| X509V3_EXT_GET_NID(3) | Library Functions Manual | X509V3_EXT_GET_NID(3) |
X509V3_EXT_get_nid,
X509V3_EXT_get — retrieve
X.509v3 certificate extension methods
#include
<openssl/x509v3.h>
const X509V3_EXT_METHOD *
X509V3_EXT_get_nid(int nid);
const X509V3_EXT_METHOD *
X509V3_EXT_get(X509_EXTENSION
*ext);
An X.509v3 certificate extension contains an Object Identifier (OID), a boolean criticality indicator, and an opaque extension value (an ASN1_OCTET_STRING) whose meaning is determined by the OID. The library's X509V3_EXT_METHOD type, which is not yet documented in detail, contains a numeric identifier (NID) to represent the OID and various handlers for encoding, decoding, printing, and configuring the extension's value. Criticality is handled separately, for example as an argument to X509V3_add1_i2d(3).
X509V3_EXT_get_nid() returns the
X509V3_EXT_METHOD corresponding to the numeric
identifier nid, or NULL if
there is none.
X509V3_EXT_get() returns the
X509V3_EXT_METHOD associated with the extension type
of ext, or NULL if there is
none.
i2s_ASN1_ENUMERATED_TABLE(3), OBJ_create(3), v2i_ASN1_BIT_STRING(3), X509_EXTENSION_get_object(3), X509V3_get_d2i(3)
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
These functions first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.
In LibreSSL, these functions only support built-in nid values corresponding to static built-in objects. Other implementations have incomplete support for custom extension methods, whose API is not threadsafe, does not affect the behavior of X509_verify_cert(3), and has various other surprising quirks. Both functions prefer built-in methods over custom methods with the same OID.
| December 24, 2024 | openbsd |