| X509V3_EXT_PRINT(3) | Library Functions Manual | X509V3_EXT_PRINT(3) |
X509V3_EXT_print,
X509V3_EXT_print_fp —
pretty-print an X.509 extension
#include
<openssl/x509v3.h>
int
X509V3_EXT_print(BIO *bio,
X509_EXTENSION *ext, unsigned long
flags, int indent);
int
X509V3_EXT_print_fp(FILE *file,
X509_EXTENSION *ext, int flags,
int indent);
X509V3_EXT_print()
and
X509V3_EXT_print_fp()
decode ext and print the data contained in it to the
bio or file, respectively, in a
human-readable format with a left margin of indent
space characters. The details of both the decoding and the printing depend
on the type of ext.
For most extension types, the decoding is done in the same way as it would be done by the appropriate public API function, for example:
NID_certificate_policiesNID_crl_numberNID_crl_reasonNID_hold_instruction_codeNID_id_pkix_OCSP_CrlIDNID_id_pkix_OCSP_noCheckNID_id_pkix_OCSP_NonceNID_invalidity_dateNID_key_usageNID_subject_alt_nameNID_subject_key_identifierFor some types, the printing is performed by a dedicated non-public function built into the library. For some other types, the printing function is a public API function, for example:
NID_crl_numberNID_crl_reasonNID_delta_crlNID_hold_instruction_codeNID_id_pkix_OCSP_archiveCutoffNID_id_pkix_OCSP_NonceNID_inhibit_any_policyNID_invalidity_dateNID_key_usageNID_subject_key_identifierSome of the public printing functions are not documented yet.
If ext is of an unknown extension type or if decoding fails while using the decoding function for the relevant type, the action taken depends on the flags argument:
X509V3_EXT_PARSE_UNKNOWN is set,
ASN1_parse_dump(3) is
called on the BER-encoded data of the extension, passing -1 for the
dump argument. Thus, some information about the
encoding of the extension gets printed and some about its decoded content,
falling back to
BIO_dump_indent(3) for
the decoded content unless a dedicated printing method is known for the
respective data type(s). Note that even if an extension type is unknown,
the data type used by the unknown extension, or, if that data type is
constructed, of the values contained in it, may still be known, which may
allow printing the content of even an unknown extension in a structured or
partially structured form.X509V3_EXT_DUMP_UNKNOWN is set,
BIO_dump_indent(3) is
called on the BER-encoded data of the extension without decoding it first,
which is usually less readable than the above but poses a smaller risk of
omitting or misrepresenting parts of the information.X509V3_EXT_ERROR_UNKNOWN is set, only
the fixed string "<Not Supported>" is printed for an
unknown type or only the fixed string "<Parse Error>" if
the parsing functions fails, but printing is considered as successful
anyway.X509V3_EXT_UNKNOWN_MASK is set that is not listed
above, nothing is printed, but printing is considered as successful
anyway.X509V3_EXT_UNKNOWN_MASK are
set, nothing is printed and printing is considered as failed.X509V3_EXT_print() and
X509V3_EXT_print_fp() return 0 if failure was both
detected and considered relevant. Otherwise, 1 is returned, and in general
the user cannot tell whether failure simply went undetected, whether the
function detected failure but regarded it as irrelevant, or whether printing
did indeed succeed.
BIO_new(3), X509_EXTENSION_new(3), X509_get0_extensions(3), X509_get_ext(3), X509V3_extensions_print(3)
These functions first appeared in OpenSSL 0.9.2 and have been available since OpenBSD 2.6.
These functions lack error handling throughout. When a write operation fails, they will usually ignore the fact that information was omitted from the output and report success to the caller anyway.
| December 28, 2024 | openbsd |