wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add X509_get0_authority_key_id() function

Browse source 
This function makes it easier to retrieve a reference to the
  authority key identifier (akid->keyid) inside a certificate.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5271)
This commit is contained in:
Massimiliano Pala 2018-02-19 15:47:02 -05:00 committed by Rich Salz
parent 5f7470df83
commit b383aa2081
4 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
crypto/x509v3/v3_purp.c
View file

@ -848,6 +848,13 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
return x->skid;
}
const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
{
/* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, -1);
return (x->akid != NULL ? x->akid->keyid : NULL);
}
long X509_get_pathlen(X509 *x)
{
/* Called for side effect of caching extensions */

6
doc/man3/X509_get_extension_flags.pod
View file

@ -3,6 +3,7 @@
=head1 NAME
X509_get0_subject_key_id,
X509_get0_authority_key_id,
X509_get_pathlen,
X509_get_extension_flags,
X509_get_key_usage,
@ -20,6 +21,7 @@ X509_get_proxy_pathlen - retrieve certificate extension data
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
void X509_set_proxy_flag(X509 *x);
void X509_set_proxy_pathlen(int l);
long X509_get_proxy_pathlen(X509 *x);
@ -109,6 +111,10 @@ X509_get0_subject_key_id() returns an internal pointer to the subject key
identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
is not present or cannot be parsed.
X509_get0_authority_key_id() returns an internal pointer to the authority key
identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
is not present or cannot be parsed.
X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
This is for the users who need to mark non-RFC3820 proxy certificates as
such, as OpenSSL only detects RFC3820 compliant ones.

1
include/openssl/x509v3.h
View file

@ -660,6 +660,7 @@ uint32_t X509_get_extension_flags(X509 *x);
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
int X509_PURPOSE_get_count(void);
X509_PURPOSE *X509_PURPOSE_get0(int idx);

1
util/libcrypto.num
View file

@ -4503,3 +4503,4 @@ OCSP_basic_sign_ctx 4444 1_1_1 EXIST::FUNCTION:OCSP
RAND_DRBG_bytes 4445 1_1_1 EXIST::FUNCTION:
RAND_DRBG_secure_new 4446 1_1_1 EXIST::FUNCTION:
OSSL_STORE_vctrl 4447 1_1_1 EXIST::FUNCTION:
X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: