1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre ProncheryX509V3_set_ctx, 6b077aed3SPierre ProncheryX509V3_set_issuer_pkey - X.509 v3 extension generation utilities 7b077aed3SPierre Pronchery 8b077aed3SPierre Pronchery=head1 SYNOPSIS 9b077aed3SPierre Pronchery 10b077aed3SPierre Pronchery #include <openssl/x509v3.h> 11b077aed3SPierre Pronchery 12b077aed3SPierre Pronchery void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 13b077aed3SPierre Pronchery X509_REQ *req, X509_CRL *crl, int flags); 14b077aed3SPierre Pronchery int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); 15b077aed3SPierre Pronchery 16b077aed3SPierre Pronchery=head1 DESCRIPTION 17b077aed3SPierre Pronchery 18b077aed3SPierre ProncheryX509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, 19b077aed3SPierre Proncheryproviding details potentially needed by functions producing X509 v3 extensions, 20b077aed3SPierre Proncherye.g., to look up values for filling in authority key identifiers. 21b077aed3SPierre ProncheryAny of I<subject>, I<req>, or I<crl> may be provided, pointing to a certificate, 22b077aed3SPierre Proncherycertification request, or certificate revocation list, respectively. 23b077aed3SPierre ProncheryWhen constructing the subject key identifier of a certificate by computing a 24b077aed3SPierre Proncheryhash value of its public key, the public key is taken from I<subject> or I<req>. 25b077aed3SPierre ProncherySimilarly, when constructing subject alternative names from any email addresses 26b077aed3SPierre Proncherycontained in a subject DN, the subject DN is taken from I<subject> or I<req>. 27b077aed3SPierre ProncheryIf I<subject> or I<crl> is provided, I<issuer> should point to its issuer, 28b077aed3SPierre Proncheryfor instance to help generating an authority key identifier extension. 29b077aed3SPierre ProncheryNote that if I<subject> is provided, I<issuer> may be the same as I<subject>, 30b077aed3SPierre Proncherywhich means that I<subject> is self-issued (or even self-signed). 31b077aed3SPierre ProncheryI<flags> may be 0 32b077aed3SPierre Proncheryor contain B<X509V3_CTX_TEST>, which means that just the syntax of 33b077aed3SPierre Proncheryextension definitions is to be checked without actually producing an extension, 34b077aed3SPierre Proncheryor B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as 35b077aed3SPierre Proncherydefined in some configuration section shall replace any already existing 36b077aed3SPierre Proncheryextension with the same OID. 37b077aed3SPierre Pronchery 38b077aed3SPierre ProncheryX509V3_set_issuer_pkey() explicitly sets the issuer private key of 39b077aed3SPierre Proncherythe certificate that has been provided in I<ctx>. 40b077aed3SPierre ProncheryThis should be done for self-issued certificates (which may be self-signed 41b077aed3SPierre Proncheryor not) to provide fallback data for the authority key identifier extension. 42b077aed3SPierre Pronchery 43b077aed3SPierre Pronchery=head1 RETURN VALUES 44b077aed3SPierre Pronchery 45*0d0c8621SEnji CooperX509V3_set_issuer_pkey() returns 1 on success and 0 on error. 46b077aed3SPierre Pronchery 47b077aed3SPierre Pronchery=head1 SEE ALSO 48b077aed3SPierre Pronchery 49b077aed3SPierre ProncheryL<X509_add_ext(3)> 50b077aed3SPierre Pronchery 51b077aed3SPierre Pronchery=head1 HISTORY 52b077aed3SPierre Pronchery 53b077aed3SPierre ProncheryX509V3_set_issuer_pkey() was added in OpenSSL 3.0. 54b077aed3SPierre Pronchery 55b077aed3SPierre ProncheryCTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. 56b077aed3SPierre Pronchery 57b077aed3SPierre Pronchery=head1 COPYRIGHT 58b077aed3SPierre Pronchery 59*0d0c8621SEnji CooperCopyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. 60b077aed3SPierre Pronchery 61b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 62b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 63b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 64b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 65b077aed3SPierre Pronchery 66b077aed3SPierre Pronchery=cut 67