--- /dev/null
+/* x509v3.h */\r
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL\r
+ * project 1999.\r
+ */\r
+/* ====================================================================\r
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.\r
+ *\r
+ * Redistribution and use in source and binary forms, with or without\r
+ * modification, are permitted provided that the following conditions\r
+ * are met:\r
+ *\r
+ * 1. Redistributions of source code must retain the above copyright\r
+ * notice, this list of conditions and the following disclaimer. \r
+ *\r
+ * 2. Redistributions in binary form must reproduce the above copyright\r
+ * notice, this list of conditions and the following disclaimer in\r
+ * the documentation and/or other materials provided with the\r
+ * distribution.\r
+ *\r
+ * 3. All advertising materials mentioning features or use of this\r
+ * software must display the following acknowledgment:\r
+ * "This product includes software developed by the OpenSSL Project\r
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"\r
+ *\r
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to\r
+ * endorse or promote products derived from this software without\r
+ * prior written permission. For written permission, please contact\r
+ * licensing@OpenSSL.org.\r
+ *\r
+ * 5. Products derived from this software may not be called "OpenSSL"\r
+ * nor may "OpenSSL" appear in their names without prior written\r
+ * permission of the OpenSSL Project.\r
+ *\r
+ * 6. Redistributions of any form whatsoever must retain the following\r
+ * acknowledgment:\r
+ * "This product includes software developed by the OpenSSL Project\r
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"\r
+ *\r
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\r
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\r
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\r
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\r
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\r
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\r
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\r
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\r
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\r
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\r
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\r
+ * OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ * ====================================================================\r
+ *\r
+ * This product includes cryptographic software written by Eric Young\r
+ * (eay@cryptsoft.com). This product includes software written by Tim\r
+ * Hudson (tjh@cryptsoft.com).\r
+ *\r
+ */\r
+#ifndef HEADER_X509V3_H\r
+#define HEADER_X509V3_H\r
+\r
+#include <openssl/bio.h>\r
+#include <openssl/x509.h>\r
+#include <openssl/conf.h>\r
+\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
+/* Forward reference */\r
+struct v3_ext_method;\r
+struct v3_ext_ctx;\r
+\r
+/* Useful typedefs */\r
+\r
+typedef void * (*X509V3_EXT_NEW)(void);\r
+typedef void (*X509V3_EXT_FREE)(void *);\r
+typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);\r
+typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);\r
+typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);\r
+typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);\r
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);\r
+typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);\r
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);\r
+typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);\r
+\r
+/* V3 extension structure */\r
+\r
+struct v3_ext_method {\r
+int ext_nid;\r
+int ext_flags;\r
+/* If this is set the following four fields are ignored */\r
+ASN1_ITEM_EXP *it;\r
+/* Old style ASN1 calls */\r
