_CONF_H
\r
526 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
\r
528 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
\r
529 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
\r
530 void X509V3_conf_free(CONF_VALUE *val);
\r
532 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
\r
533 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
\r
534 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
\r
535 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
\r
536 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
\r
537 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
\r
539 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
\r
540 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
\r
541 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
\r
542 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
\r
543 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
\r
545 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
\r
546 STACK_OF(CONF_VALUE) **extlist);
\r
547 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
\r
548 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
\r
549 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
\r
550 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
\r
553 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
\r
554 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
\r
555 void X509V3_string_free(X509V3_CTX *ctx, char *str);
\r
556 void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
\r
557 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
\r
558 X509_REQ *req, X509_CRL *crl, int flags);
\r
560 int X509V3_add_value(const char *name, const char *value,
\r
561 STACK_OF(CONF_VALUE) **extlist);
\r
562 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
\r
563 STACK_OF(CONF_VALUE) **extlist);
\r
564 int X509V3_add_value_bool(const char *name, int asn1_bool,
\r
565 STACK_OF(CONF_VALUE) **extlist);
\r
566 int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
\r
567 STACK_OF(CONF_VALUE) **extlist);
\r
568 char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
\r
569 ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
\r
570 char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
\r
571 char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
\r
572 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
\r
573 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
\r
574 int X509V3_EXT_add_alias(int nid_to, int nid_from);
\r
575 void X509V3_EXT_cleanup(void);
\r
577 X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
\r
578 X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
\r
579 int X509V3_add_standard_extensions(void);
\r
580 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
\r
581 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
\r
582 void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
\r
585 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
\r
586 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
\r
588 char *hex_to_string(unsigned char *buffer, long len);
\r
589 unsigned char *string_to_hex(char *str, long *len);
\r
590 int name_cmp(const char *name, const char *cmp);
\r
592 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
\r
594 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
\r
595 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
\r
597 int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
\r
599 int X509_check_ca(X509 *x);
\r
600 int X509_check_purpose(X509 *x, int id, int ca);
\r
601 int X509_supported_extension(X509_EXTENSION *ex);
\r
602 int X509_PURPOSE_set(int *p, int purpose);
\r
603 int X509_check_issued(X509 *issuer, X509 *subject);
\r
604 int X509_PURPOSE_get_count(void);
\r
605 X509_PURPOSE * X509_PURPOSE_get0(int idx);
\r
606 int X509_PURPOSE_get_by_sname(char *sname);
\r
607 int X509_PURPOSE_get_by_id(int id);
\r
608 int X509_PURPOSE_add(int id, int trust, int flags,
\r
609 int (*ck)(const X509_PURPOSE *, const X509 *, int),
\r
610 char *name, char *sname, void *arg);
\r
611 char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
\r
612 char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
\r
613 int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
\r
614 void X509_PURPOSE_cleanup(void);
\r
615 int X509_PURPOSE_get_id(X509_PURPOSE *);
\r
617 STACK *X509_get1_email(X509 *x);
\r
618 STACK *X509_REQ_get1_email(X509_REQ *x);
\r
619 void X509_email_free(STACK *sk);
\r
621 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
\r
622 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
\r
623 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
\r
624 unsigned long chtype);
\r
626 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
\r
628 /* BEGIN ERROR CODES */
\r
629 /* The following lines are auto generated by the script mkerr.pl. Any changes
\r
630 * made after this point may be overwritten when the script is next run.
\r
632 void ERR_load_X509V3_strings(void);
\r
634 /* Error codes for the X509V3 functions. */
\r
636 /* Function codes. */
\r
637 #define X509V3_F_COPY_EMAIL 122
\r
638 #define X509V3_F_COPY_ISSUER 123
\r
639 #define X509V3_F_DO_DIRNAME 144
\r
640 #define X509V3_F_DO_EXT_CONF 124
\r
641 #define X509V3_F_DO_EXT_I2D 135
\r
642 #define X509V3_F_DO_EXT_NCONF 151
\r
643 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
\r
