Standard preamble:
========================================================================
..
.... Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================
Title "X509_GET_EXTENSION_FLAGS 3"
way too many mistakes in technical documents.
\fBX509_get_pathlen() retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be issued from that \s-1CA.\s0
\fBX509_get_extension_flags() retrieves general information about a certificate, it will return one or more of the following flags ored together.
\fBX509_get_key_usage() returns the value of the key usage extension. If key usage is present will return zero or more of the flags: \fB\s-1KU_DIGITAL_SIGNATURE\s0, \s-1KU_NON_REPUDIATION\s0, \s-1KU_KEY_ENCIPHERMENT\s0, \fB\s-1KU_DATA_ENCIPHERMENT\s0, \s-1KU_KEY_AGREEMENT\s0, \s-1KU_KEY_CERT_SIGN\s0, \fB\s-1KU_CRL_SIGN\s0, \s-1KU_ENCIPHER_ONLY\s0 or \s-1KU_DECIPHER_ONLY\s0 corresponding to individual key usage bits. If key usage is absent then \s-1UINT32_MAX\s0 is returned.
\fBX509_get_extended_key_usage() returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the flags: \s-1XKU_SSL_SERVER\s0, \s-1XKU_SSL_CLIENT\s0, \s-1XKU_SMIME\s0, \s-1XKU_CODE_SIGN\s0 \fB\s-1XKU_OCSP_SIGN\s0, \s-1XKU_TIMESTAMP\s0, \s-1XKU_DVCS\s0 or \s-1XKU_ANYEKU\s0. These correspond to the OIDs id-kp-serverAuth, id-kp-clientAuth, \fBid-kp-emailProtection, id-kp-codeSigning, id-kp-OCSPSigning, \fBid-kp-timeStamping, id-kp-dvcs and anyExtendedKeyUsage respectively. Additionally \s-1XKU_SGC\s0 is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are present.
\fBX509_get0_subject_key_id() returns an internal pointer to the subject key identifier of x as an \s-1ASN1_OCTET_STRING\s0 or \s-1NULL\s0 if the extension is not present or cannot be parsed.
\fBX509_get0_authority_key_id() returns an internal pointer to the authority key identifier of x as an \s-1ASN1_OCTET_STRING\s0 or \s-1NULL\s0 if the extension is not present or cannot be parsed.
\fBX509_get0_authority_issuer() returns an internal pointer to the authority certificate issuer of x as a stack of \s-1GENERAL_NAME\s0 structures or \fB\s-1NULL\s0 if the extension is not present or cannot be parsed.
\fBX509_get0_authority_serial() returns an internal pointer to the authority certificate serial number of x as an \s-1ASN1_INTEGER\s0 or \s-1NULL\s0 if the extension is not present or cannot be parsed.
\fBX509_set_proxy_flag() marks the certificate with the \s-1EXFLAG_PROXY\s0 flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
\fBX509_set_proxy_pathlen() sets the proxy certificate path length for the given certificate x. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
\fBX509_get_proxy_pathlen() returns the proxy certificate path length for the given certificate x if it is a proxy certificate.
If the key usage or extended key usage extension is absent then typically usage is unrestricted. For this reason X509_get_key_usage() and \fBX509_get_extended_key_usage() return \s-1UINT32_MAX\s0 when the corresponding extension is absent. Applications can additionally check the return value of \fBX509_get_extension_flags() and take appropriate action is an extension is absent.
If X509_get0_subject_key_id() returns \s-1NULL\s0 then the extension may be absent or malformed. Applications can determine the precise reason using \fBX509_get_ext_d2i().
\fBX509_get_extension_flags(), X509_get_key_usage() and \fBX509_get_extended_key_usage() return sets of flags corresponding to the certificate extension values.
\fBX509_get0_subject_key_id() returns the subject key identifier as a pointer to an \s-1ASN1_OCTET_STRING\s0 structure or \s-1NULL\s0 if the extension is absent or an error occurred during parsing.
\fBX509_get_proxy_pathlen() returns the path length value if the given certificate is a proxy one and has a path length set, and -1 otherwise.
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.