x509v3.h revision 160814
192372Sphk/* x509v3.h */ 292372Sphk/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 392372Sphk * project 1999. 492372Sphk */ 592372Sphk/* ==================================================================== 692372Sphk * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 792372Sphk * 892372Sphk * Redistribution and use in source and binary forms, with or without 992372Sphk * modification, are permitted provided that the following conditions 1092372Sphk * are met: 1192372Sphk * 1292372Sphk * 1. Redistributions of source code must retain the above copyright 1392372Sphk * notice, this list of conditions and the following disclaimer. 1492372Sphk * 1592372Sphk * 2. Redistributions in binary form must reproduce the above copyright 1692372Sphk * notice, this list of conditions and the following disclaimer in 1792372Sphk * the documentation and/or other materials provided with the 1892372Sphk * distribution. 1992372Sphk * 2092372Sphk * 3. All advertising materials mentioning features or use of this 2192372Sphk * software must display the following acknowledgment: 2292372Sphk * "This product includes software developed by the OpenSSL Project 2392372Sphk * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2492372Sphk * 2592372Sphk * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2692372Sphk * endorse or promote products derived from this software without 2792372Sphk * prior written permission. For written permission, please contact 2892372Sphk * licensing@OpenSSL.org. 2992372Sphk * 3092372Sphk * 5. Products derived from this software may not be called "OpenSSL" 3192372Sphk * nor may "OpenSSL" appear in their names without prior written 3292372Sphk * permission of the OpenSSL Project. 3392372Sphk * 3492372Sphk * 6. Redistributions of any form whatsoever must retain the following 3592372Sphk * acknowledgment: 3692372Sphk * "This product includes software developed by the OpenSSL Project 3792372Sphk * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3892372Sphk * 3992372Sphk * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40113011Sphk * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4192372Sphk * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4292372Sphk * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4392372Sphk * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4492372Sphk * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4592372Sphk * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4692372Sphk * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4792372Sphk * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48113819Sphk * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4992372Sphk * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5092372Sphk * OF THE POSSIBILITY OF SUCH DAMAGE. 5192372Sphk * ==================================================================== 5292372Sphk * 5397075Sphk * This product includes cryptographic software written by Eric Young 5492372Sphk * (eay@cryptsoft.com). This product includes software written by Tim 5592372Sphk * Hudson (tjh@cryptsoft.com). 56110183Sphk * 57106100Sphk */ 58106100Sphk#ifndef HEADER_X509V3_H 59106100Sphk#define HEADER_X509V3_H 6092372Sphk 6192372Sphk#include <openssl/bio.h> 6292372Sphk#include <openssl/x509.h> 63110183Sphk#include <openssl/conf.h> 64110183Sphk 65110183Sphk#ifdef __cplusplus 66110183Sphkextern "C" { 67113819Sphk#endif 68110183Sphk 69113819Sphk/* Forward reference */ 70113819Sphkstruct v3_ext_method; 71113819Sphkstruct v3_ext_ctx; 72110183Sphk 73113819Sphk/* Useful typedefs */ 74110183Sphk 75113819Sphktypedef void * (*X509V3_EXT_NEW)(void); 76113819Sphktypedef void (*X509V3_EXT_FREE)(void *); 77113819Sphktypedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); 78110183Sphktypedef int (*X509V3_EXT_I2D)(void *, unsigned char **); 79110183Sphktypedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); 80110183Sphktypedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); 81110183Sphktypedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); 