+X509V3_EXT_NEW ext_new;\r
+X509V3_EXT_FREE ext_free;\r
+X509V3_EXT_D2I d2i;\r
+X509V3_EXT_I2D i2d;\r
+\r
+/* The following pair is used for string extensions */\r
+X509V3_EXT_I2S i2s;\r
+X509V3_EXT_S2I s2i;\r
+\r
+/* The following pair is used for multi-valued extensions */\r
+X509V3_EXT_I2V i2v;\r
+X509V3_EXT_V2I v2i;\r
+\r
+/* The following are used for raw extensions */\r
+X509V3_EXT_I2R i2r;\r
+X509V3_EXT_R2I r2i;\r
+\r
+void *usr_data; /* Any extension specific data */\r
+};\r
+\r
+typedef struct X509V3_CONF_METHOD_st {\r
+char * (*get_string)(void *db, char *section, char *value);\r
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);\r
+void (*free_string)(void *db, char * string);\r
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);\r
+} X509V3_CONF_METHOD;\r
+\r
+/* Context specific info */\r
+struct v3_ext_ctx {\r
+#define CTX_TEST 0x1\r
+int flags;\r
+X509 *issuer_cert;\r
+X509 *subject_cert;\r
+X509_REQ *subject_req;\r
+X509_CRL *crl;\r
+X509V3_CONF_METHOD *db_meth;\r
+void *db;\r
+/* Maybe more here */\r
+};\r
+\r
+typedef struct v3_ext_method X509V3_EXT_METHOD;\r
+\r
+DECLARE_STACK_OF(X509V3_EXT_METHOD)\r
+\r
+/* ext_flags values */\r
+#define X509V3_EXT_DYNAMIC 0x1\r
+#define X509V3_EXT_CTX_DEP 0x2\r
+#define X509V3_EXT_MULTILINE 0x4\r
+\r
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;\r
+\r
+typedef struct BASIC_CONSTRAINTS_st {\r
+int ca;\r
+ASN1_INTEGER *pathlen;\r
+} BASIC_CONSTRAINTS;\r
+\r
+\r
+typedef struct PKEY_USAGE_PERIOD_st {\r
+ASN1_GENERALIZEDTIME *notBefore;\r
+ASN1_GENERALIZEDTIME *notAfter;\r
+} PKEY_USAGE_PERIOD;\r
+\r
+typedef struct otherName_st {\r
+ASN1_OBJECT *type_id;\r
+ASN1_TYPE *value;\r
+} OTHERNAME;\r
+\r
+typedef struct EDIPartyName_st {\r
+ ASN1_STRING *nameAssigner;\r
+ ASN1_STRING *partyName;\r
+} EDIPARTYNAME;\r
+\r
+typedef struct GENERAL_NAME_st {\r
+\r
+#define GEN_OTHERNAME 0\r
+#define GEN_EMAIL 1\r
+#define GEN_DNS 2\r
+#define GEN_X400 3\r
+#define GEN_DIRNAME 4\r
+#define GEN_EDIPARTY 5\r
+#define GEN_URI 6\r
+#define GEN_IPADD 7\r
+#define GEN_RID 8\r
+\r
+int type;\r
+union {\r
+ char *ptr;\r
+ OTHERNAME *otherName; /* otherName */\r
+ ASN1_IA5STRING *rfc822Name;\r
+ ASN1_IA5STRING *dNSName;\r
+ ASN1_TYPE *x400Address;\r
+ X509_NAME *directoryName;\r
+ EDIPARTYNAME *ediPartyName;\r
+ ASN1_IA5STRING *uniformResourceIdentifier;\r
+ ASN1_OCTET_STRING *iPAddress;\r
+ ASN1_OBJECT *registeredID;\r
+\r
+ /* Old names */\r
+ ASN1_OCTET_STRING *ip; /* iPAddress */\r
+ X509_NAME *dirn; /* dirn */\r
+ ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */\r
+ ASN1_OBJECT *rid; /* registeredID */\r
+ ASN1_TYPE *other; /* x400Address */\r
+} d;\r
+} GENERAL_NAME;\r
+\r
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;\r
+\r
+typedef struct ACCESS_DESCRIPTION_st {\r
+ ASN1_OBJECT *method;\r
+ GENERAL_NAME *location;\r
+} ACCESS_DESCRIPTION;\r
+\r
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;\r
+\r
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;\r
+\r
+DECLARE_STACK_OF(GENERAL_NAME)\r
+DECLARE_ASN1_SET_OF(GENERAL_NAME)\r
+\r
+DECLARE_STACK_OF(ACCESS_DESCRIPTION)\r
+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)\r
+\r
+typedef struct DIST_POINT_NAME_st {\r
+int type;\r
+union {\r
+ GENERAL_NAMES *fullname;\r
+ STACK_OF(X509_NAME_ENTRY) *relativename;\r
+} name;\r
+} DIST_POINT_NAME;\r
+\r
+typedef struct DIST_POINT_st {\r
+DIST_POINT_NAME *distpoint;\r
+ASN1_BIT_STRING *reasons;\r
+GENERAL_NAMES *CRLissuer;\r
+} DIST_POINT;\r
+\r
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;\r
+\r
+DECLARE_STACK_OF(DIST_POINT)\r
+DECLARE_ASN1_SET_OF(DIST_POINT)\r
+\r
+typedef struct AUTHORITY_KEYID_st {\r
+ASN1_OCTET_STRING *keyid;\r
+GENERAL_NAMES *issuer;\r
+ASN1_INTEGER *serial;\r