644 #define X509V3_F_HEX_TO_STRING 111
\r
645 #define X509V3_F_I2S_ASN1_ENUMERATED 121
\r
646 #define X509V3_F_I2S_ASN1_IA5STRING 149
\r
647 #define X509V3_F_I2S_ASN1_INTEGER 120
\r
648 #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
\r
649 #define X509V3_F_NOTICE_SECTION 132
\r
650 #define X509V3_F_NREF_NOS 133
\r
651 #define X509V3_F_POLICY_SECTION 131
\r
652 #define X509V3_F_PROCESS_PCI_VALUE 150
\r
653 #define X509V3_F_R2I_CERTPOL 130
\r
654 #define X509V3_F_R2I_PCI 149
\r
655 #define X509V3_F_S2I_ASN1_IA5STRING 100
\r
656 #define X509V3_F_S2I_ASN1_INTEGER 108
\r
657 #define X509V3_F_S2I_ASN1_OCTET_STRING 112
\r
658 #define X509V3_F_S2I_ASN1_SKEY_ID 114
\r
659 #define X509V3_F_S2I_SKEY_ID 115
\r
660 #define X509V3_F_STRING_TO_HEX 113
\r
661 #define X509V3_F_SXNET_ADD_ID_ASC 125
\r
662 #define X509V3_F_SXNET_ADD_ID_INTEGER 126
\r
663 #define X509V3_F_SXNET_ADD_ID_ULONG 127
\r
664 #define X509V3_F_SXNET_GET_ID_ASC 128
\r
665 #define X509V3_F_SXNET_GET_ID_ULONG 129
\r
666 #define X509V3_F_V2I_ASN1_BIT_STRING 101
\r
667 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139
\r
668 #define X509V3_F_V2I_AUTHORITY_KEYID 119
\r
669 #define X509V3_F_V2I_BASIC_CONSTRAINTS 102
\r
670 #define X509V3_F_V2I_CRLD 134
\r
671 #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
\r
672 #define X509V3_F_V2I_GENERAL_NAMES 118
\r
673 #define X509V3_F_V2I_GENERAL_NAME_EX 117
\r
674 #define X509V3_F_V2I_ISSUER_ALT 153
\r
675 #define X509V3_F_V2I_NAME_CONSTRAINTS 147
\r
676 #define X509V3_F_V2I_POLICY_CONSTRAINTS 146
\r
677 #define X509V3_F_V2I_POLICY_MAPPINGS 145
\r
678 #define X509V3_F_V2I_SUBJECT_ALT 154
\r
679 #define X509V3_F_V3_GENERIC_EXTENSION 116
\r
680 #define X509V3_F_X509V3_ADD1_I2D 140
\r
681 #define X509V3_F_X509V3_ADD_VALUE 105
\r
682 #define X509V3_F_X509V3_EXT_ADD 104
\r
683 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106
\r
684 #define X509V3_F_X509V3_EXT_CONF 107
\r
685 #define X509V3_F_X509V3_EXT_I2D 136
\r
686 #define X509V3_F_X509V3_EXT_NCONF 152
\r
687 #define X509V3_F_X509V3_GET_SECTION 142
\r
688 #define X509V3_F_X509V3_GET_STRING 143
\r
689 #define X509V3_F_X509V3_GET_VALUE_BOOL 110
\r
690 #define X509V3_F_X509V3_PARSE_LIST 109
\r
691 #define X509V3_F_X509_PURPOSE_ADD 137
\r
692 #define X509V3_F_X509_PURPOSE_SET 141
\r
694 /* Reason codes. */
\r
695 #define X509V3_R_BAD_IP_ADDRESS 118
\r
696 #define X509V3_R_BAD_OBJECT 119
\r
697 #define X509V3_R_BN_DEC2BN_ERROR 100
\r
698 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
\r
699 #define X509V3_R_DIRNAME_ERROR 149
\r
700 #define X509V3_R_DUPLICATE_ZONE_ID 133
\r
701 #define X509V3_R_ERROR_CONVERTING_ZONE 131
\r
702 #define X509V3_R_ERROR_CREATING_EXTENSION 144
\r
703 #define X509V3_R_ERROR_IN_EXTENSION 128
\r
704 #define X509V3_R_EXPECTED_A_SECTION_NAME 137
\r
705 #define X509V3_R_EXTENSION_EXISTS 145
\r
706 #define X509V3_R_EXTENSION_NAME_ERROR 115
\r
707 #define X509V3_R_EXTENSION_NOT_FOUND 102
\r
708 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
\r
709 #define X509V3_R_EXTENSION_VALUE_ERROR 116
\r
710 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
\r
711 #define X509V3_R_ILLEGAL_HEX_DIGIT 113
\r
712 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
\r
713 #define X509V3_R_INVALID_BOOLEAN_STRING 104
\r
714 #define X509V3_R_INVALID_EXTENSION_STRING 105
\r
715 #define X509V3_R_INVALID_NAME 106
\r
716 #define X509V3_R_INVALID_NULL_ARGUMENT 107
\r
717 #define X509V3_R_INVALID_NULL_NAME 108
\r
718 #define X509V3_R_INVALID_NULL_VALUE 109
\r
719 #define X509V3_R_INVALID_NUMBER 140
\r
720 #define X509V3_R_INVALID_NUMBERS 141
\r
721 #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
\r
722 #define X509V3_R_INVALID_OPTION 138
\r
723 #define X509V3_R_INVALID_POLICY_IDENTIFIER 134
\r
724 #define X509V3_R_INVALID_PROXY_POLICY_SETTING 153
\r
725 #define X509V3_R_INVALID_PURPOSE 146
\r
726 #define X509V3_R_INVALID_SECTION 135
\r
727 #define X509V3_R_INVALID_SYNTAX 143
\r
728 #define X509V3_R_ISSUER_DECODE_ERROR 126
\r
729 #define X509V3_R_MISSING_VALUE 124
\r
730 #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
\r
731 #define X509V3_R_NO_CONFIG_DATABASE 136
\r
732 #define X509V3_R_NO_ISSUER_CERTIFICATE 121
\r
733 #define X509V3_R_NO_ISSUER_DETAILS 127
\r
734 #define X509V3_R_NO_POLICY_IDENTIFIER 139
\r
735 #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
\r
736 #define X509V3_R_NO_PUBLIC_KEY 114
\r
737 #define X509V3_R_NO_SUBJECT_DETAILS 125
\r
738 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112
\r
739 #define X509V3_R_OPERATION_NOT_DEFINED 148
\r
740 #define X509V3_R_OTHERNAME_ERROR 147
\r
741 #define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155
\r
742 #define X509V3_R_POLICY_PATH_LENGTH 156
\r
743 #define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157
\r
744 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
\r
745 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
\r
746 #define X509V3_R_SECTION_NOT_FOUND 150
\r
747 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
\r
748 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
\r
749 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
\r
750 #define X509V3_R_UNKNOWN_EXTENSION 129
\r
751 #define X509V3_R_UNKNOWN_EXTENSION_NAME 130
\r
752 #define X509V3_R_UNKNOWN_OPTION 120
\r
753 #define X509V3_R_UNSUPPORTED_OPTION 117
\r
754 #define X509V3_R_USER_TOO_LONG 132
\r