82110183Sphktypedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); 83110183Sphktypedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); 84110183Sphktypedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); 85110183Sphk 86113819Sphk/* V3 extension structure */ 87113819Sphk 88113819Sphkstruct v3_ext_method { 89110183Sphkint ext_nid; 90110183Sphkint ext_flags; 91110183Sphk/* If this is set the following four fields are ignored */ 92110183SphkASN1_ITEM_EXP *it; 93110183Sphk/* Old style ASN1 calls */ 94110183SphkX509V3_EXT_NEW ext_new; 95113819SphkX509V3_EXT_FREE ext_free; 96113819SphkX509V3_EXT_D2I d2i; 97113819SphkX509V3_EXT_I2D i2d; 98110183Sphk 99110183Sphk/* The following pair is used for string extensions */ 100110183SphkX509V3_EXT_I2S i2s; 101110183SphkX509V3_EXT_S2I s2i; 102113821Sphk 103113821Sphk/* The following pair is used for multi-valued extensions */ 104113821SphkX509V3_EXT_I2V i2v; 105113821SphkX509V3_EXT_V2I v2i; 106113821Sphk 107113821Sphk/* The following are used for raw extensions */ 108113821SphkX509V3_EXT_I2R i2r; 109113821SphkX509V3_EXT_R2I r2i; 110113821Sphk 111113821Sphkvoid *usr_data; /* Any extension specific data */ 112113821Sphk}; 113113821Sphk 114113821Sphktypedef struct X509V3_CONF_METHOD_st { 115113821Sphkchar * (*get_string)(void *db, char *section, char *value); 116113821SphkSTACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); 117113821Sphkvoid (*free_string)(void *db, char * string); 118113821Sphkvoid (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); 119113821Sphk} X509V3_CONF_METHOD; 120113821Sphk 121113821Sphk/* Context specific info */ 122113821Sphkstruct v3_ext_ctx { 123113821Sphk#define CTX_TEST 0x1 124113821Sphkint flags; 125113821SphkX509 *issuer_cert; 126113821SphkX509 *subject_cert; 127113821SphkX509_REQ *subject_req; 128113821SphkX509_CRL *crl; 129113821SphkX509V3_CONF_METHOD *db_meth; 130113821Sphkvoid *db; 131113821Sphk/* Maybe more here */ 132113821Sphk}; 133113821Sphk 134113821Sphktypedef struct v3_ext_method X509V3_EXT_METHOD; 13592372Sphk 136107953SphkDECLARE_STACK_OF(X509V3_EXT_METHOD) 13792372Sphk 138106100Sphk/* ext_flags values */ 139106100Sphk#define X509V3_EXT_DYNAMIC 0x1 14092372Sphk#define X509V3_EXT_CTX_DEP 0x2 141106100Sphk#define X509V3_EXT_MULTILINE 0x4 142106100Sphk 14392372Sphktypedef BIT_STRING_BITNAME ENUMERATED_NAMES; 144106100Sphk 145106100Sphktypedef struct BASIC_CONSTRAINTS_st { 146106100Sphkint ca; 147106100SphkASN1_INTEGER *pathlen; 14892372Sphk} BASIC_CONSTRAINTS; 14992372Sphk 15092372Sphk 15193250Sphktypedef struct PKEY_USAGE_PERIOD_st { 15292372SphkASN1_GENERALIZEDTIME *notBefore; 15392372SphkASN1_GENERALIZEDTIME *notAfter; 15492372Sphk} PKEY_USAGE_PERIOD; 155113819Sphk 15692372Sphktypedef struct otherName_st { 15792372SphkASN1_OBJECT *type_id; 15892372SphkASN1_TYPE *value; 15994287Sphk} OTHERNAME; 16092372Sphk 16192372Sphktypedef struct EDIPartyName_st { 16292372Sphk ASN1_STRING *nameAssigner; 16392372Sphk ASN1_STRING *partyName; 16493358Sphk} EDIPARTYNAME; 16592372Sphk 166113879Sphktypedef struct GENERAL_NAME_st { 16792372Sphk 16892372Sphk#define GEN_OTHERNAME 0 16994287Sphk#define GEN_EMAIL 1 17092372Sphk#define GEN_DNS 2 17192372Sphk#define GEN_X400 3 172113285Sphk#define GEN_DIRNAME 4 17392372Sphk#define GEN_EDIPARTY 5 17492372Sphk#define GEN_URI 6 175110183Sphk#define GEN_IPADD 7 176110183Sphk#define GEN_RID 8 177105551Sphk 178105551Sphkint type; 179113880Sphkunion { 180110183Sphk char *ptr; 181113880Sphk OTHERNAME *otherName; /* otherName */ 18292372Sphk ASN1_IA5STRING *rfc822Name; 18392372Sphk ASN1_IA5STRING *dNSName; 184110183Sphk ASN1_TYPE *x400Address; 185110183Sphk X509_NAME *directoryName; 18692372Sphk EDIPARTYNAME *ediPartyName; 18792372Sphk ASN1_IA5STRING *uniformResourceIdentifier; 188110183Sphk ASN1_OCTET_STRING *iPAddress; 189107956Sphk ASN1_OBJECT *registeredID; 190107956Sphk 191107956Sphk /* Old names */ 192107956Sphk ASN1_OCTET_STRING *ip; /* iPAddress */ 193110183Sphk X509_NAME *dirn; /* dirn */ 194113821Sphk ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ 195113821Sphk ASN1_OBJECT *rid; /* registeredID */ 196113821Sphk ASN1_TYPE *other; /* x400Address */ 197107956Sphk} d; 198107956Sphk} GENERAL_NAME; 19992372Sphk 20092372Sphktypedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; 20193248Sphk 202112552Sphktypedef struct ACCESS_DESCRIPTION_st { 203112552Sphk ASN1_OBJECT *method; 20498066Sphk GENERAL_NAME *location; 20592372Sphk} ACCESS_DESCRIPTION; 20692372Sphk 20793248Sphktypedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; 208 209typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; 210 211DECLARE_STACK_OF(GENERAL_NAME) 212DECLARE_ASN1_SET_OF(GENERAL_NAME) 213 214DECLARE_STACK_OF(ACCESS_DESCRIPTION) 215DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) 216 217typedef struct DIST_POINT_NAME_st { 218int type; 219union { 220 GENERAL_NAMES *fullname; 221 STACK_OF(X509_NAME_ENTRY) *relativename; 222} name; 223} DIST_POINT_NAME; 224 225typedef struct DIST_POINT_st { 226DIST_POINT_NAME *distpoint; 227ASN1_BIT_STRING *reasons; 228GENERAL_NAMES *CRLissuer; 229} DIST_POINT; 230 231typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; 232 233DECLARE_STACK_OF(DIST_POINT) 234DECLARE_ASN1_SET_OF(DIST_POINT) 235 236typedef struct AUTHORITY_KEYID_st { 237ASN1_OCTET_STRING *keyid; 238GENERAL_NAMES *issuer; 239ASN1_INTEGER *serial; 240} AUTHORITY_KEYID; 241 242/* Strong extranet structures */ 243 244typedef struct SXNET_ID_st { 245 ASN1_INTEGER *zone; 246 ASN1_OCTET_STRING *user; 247} SXNETID; 248 249DECLARE_STACK_OF(SXNETID) 250DECLARE_ASN1_SET_OF(SXNETID) 251 252typedef struct SXNET_st { 253 ASN1_INTEGER *version; 254 STACK_OF(SXNETID) *ids; 255} SXNET; 256 257typedef struct NOTICEREF_st { 258 ASN1_STRING *organization; 259 STACK_OF(ASN1_INTEGER) *noticenos; 260} NOTICEREF; 261 262typedef struct USERNOTICE_st { 263 NOTICEREF *noticeref; 264 ASN1_STRING *exptext; 265} USERNOTICE; 266 267typedef struct POLICYQUALINFO_st { 268 ASN1_OBJECT *pqualid; 269 union { 270 ASN1_IA5STRING *cpsuri; 271 USERNOTICE *usernotice; 272 ASN1_TYPE *other; 273 } d; 274} POLICYQUALINFO; 275 276DECLARE_STACK_OF(POLICYQUALINFO) 277DECLARE_ASN1_SET_OF(POLICYQUALINFO) 278 279typedef struct POLICYINFO_st { 280 ASN1_OBJECT *policyid; 281 STACK_OF(POLICYQUALINFO) *qualifiers; 282} POLICYINFO; 283 284typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; 285 286DECLARE_STACK_OF(POLICYINFO) 287DECLARE_ASN1_SET_OF(POLICYINFO) 288 289typedef struct POLICY_MAPPING_st { 290 ASN1_OBJECT *issuerDomainPolicy; 291 ASN1_OBJECT *subjectDomainPolicy; 292} POLICY_MAPPING; 293 294DECLARE_STACK_OF(POLICY_MAPPING) 295 296typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; 297 298typedef struct GENERAL_SUBTREE_st { 299 GENERAL_NAME *base; 300 ASN1_INTEGER *minimum; 301 ASN1_INTEGER *maximum; 302} GENERAL_SUBTREE; 303 304DECLARE_STACK_OF(GENERAL_SUBTREE) 305 306typedef struct NAME_CONSTRAINTS_st { 307 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; 308 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; 309} NAME_CONSTRAINTS; 310 311typedef struct POLICY_CONSTRAINTS_st { 312 ASN1_INTEGER *requireExplicitPolicy; 313 ASN1_INTEGER *inhibitPolicyMapping; 314} POLICY_CONSTRAINTS; 315 316/* Proxy certificate structures, see RFC 3820 */ 317typedef struct PROXY_POLICY_st 318 { 319 ASN1_OBJECT *policyLanguage; 320 ASN1_OCTET_STRING *policy; 321 } PROXY_POLICY; 322 323typedef struct PROXY_CERT_INFO_EXTENSION_st 324 { 325 ASN1_INTEGER *pcPathLengthConstraint; 326 PROXY_POLICY *proxyPolicy; 327 } PROXY_CERT_INFO_EXTENSION; 328 329DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) 330DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) 331 332 333#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ 334",name:", val->name, ",value:", val->value); 335 336#define X509V3_set_ctx_test(ctx) \ 337 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) 338#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; 339 340#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ 341 0,0,0,0, \ 342 0,0, \ 343 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ 344 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ 345 NULL, NULL, \ 346 table} 347 348#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ 349 0,0,0,0, \ 350 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ 351 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ 352 0,0,0,0, \ 353 NULL} 354 355#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 356 357 358/* X509_PURPOSE stuff */ 359 360#define EXFLAG_BCONS 0x1 361#define EXFLAG_KUSAGE 0x2 362#define EXFLAG_XKUSAGE 0x4 363#define EXFLAG_NSCERT 0x8 364 365#define EXFLAG_CA 0x10 366#define EXFLAG_SS 0x20 367#define EXFLAG_V1 0x40 368#define EXFLAG_INVALID 0x80 369#define EXFLAG_SET 0x100 370#define EXFLAG_CRITICAL 0x200 371#define EXFLAG_PROXY 0x400 372 373#define EXFLAG_INVALID_POLICY 0x400 374 375#define KU_DIGITAL_SIGNATURE 0x0080 376#define KU_NON_REPUDIATION 0x0040 377#define KU_KEY_ENCIPHERMENT 0x0020 378#define KU_DATA_ENCIPHERMENT 0x0010 379#define KU_KEY_AGREEMENT 0x0008 380#define KU_KEY_CERT_SIGN 0x0004 381#define KU_CRL_SIGN 0x0002 382#define KU_ENCIPHER_ONLY 0x0001 383#define KU_DECIPHER_ONLY 0x8000 384 385#define NS_SSL_CLIENT 0x80 386#define NS_SSL_SERVER 0x40 387#define NS_SMIME 0x20 388#define NS_OBJSIGN 0x10 389#define NS_SSL_CA 0x04 390#define NS_SMIME_CA 0x02 391#define NS_OBJSIGN_CA 0x01 392#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) 393 394#define XKU_SSL_SERVER 0x1 395#define XKU_SSL_CLIENT 0x2 396#define XKU_SMIME 0x4 397#define XKU_CODE_SIGN 0x8 398#define XKU_SGC 0x10 399#define XKU_OCSP_SIGN 0x20 400#define XKU_TIMESTAMP 0x40 401#define XKU_DVCS 0x80 402 403#define X509_PURPOSE_DYNAMIC 0x1 404#define X509_PURPOSE_DYNAMIC_NAME 0x2 405 406typedef struct x509_purpose_st { 407 int purpose; 408 int trust; /* Default trust ID */ 409 int flags; 410 int (*check_purpose)(const struct x509_purpose_st *, 411 const X509 *, int); 412 char *name; 413 char *sname; 414 void *usr_data; 415} X509_PURPOSE; 416 417#define X509_PURPOSE_SSL_CLIENT 1 418#define X509_PURPOSE_SSL_SERVER 2 419#define X509_PURPOSE_NS_SSL_SERVER 3 420#define X509_PURPOSE_SMIME_SIGN 4 421#define X509_PURPOSE_SMIME_ENCRYPT 5 422#define X509_PURPOSE_CRL_SIGN 6 423#define X509_PURPOSE_ANY 7 424#define X509_PURPOSE_OCSP_HELPER 8 425 426#define X509_PURPOSE_MIN 1 427#define X509_PURPOSE_MAX 8 428 429/* Flags for X509V3_EXT_print() */ 430 431#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) 432/* Return error for unknown extensions */ 433#define X509V3_EXT_DEFAULT 0 434/* Print error for unknown extensions */ 435#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) 436/* ASN1 parse unknown extensions */ 437#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) 438/* BIO_dump unknown extensions */ 439#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) 440 441/* Flags for X509V3_add1_i2d */ 442 443#define X509V3_ADD_OP_MASK 0xfL 444#define X509V3_ADD_DEFAULT 0L 445#define X509V3_ADD_APPEND 1L 446#define X509V3_ADD_REPLACE 2L 447#define X509V3_ADD_REPLACE_EXISTING 3L 448#define X509V3_ADD_KEEP_EXISTING 4L 449#define X509V3_ADD_DELETE 5L 450#define X509V3_ADD_SILENT 0x10 451 452DECLARE_STACK_OF(X509_PURPOSE) 453 454DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) 455 456DECLARE_ASN1_FUNCTIONS(SXNET) 457DECLARE_ASN1_FUNCTIONS(SXNETID) 458 459int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 460int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 461int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 462 463ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); 464ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); 465ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); 466 467DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) 468 469DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) 470 471DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) 472 473 474ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 475 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 476STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, 