+} AUTHORITY_KEYID;\r
+\r
+/* Strong extranet structures */\r
+\r
+typedef struct SXNET_ID_st {\r
+ ASN1_INTEGER *zone;\r
+ ASN1_OCTET_STRING *user;\r
+} SXNETID;\r
+\r
+DECLARE_STACK_OF(SXNETID)\r
+DECLARE_ASN1_SET_OF(SXNETID)\r
+\r
+typedef struct SXNET_st {\r
+ ASN1_INTEGER *version;\r
+ STACK_OF(SXNETID) *ids;\r
+} SXNET;\r
+\r
+typedef struct NOTICEREF_st {\r
+ ASN1_STRING *organization;\r
+ STACK_OF(ASN1_INTEGER) *noticenos;\r
+} NOTICEREF;\r
+\r
+typedef struct USERNOTICE_st {\r
+ NOTICEREF *noticeref;\r
+ ASN1_STRING *exptext;\r
+} USERNOTICE;\r
+\r
+typedef struct POLICYQUALINFO_st {\r
+ ASN1_OBJECT *pqualid;\r
+ union {\r
+ ASN1_IA5STRING *cpsuri;\r
+ USERNOTICE *usernotice;\r
+ ASN1_TYPE *other;\r
+ } d;\r
+} POLICYQUALINFO;\r
+\r
+DECLARE_STACK_OF(POLICYQUALINFO)\r
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)\r
+\r
+typedef struct POLICYINFO_st {\r
+ ASN1_OBJECT *policyid;\r
+ STACK_OF(POLICYQUALINFO) *qualifiers;\r
+} POLICYINFO;\r
+\r
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;\r
+\r
+DECLARE_STACK_OF(POLICYINFO)\r
+DECLARE_ASN1_SET_OF(POLICYINFO)\r
+\r
+typedef struct POLICY_MAPPING_st {\r
+ ASN1_OBJECT *issuerDomainPolicy;\r
+ ASN1_OBJECT *subjectDomainPolicy;\r
+} POLICY_MAPPING;\r
+\r
+DECLARE_STACK_OF(POLICY_MAPPING)\r
+\r
+typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;\r
+\r
+typedef struct GENERAL_SUBTREE_st {\r
+ GENERAL_NAME *base;\r
+ ASN1_INTEGER *minimum;\r
+ ASN1_INTEGER *maximum;\r
+} GENERAL_SUBTREE;\r
+\r
+DECLARE_STACK_OF(GENERAL_SUBTREE)\r
+\r
+typedef struct NAME_CONSTRAINTS_st {\r
+ STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;\r
+ STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;\r
+} NAME_CONSTRAINTS;\r
+\r
+typedef struct POLICY_CONSTRAINTS_st {\r
+ ASN1_INTEGER *requireExplicitPolicy;\r
+ ASN1_INTEGER *inhibitPolicyMapping;\r
+} POLICY_CONSTRAINTS;\r
+\r
+/* Proxy certificate structures, see RFC 3820 */\r
+typedef struct PROXY_POLICY_st\r
+ {\r
+ ASN1_OBJECT *policyLanguage;\r
+ ASN1_OCTET_STRING *policy;\r
+ } PROXY_POLICY;\r
+\r
+typedef struct PROXY_CERT_INFO_EXTENSION_st\r
+ {\r
+ ASN1_INTEGER *pcPathLengthConstraint;\r
+ PROXY_POLICY *proxyPolicy;\r
+ } PROXY_CERT_INFO_EXTENSION;\r
+\r
+DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)\r
+DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)\r
+\r
+\r
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \\r
+",name:", val->name, ",value:", val->value);\r
+\r
+#define X509V3_set_ctx_test(ctx) \\r
+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)\r
+#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;\r
+\r
+#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \\r
+ 0,0,0,0, \\r
+ 0,0, \\r
+ (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \\r
+ (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \\r
+ NULL, NULL, \\r
+ table}\r
+\r
+#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \\r
+ 0,0,0,0, \\r
+ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \\r
+ (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \\r
+ 0,0,0,0, \\r
+ NULL}\r
+\r
+#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}\r
+\r
+\r
+/* X509_PURPOSE stuff */\r
+\r
+#define EXFLAG_BCONS 0x1\r
+#define EXFLAG_KUSAGE 0x2\r
+#define EXFLAG_XKUSAGE 0x4\r
+#define EXFLAG_NSCERT 0x8\r
+\r
+#define EXFLAG_CA 0x10\r
+#define EXFLAG_SS 0x20\r
+#define EXFLAG_V1 0x40\r
+#define EXFLAG_INVALID 0x80\r
+#define EXFLAG_SET 0x100\r
+#define EXFLAG_CRITICAL 0x200\r
+#define EXFLAG_PROXY 0x400\r
+\r
+#define EXFLAG_INVALID_POLICY 0x400\r
+\r
+#define KU_DIGITAL_SIGNATURE 0x0080\r
+#define KU_NON_REPUDIATION 0x0040\r
+#define KU_KEY_ENCIPHERMENT 0x0020\r
+#define KU_DATA_ENCIPHERMENT 0x0010\r
+#define KU_KEY_AGREEMENT 0x0008\r
+#define KU_KEY_CERT_SIGN 0x0004\r
