Make it possible for external code to flag a certificate as a proxy one. (9961cb77) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/x509v3/v3_purp.c

+5 −0

+8 −3

Original line number	Diff line number	Diff line
		@@ -4,8 +4,8 @@

		X509_get0_subject_key_id,
		X509_get_pathlen,
		X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
		retrieve certificate extension data
		X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage,
		X509_set_proxy_flag - retrieve certificate extension data

		=head1 SYNOPSIS

		@@ -16,6 +16,7 @@ retrieve certificate extension data
		uint32_t X509_get_key_usage(X509 *x);
		uint32_t X509_get_extended_key_usage(X509 *x);
		const ASN1_OCTET_STRING X509_get0_subject_key_id(X509 x);
		void X509_set_proxy_flag(X509 *x);

		=head1 DESCRIPTION

		@@ -102,6 +103,10 @@ X509_get_extended_key_usage() return an internal pointer to the subject key
		identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
		is not present or cannot be parsed.

		X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
		This is for the users who need to mark non-RFC3820 proxy certificates as
		such, as OpenSSL only detects RFC3820 compliant ones.

		=head1 NOTES

		The value of the flags correspond to extension values which are cached
		@@ -139,7 +144,7 @@ L<X509_check_purpose(3)>

		=head1 HISTORY

		X509_get_pathlen() was added in OpenSSL 1.1.0.
		X509_get_pathlen() and X509_set_proxy_flag() were added in OpenSSL 1.1.0.

		=head1 COPYRIGHT

+1 −0

Original line number	Diff line number	Diff line
		@@ -649,6 +649,7 @@ int X509_supported_extension(X509_EXTENSION *ex);
		int X509_PURPOSE_set(int *p, int purpose);
		int X509_check_issued(X509 issuer, X509 subject);
		int X509_check_akid(X509 issuer, AUTHORITY_KEYID akid);
		void X509_set_proxy_flag(X509 *x);

		uint32_t X509_get_extension_flags(X509 *x);
		uint32_t X509_get_key_usage(X509 *x);