477 ASN1_BIT_STRING *bits, 478 STACK_OF(CONF_VALUE) *extlist); 479 480STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); 481int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); 482 483DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) 484 485STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, 486 GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); 487GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, 488 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 489 490DECLARE_ASN1_FUNCTIONS(OTHERNAME) 491DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) 492 493char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); 494ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); 495 496DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) 497int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); 498 499DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) 500DECLARE_ASN1_FUNCTIONS(POLICYINFO) 501DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) 502DECLARE_ASN1_FUNCTIONS(USERNOTICE) 503DECLARE_ASN1_FUNCTIONS(NOTICEREF) 504 505DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) 506DECLARE_ASN1_FUNCTIONS(DIST_POINT) 507DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) 508 509DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) 510DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) 511 512DECLARE_ASN1_ITEM(POLICY_MAPPING) 513DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) 514DECLARE_ASN1_ITEM(POLICY_MAPPINGS) 515 516DECLARE_ASN1_ITEM(GENERAL_SUBTREE) 517DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) 518 519DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) 520DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) 521 522DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) 523DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) 524 525#ifdef HEADER_CONF_H 526GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 527 CONF_VALUE *cnf); 528GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, 529 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); 530void X509V3_conf_free(CONF_VALUE *val); 531 532X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); 533X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); 534int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); 535int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); 536int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); 537int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); 538 539X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); 540X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); 541int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); 542int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); 543int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); 544 545int X509V3_add_value_bool_nf(char *name, int asn1_bool, 546 STACK_OF(CONF_VALUE) **extlist); 547int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); 548int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); 549void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); 550void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); 551#endif 552 553char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); 554STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); 555void X509V3_string_free(X509V3_CTX *ctx, char *str); 556void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); 557void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 558 X509_REQ *req, X509_CRL *crl, int flags); 559 560int X509V3_add_value(const char *name, const char *value, 561 STACK_OF(CONF_VALUE) **extlist); 562int X509V3_add_value_uchar(const char *name, const unsigned char *value, 563 STACK_OF(CONF_VALUE) **extlist); 564int X509V3_add_value_bool(const char *name, int asn1_bool, 565 STACK_OF(CONF_VALUE) **extlist); 566int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, 567 STACK_OF(CONF_VALUE) **extlist); 568char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); 569ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); 570char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); 571char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); 572int X509V3_EXT_add(X509V3_EXT_METHOD *ext); 573int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); 574int X509V3_EXT_add_alias(int nid_to, int nid_from); 575void X509V3_EXT_cleanup(void); 576 577X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); 578X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); 579int X509V3_add_standard_extensions(void); 580STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); 581void *X509V3_EXT_d2i(X509_EXTENSION *ext); 582void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); 583 584 585X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); 586int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); 587 588char *hex_to_string(unsigned char *buffer, long len); 589unsigned char *string_to_hex(char *str, long *len); 590int name_cmp(const char *name, const char *cmp); 591 592void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, 593 int ml); 594int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); 595int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); 596 597int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); 598 599int X509_check_ca(X509 *x); 600int X509_check_purpose(X509 *x, int id, int ca); 601int X509_supported_extension(X509_EXTENSION *ex); 602int X509_PURPOSE_set(int *p, int purpose); 603int X509_check_issued(X509 *issuer, X509 *subject); 604int X509_PURPOSE_get_count(void); 605X509_PURPOSE * X509_PURPOSE_get0(int idx); 606int X509_PURPOSE_get_by_sname(char *sname); 607int X509_PURPOSE_get_by_id(int id); 608int X509_PURPOSE_add(int id, int trust, int flags, 609 int (*ck)(const X509_PURPOSE *, const X509 *, int), 610 char *name, char *sname, void *arg); 611char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); 612char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); 613int X509_PURPOSE_get_trust(X509_PURPOSE *xp); 614void X509_PURPOSE_cleanup(void); 615int X509_PURPOSE_get_id(X509_PURPOSE *); 616 617STACK *X509_get1_email(X509 *x); 618STACK *X509_REQ_get1_email(X509_REQ *x); 619void X509_email_free(STACK *sk); 620 621ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); 622ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); 623int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, 624 unsigned long chtype); 625 626void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); 627 628/* BEGIN ERROR CODES */ 629/* The following lines are auto generated by the script mkerr.pl. Any changes 630 * made after this point may be overwritten when the script is next run. 631 */ 632void ERR_load_X509V3_strings(void); 633 634/* Error codes for the X509V3 functions. */ 635 636/* Function codes. */ 637#define X509V3_F_COPY_EMAIL 122 638#define X509V3_F_COPY_ISSUER 123 639#define X509V3_F_DO_DIRNAME 144 640#define X509V3_F_DO_EXT_CONF 124 641#define X509V3_F_DO_EXT_I2D 135 642#define X509V3_F_DO_EXT_NCONF 151 643#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 644#define X509V3_F_HEX_TO_STRING 111 645#define X509V3_F_I2S_ASN1_ENUMERATED 121 646#define X509V3_F_I2S_ASN1_IA5STRING 149 647#define X509V3_F_I2S_ASN1_INTEGER 120 648#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 649#define X509V3_F_NOTICE_SECTION 132 650#define X509V3_F_NREF_NOS 133 651#define X509V3_F_POLICY_SECTION 131 652#define X509V3_F_PROCESS_PCI_VALUE 150 653#define X509V3_F_R2I_CERTPOL 130 654#define X509V3_F_R2I_PCI 155 655#define X509V3_F_S2I_ASN1_IA5STRING 100 656#define X509V3_F_S2I_ASN1_INTEGER 108 657#define X509V3_F_S2I_ASN1_OCTET_STRING 112 658#define X509V3_F_S2I_ASN1_SKEY_ID 114 659#define X509V3_F_S2I_SKEY_ID 115 660#define X509V3_F_STRING_TO_HEX 113 661#define X509V3_F_SXNET_ADD_ID_ASC 125 662#define X509V3_F_SXNET_ADD_ID_INTEGER 126 663#define X509V3_F_SXNET_ADD_ID_ULONG 127 664#define X509V3_F_SXNET_GET_ID_ASC 128 665#define X509V3_F_SXNET_GET_ID_ULONG 129 666#define X509V3_F_V2I_ASN1_BIT_STRING 101 