+#define KU_CRL_SIGN 0x0002\r
+#define KU_ENCIPHER_ONLY 0x0001\r
+#define KU_DECIPHER_ONLY 0x8000\r
+\r
+#define NS_SSL_CLIENT 0x80\r
+#define NS_SSL_SERVER 0x40\r
+#define NS_SMIME 0x20\r
+#define NS_OBJSIGN 0x10\r
+#define NS_SSL_CA 0x04\r
+#define NS_SMIME_CA 0x02\r
+#define NS_OBJSIGN_CA 0x01\r
+#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)\r
+\r
+#define XKU_SSL_SERVER 0x1 \r
+#define XKU_SSL_CLIENT 0x2\r
+#define XKU_SMIME 0x4\r
+#define XKU_CODE_SIGN 0x8\r
+#define XKU_SGC 0x10\r
+#define XKU_OCSP_SIGN 0x20\r
+#define XKU_TIMESTAMP 0x40\r
+#define XKU_DVCS 0x80\r
+\r
+#define X509_PURPOSE_DYNAMIC 0x1\r
+#define X509_PURPOSE_DYNAMIC_NAME 0x2\r
+\r
+typedef struct x509_purpose_st {\r
+ int purpose;\r
+ int trust; /* Default trust ID */\r
+ int flags;\r
+ int (*check_purpose)(const struct x509_purpose_st *,\r
+ const X509 *, int);\r
+ char *name;\r
+ char *sname;\r
+ void *usr_data;\r
+} X509_PURPOSE;\r
+\r
+#define X509_PURPOSE_SSL_CLIENT 1\r
+#define X509_PURPOSE_SSL_SERVER 2\r
+#define X509_PURPOSE_NS_SSL_SERVER 3\r
+#define X509_PURPOSE_SMIME_SIGN 4\r
+#define X509_PURPOSE_SMIME_ENCRYPT 5\r
+#define X509_PURPOSE_CRL_SIGN 6\r
+#define X509_PURPOSE_ANY 7\r
+#define X509_PURPOSE_OCSP_HELPER 8\r
+\r
+#define X509_PURPOSE_MIN 1\r
+#define X509_PURPOSE_MAX 8\r
+\r
+/* Flags for X509V3_EXT_print() */\r
+\r
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)\r
+/* Return error for unknown extensions */\r
+#define X509V3_EXT_DEFAULT 0\r
+/* Print error for unknown extensions */\r
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)\r
+/* ASN1 parse unknown extensions */\r
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)\r
+/* BIO_dump unknown extensions */\r
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)\r
+\r
+/* Flags for X509V3_add1_i2d */\r
+\r
+#define X509V3_ADD_OP_MASK 0xfL\r
+#define X509V3_ADD_DEFAULT 0L\r
+#define X509V3_ADD_APPEND 1L\r
+#define X509V3_ADD_REPLACE 2L\r
+#define X509V3_ADD_REPLACE_EXISTING 3L\r
+#define X509V3_ADD_KEEP_EXISTING 4L\r
+#define X509V3_ADD_DELETE 5L\r
+#define X509V3_ADD_SILENT 0x10\r
+\r
+DECLARE_STACK_OF(X509_PURPOSE)\r
+\r
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)\r
+\r
+DECLARE_ASN1_FUNCTIONS(SXNET)\r
+DECLARE_ASN1_FUNCTIONS(SXNETID)\r
+\r
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); \r
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); \r
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); \r
+\r
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);\r
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);\r
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);\r
+\r
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)\r
+\r
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)\r
+\r
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)\r
+\r
+\r
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,\r
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);\r
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,\r
+ ASN1_BIT_STRING *bits,\r
+ STACK_OF(CONF_VALUE) *extlist);\r
+\r
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);\r
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);\r
+\r
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)\r
+\r
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,\r
+ GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);\r
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,\r
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);\r
+\r
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)\r
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)\r
+\r
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);\r
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);\r
+\r
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)\r
