=pod =head1 NAME X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen - retrieve certificate extension data =head1 SYNOPSIS #include long X509_get_pathlen(X509 *x); uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); void X509_set_proxy_flag(X509 *x); void X509_set_proxy_pathlen(int l); long X509_get_proxy_pathlen(X509 *x); =head1 DESCRIPTION These functions retrieve information related to commonly used certificate extensions. X509_get_pathlen() retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be issued from that CA. X509_get_extension_flags() retrieves general information about a certificate, it will return one or more of the following flags ored together. =over 4 =item B The certificate is an obsolete version 1 certificate. =item B The certificate contains a basic constraints extension. =item B The certificate contains basic constraints and asserts the CA flag. =item B The certificate is a valid proxy certificate. =item B The certificate is self issued (that is subject and issuer names match). =item B The subject and issuer names match and extension values imply it is self signed. =item B The freshest CRL extension is present in the certificate. =item B The certificate contains an unhandled critical extension. =item B Some certificate extension values are invalid or inconsistent. The certificate should be rejected. =item B The certificate contains a key usage extension. The value can be retrieved using X509_get_key_usage(). =item B The certificate contains an extended key usage extension. The value can be retrieved using X509_get_extended_key_usage(). =back X509_get_key_usage() returns the value of the key usage extension. If key usage is present will return zero or more of the flags: B, B, B, B, B, B, B, B or B corresponding to individual key usage bits. If key usage is absent then B is returned. X509_get_extended_key_usage() returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the flags: B, B, B, B B, B, B or B. These correspond to the OIDs B, B, B, B, B, B, B and B respectively. Additionally B is set if either Netscape or Microsoft SGC OIDs are present. X509_get0_subject_key_id() returns an internal pointer to the subject key identifier of B as an B or B if the extension is not present or cannot be parsed. X509_get0_authority_key_id() returns an internal pointer to the authority key identifier of B as an B or B if the extension is not present or cannot be parsed. X509_get0_authority_issuer() returns an internal pointer to the authority certificate issuer of B as a stack of B structures or B if the extension is not present or cannot be parsed. X509_get0_authority_serial() returns an internal pointer to the authority certificate serial number of B as an B or B if the extension is not present or cannot be parsed. X509_set_proxy_flag() marks the certificate with the B flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones. X509_set_proxy_pathlen() sets the proxy certificate path length for the given certificate B. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones. X509_get_proxy_pathlen() returns the proxy certificate path length for the given certificate B if it is a proxy certificate. =head1 NOTES The value of the flags correspond to extension values which are cached in the B structure. If the flags returned do not provide sufficient information an application should examine extension values directly for example using X509_get_ext_d2i(). If the key usage or extended key usage extension is absent then typically usage is unrestricted. For this reason X509_get_key_usage() and X509_get_extended_key_usage() return B when the corresponding extension is absent. Applications can additionally check the return value of X509_get_extension_flags() and take appropriate action is an extension is absent. If X509_get0_subject_key_id() returns B then the extension may be absent or malformed. Applications can determine the precise reason using X509_get_ext_d2i(). =head1 RETURN VALUES X509_get_pathlen() returns the path length value, or -1 if the extension is not present. X509_get_extension_flags(), X509_get_key_usage() and X509_get_extended_key_usage() return sets of flags corresponding to the certificate extension values. X509_get0_subject_key_id() returns the subject key identifier as a pointer to an B structure or B if the extension is absent or an error occurred during parsing. X509_get_proxy_pathlen() returns the path length value if the given certificate is a proxy one and has a path length set, and -1 otherwise. =head1 SEE ALSO L =head1 HISTORY X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and X509_get_proxy_pathlen() were added in OpenSSL 1.1.0. =head1 COPYRIGHT Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. =cut