667#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 668#define X509V3_F_V2I_AUTHORITY_KEYID 119 669#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 670#define X509V3_F_V2I_CRLD 134 671#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 672#define X509V3_F_V2I_GENERAL_NAMES 118 673#define X509V3_F_V2I_GENERAL_NAME_EX 117 674#define X509V3_F_V2I_ISSUER_ALT 153 675#define X509V3_F_V2I_NAME_CONSTRAINTS 147 676#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 677#define X509V3_F_V2I_POLICY_MAPPINGS 145 678#define X509V3_F_V2I_SUBJECT_ALT 154 679#define X509V3_F_V3_GENERIC_EXTENSION 116 680#define X509V3_F_X509V3_ADD1_I2D 140 681#define X509V3_F_X509V3_ADD_VALUE 105 682#define X509V3_F_X509V3_EXT_ADD 104 683#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 684#define X509V3_F_X509V3_EXT_CONF 107 685#define X509V3_F_X509V3_EXT_I2D 136 686#define X509V3_F_X509V3_EXT_NCONF 152 687#define X509V3_F_X509V3_GET_SECTION 142 688#define X509V3_F_X509V3_GET_STRING 143 689#define X509V3_F_X509V3_GET_VALUE_BOOL 110 690#define X509V3_F_X509V3_PARSE_LIST 109 691#define X509V3_F_X509_PURPOSE_ADD 137 692#define X509V3_F_X509_PURPOSE_SET 141 693 694/* Reason codes. */ 695#define X509V3_R_BAD_IP_ADDRESS 118 696#define X509V3_R_BAD_OBJECT 119 697#define X509V3_R_BN_DEC2BN_ERROR 100 698#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 699#define X509V3_R_DIRNAME_ERROR 149 700#define X509V3_R_DUPLICATE_ZONE_ID 133 701#define X509V3_R_ERROR_CONVERTING_ZONE 131 702#define X509V3_R_ERROR_CREATING_EXTENSION 144 703#define X509V3_R_ERROR_IN_EXTENSION 128 704#define X509V3_R_EXPECTED_A_SECTION_NAME 137 705#define X509V3_R_EXTENSION_EXISTS 145 706#define X509V3_R_EXTENSION_NAME_ERROR 115 707#define X509V3_R_EXTENSION_NOT_FOUND 102 708#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 709#define X509V3_R_EXTENSION_VALUE_ERROR 116 710#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 711#define X509V3_R_ILLEGAL_HEX_DIGIT 113 712#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 713#define X509V3_R_INVALID_BOOLEAN_STRING 104 714#define X509V3_R_INVALID_EXTENSION_STRING 105 715#define X509V3_R_INVALID_NAME 106 716#define X509V3_R_INVALID_NULL_ARGUMENT 107 717#define X509V3_R_INVALID_NULL_NAME 108 718#define X509V3_R_INVALID_NULL_VALUE 109 719#define X509V3_R_INVALID_NUMBER 140 720#define X509V3_R_INVALID_NUMBERS 141 721#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 722#define X509V3_R_INVALID_OPTION 138 723#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 724#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 725#define X509V3_R_INVALID_PURPOSE 146 726#define X509V3_R_INVALID_SECTION 135 727#define X509V3_R_INVALID_SYNTAX 143 728#define X509V3_R_ISSUER_DECODE_ERROR 126 729#define X509V3_R_MISSING_VALUE 124 730#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 731#define X509V3_R_NO_CONFIG_DATABASE 136 732#define X509V3_R_NO_ISSUER_CERTIFICATE 121 733#define X509V3_R_NO_ISSUER_DETAILS 127 734#define X509V3_R_NO_POLICY_IDENTIFIER 139 735#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 736#define X509V3_R_NO_PUBLIC_KEY 114 737#define X509V3_R_NO_SUBJECT_DETAILS 125 738#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 739#define X509V3_R_OPERATION_NOT_DEFINED 148 740#define X509V3_R_OTHERNAME_ERROR 147 741#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 742#define X509V3_R_POLICY_PATH_LENGTH 156 743#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 744#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 745#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 746#define X509V3_R_SECTION_NOT_FOUND 150 747#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 748#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 749#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 750#define X509V3_R_UNKNOWN_EXTENSION 129 751#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 752#define X509V3_R_UNKNOWN_OPTION 120 753#define X509V3_R_UNSUPPORTED_OPTION 117 754#define X509V3_R_USER_TOO_LONG 132 755 756#ifdef __cplusplus 757} 758#endif 759#endif 760