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);\r
+\r
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)\r
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)\r
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)\r
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)\r
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)\r
+\r
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)\r
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)\r
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)\r
+\r
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)\r
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)\r
+\r
+DECLARE_ASN1_ITEM(POLICY_MAPPING)\r
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)\r
+DECLARE_ASN1_ITEM(POLICY_MAPPINGS)\r
+\r
+DECLARE_ASN1_ITEM(GENERAL_SUBTREE)\r
+DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)\r
+\r
+DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)\r
+DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)\r
+\r
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)\r
+DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)\r
+\r
+#ifdef HEADER_CONF_H\r
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,\r
+ CONF_VALUE *cnf);\r
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,\r
+ X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);\r
+void X509V3_conf_free(CONF_VALUE *val);\r
+\r
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);\r
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);\r
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);\r
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);\r
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);\r
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);\r
+\r
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);\r
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);\r
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);\r
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);\r
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);\r
+\r
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,\r
+ STACK_OF(CONF_VALUE) **extlist);\r
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);\r
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);\r
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);\r
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);\r
+#endif\r
+\r
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);\r
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);\r
+void X509V3_string_free(X509V3_CTX *ctx, char *str);\r
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);\r
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,\r
+ X509_REQ *req, X509_CRL *crl, int flags);\r
+\r
+int X509V3_add_value(const char *name, const char *value,\r
+ STACK_OF(CONF_VALUE) **extlist);\r
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,\r
+ STACK_OF(CONF_VALUE) **extlist);\r
+int X509V3_add_value_bool(const char *name, int asn1_bool,\r
+ STACK_OF(CONF_VALUE) **extlist);\r
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,\r
+ STACK_OF(CONF_VALUE) **extlist);\r
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);\r
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);\r
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);\r
+char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);\r
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);\r
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);\r
+int X509V3_EXT_add_alias(int nid_to, int nid_from);\r
+void X509V3_EXT_cleanup(void);\r
+\r
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);\r
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);\r
+int X509V3_add_standard_extensions(void);\r
