1=pod 2 3=head1 NAME 4 5X509V3_set_ctx, 6X509V3_set_issuer_pkey - X.509 v3 extension generation utilities 7 8=head1 SYNOPSIS 9 10 #include <openssl/x509v3.h> 11 12 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 13 X509_REQ *req, X509_CRL *crl, int flags); 14 int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); 15 16=head1 DESCRIPTION 17 18X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, 19providing details potentially needed by functions producing X509 v3 extensions, 20e.g., to look up values for filling in authority key identifiers. 21Any of I<subject>, I<req>, or I<crl> may be provided, pointing to a certificate, 22certification request, or certificate revocation list, respectively. 23When constructing the subject key identifier of a certificate by computing a 24hash value of its public key, the public key is taken from I<subject> or I<req>. 25Similarly, when constructing subject alternative names from any email addresses 26contained in a subject DN, the subject DN is taken from I<subject> or I<req>. 27If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, 28for instance to help generating an authority key identifier extension. 29Note that if I<subject> is provided, I<issuer> may be the same as I<subject>, 30which means that I<subject> is self-issued (or even self-signed). 31I<flags> may be 0 32or contain B<X509V3_CTX_TEST>, which means that just the syntax of 33extension definitions is to be checked without actually producing an extension, 34or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as 35defined in some configuration section shall replace any already existing 36extension with the same OID. 37 38X509V3_set_issuer_pkey() explicitly sets the issuer private key of 39the certificate that has been provided in I<ctx>. 40This should be done for self-issued certificates (which may be self-signed 41or not) to provide fallback data for the authority key identifier extension. 42 43=head1 RETURN VALUES 44 45X509V3_set_issuer_pkey() returns 1 on success and 0 on error. 46 47=head1 SEE ALSO 48 49L<X509_add_ext(3)> 50 51=head1 HISTORY 52 53X509V3_set_issuer_pkey() was added in OpenSSL 3.0. 54 55CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. 56 57=head1 COPYRIGHT 58 59Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 60 61Licensed under the Apache License 2.0 (the "License"). You may not use 62this file except in compliance with the License. You can obtain a copy 63in the file LICENSE in the source distribution or at 64L<https://www.openssl.org/source/license.html>. 65 66=cut 67