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);\r
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);\r
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);\r
+\r
+\r
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);\r
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);\r
+\r
+char *hex_to_string(unsigned char *buffer, long len);\r
+unsigned char *string_to_hex(char *str, long *len);\r
+int name_cmp(const char *name, const char *cmp);\r
+\r
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,\r
+ int ml);\r
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);\r
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);\r
+\r
+int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);\r
+\r
+int X509_check_ca(X509 *x);\r
+int X509_check_purpose(X509 *x, int id, int ca);\r
+int X509_supported_extension(X509_EXTENSION *ex);\r
+int X509_PURPOSE_set(int *p, int purpose);\r
+int X509_check_issued(X509 *issuer, X509 *subject);\r
+int X509_PURPOSE_get_count(void);\r
+X509_PURPOSE * X509_PURPOSE_get0(int idx);\r
+int X509_PURPOSE_get_by_sname(char *sname);\r
+int X509_PURPOSE_get_by_id(int id);\r
+int X509_PURPOSE_add(int id, int trust, int flags,\r
+ int (*ck)(const X509_PURPOSE *, const X509 *, int),\r
+ char *name, char *sname, void *arg);\r
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);\r
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);\r
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp);\r
+void X509_PURPOSE_cleanup(void);\r
+int X509_PURPOSE_get_id(X509_PURPOSE *);\r
+\r
+STACK *X509_get1_email(X509 *x);\r
+STACK *X509_REQ_get1_email(X509_REQ *x);\r
+void X509_email_free(STACK *sk);\r
+\r
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);\r
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);\r
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,\r
+ unsigned long chtype);\r
+\r
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);\r
+\r
+/* BEGIN ERROR CODES */\r
+/* The following lines are auto generated by the script mkerr.pl. Any changes\r
+ * made after this point may be overwritten when the script is next run.\r
+ */\r
+void ERR_load_X509V3_strings(void);\r
+\r
+/* Error codes for the X509V3 functions. */\r
+\r
+/* Function codes. */\r
+#define X509V3_F_COPY_EMAIL 122\r
+#define X509V3_F_COPY_ISSUER 123\r
+#define X509V3_F_DO_DIRNAME 144\r
+#define X509V3_F_DO_EXT_CONF 124\r
+#define X509V3_F_DO_EXT_I2D 135\r
+#define X509V3_F_DO_EXT_NCONF 151\r
+#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148\r
+#define X509V3_F_HEX_TO_STRING 111\r
+#define X509V3_F_I2S_ASN1_ENUMERATED 121\r
+#define X509V3_F_I2S_ASN1_IA5STRING 149\r
+#define X509V3_F_I2S_ASN1_INTEGER 120\r
+#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138\r
+#define X509V3_F_NOTICE_SECTION 132\r
+#define X509V3_F_NREF_NOS 133\r
+#define X509V3_F_POLICY_SECTION 131\r
+#define X509V3_F_PROCESS_PCI_VALUE 150\r
+#define X509V3_F_R2I_CERTPOL 130\r
+#define X509V3_F_R2I_PCI 149\r
+#define X509V3_F_S2I_ASN1_IA5STRING 100\r
+#define X509V3_F_S2I_ASN1_INTEGER 108\r
+#define X509V3_F_S2I_ASN1_OCTET_STRING 112\r
+#define X509V3_F_S2I_ASN1_SKEY_ID 114\r
+#define X509V3_F_S2I_SKEY_ID 115\r
+#define X509V3_F_STRING_TO_HEX 113\r
+#define X509V3_F_SXNET_ADD_ID_ASC 125\r
+#define X509V3_F_SXNET_ADD_ID_INTEGER 126\r
+#define X509V3_F_SXNET_ADD_ID_ULONG 127\r
+#define X509V3_F_SXNET_GET_ID_ASC 128\r
+#define X509V3_F_SXNET_GET_ID_ULONG 129\r
+#define X509V3_F_V2I_ASN1_BIT_STRING 101\r
+#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139\r
+#define X509V3_F_V2I_AUTHORITY_KEYID 119\r
+#define X509V3_F_V2I_BASIC_CONSTRAINTS 102\r
+#define X509V3_F_V2I_CRLD 134\r
+#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103\r
+#define X509V3_F_V2I_GENERAL_NAMES 118\r
+#define X509V3_F_V2I_GENERAL_NAME_EX 117\r
+#define X509V3_F_V2I_ISSUER_ALT 153\r
+#define X509V3_F_V2I_NAME_CONSTRAINTS 147\r
+#define X509V3_F_V2I_POLICY_CONSTRAINTS 146\r
+#define X509V3_F_V2I_POLICY_MAPPINGS 145\r
+#define X509V3_F_V2I_SUBJECT_ALT 154\r
+#define X509V3_F_V3_GENERIC_EXTENSION 116\r
+#define X509V3_F_X509V3_ADD1_I2D 140\r
+#define X509V3_F_X509V3_ADD_VALUE 105\r
+#define X509V3_F_X509V3_EXT_ADD 104\r
+#define X509V3_F_X509V3_EXT_ADD_ALIAS 106\r
+#define X509V3_F_X509V3_EXT_CONF 107\r
+#define X509V3_F_X509V3_EXT_I2D 136\r
+#define X509V3_F_X509V3_EXT_NCONF 152\r
+#define X509V3_F_X509V3_GET_SECTION 142\r
+#define X509V3_F_X509V3_GET_STRING 143\r
+#define X509V3_F_X509V3_GET_VALUE_BOOL 110\r
+#define X509V3_F_X509V3_PARSE_LIST 109\r
+#define X509V3_F_X509_PURPOSE_ADD 137\r
+#define X509V3_F_X509_PURPOSE_SET 141\r
+\r
+/* Reason codes. */\r
+#define X509V3_R_BAD_IP_ADDRESS 118\r
+#define X509V3_R_BAD_OBJECT 119\r
+#define X509V3_R_BN_DEC2BN_ERROR 100\r
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101\r
+#define X509V3_R_DIRNAME_ERROR 149\r
+#define X509V3_R_DUPLICATE_ZONE_ID 133\r
+#define X509V3_R_ERROR_CONVERTING_ZONE 131\r
+#define X509V3_R_ERROR_CREATING_EXTENSION 144\r
+#define X509V3_R_ERROR_IN_EXTENSION 128\r
+#define X509V3_R_EXPECTED_A_SECTION_NAME 137\r
+#define X509V3_R_EXTENSION_EXISTS 145\r
+#define X509V3_R_EXTENSION_NAME_ERROR 115\r
+#define X509V3_R_EXTENSION_NOT_FOUND 102\r
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103\r
+#define X509V3_R_EXTENSION_VALUE_ERROR 116\r
+#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151\r
+#define X509V3_R_ILLEGAL_HEX_DIGIT 113\r
+#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152\r
+#define X509V3_R_INVALID_BOOLEAN_STRING 104\r
+#define X509V3_R_INVALID_EXTENSION_STRING 105\r
+#define X509V3_R_INVALID_NAME 106\r
+#define X509V3_R_INVALID_NULL_ARGUMENT 107\r
+#define X509V3_R_INVALID_NULL_NAME 108\r
+#define X509V3_R_INVALID_NULL_VALUE 109\r
+#define X509V3_R_INVALID_NUMBER 140\r
+#define X509V3_R_INVALID_NUMBERS 141\r
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110\r
+#define X509V3_R_INVALID_OPTION 138\r
+#define X509V3_R_INVALID_POLICY_IDENTIFIER 134\r
+#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153\r
+#define X509V3_R_INVALID_PURPOSE 146\r
+#define X509V3_R_INVALID_SECTION 135\r
+#define X509V3_R_INVALID_SYNTAX 143\r
+#define X509V3_R_ISSUER_DECODE_ERROR 126\r
+#define X509V3_R_MISSING_VALUE 124\r
+#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142\r
+#define X509V3_R_NO_CONFIG_DATABASE 136\r
+#define X509V3_R_NO_ISSUER_CERTIFICATE 121\r
+#define X509V3_R_NO_ISSUER_DETAILS 127\r
+#define X509V3_R_NO_POLICY_IDENTIFIER 139\r
+#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154\r
+#define X509V3_R_NO_PUBLIC_KEY 114\r
+#define X509V3_R_NO_SUBJECT_DETAILS 125\r
+#define X509V3_R_ODD_NUMBER_OF_DIGITS 112\r
+#define X509V3_R_OPERATION_NOT_DEFINED 148\r
+#define X509V3_R_OTHERNAME_ERROR 147\r
+#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155\r
+#define X509V3_R_POLICY_PATH_LENGTH 156\r
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157\r
+#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158\r
+#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159\r
+#define X509V3_R_SECTION_NOT_FOUND 150\r
+#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122\r
+#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123\r
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111\r
+#define X509V3_R_UNKNOWN_EXTENSION 129\r
+#define X509V3_R_UNKNOWN_EXTENSION_NAME 130\r
+#define X509V3_R_UNKNOWN_OPTION 120\r
+#define X509V3_R_UNSUPPORTED_OPTION 117\r
+#define X509V3_R_USER_TOO_LONG 132\r
+\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
+#endif\r