The branch master has been updated via b383aa2081467e8d49c3362d295da7bd5cb4e1d8 (commit) from 5f7470df83cb179f793026a5950c1446866c9cab (commit)
- Log ----------------------------------------------------------------- commit b383aa2081467e8d49c3362d295da7bd5cb4e1d8 Author: Massimiliano Pala <direc...@openca.org> Date: Mon Feb 19 15:47:02 2018 -0500 Add X509_get0_authority_key_id() function This function makes it easier to retrieve a reference to the authority key identifier (akid->keyid) inside a certificate. Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5271) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_purp.c | 7 +++++++ doc/man3/X509_get_extension_flags.pod | 6 ++++++ include/openssl/x509v3.h | 1 + util/libcrypto.num | 1 + 4 files changed, 15 insertions(+) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2ff8854..6c78041 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -848,6 +848,13 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) return x->skid; } +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + return (x->akid != NULL ? x->akid->keyid : NULL); +} + long X509_get_pathlen(X509 *x) { /* Called for side effect of caching extensions */ diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod index 9aec918..fc4ebbb 100644 --- a/doc/man3/X509_get_extension_flags.pod +++ b/doc/man3/X509_get_extension_flags.pod @@ -3,6 +3,7 @@ =head1 NAME X509_get0_subject_key_id, +X509_get0_authority_key_id, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, @@ -20,6 +21,7 @@ X509_get_proxy_pathlen - retrieve certificate extension data uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); + const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); void X509_set_proxy_flag(X509 *x); void X509_set_proxy_pathlen(int l); long X509_get_proxy_pathlen(X509 *x); @@ -109,6 +111,10 @@ X509_get0_subject_key_id() returns an internal pointer to the subject key identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension is not present or cannot be parsed. +X509_get0_authority_key_id() returns an internal pointer to the authority key +identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension +is not present or cannot be parsed. + X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones. diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 94f5561..fe1791c 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -660,6 +660,7 @@ uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); diff --git a/util/libcrypto.num b/util/libcrypto.num index 5456063..b1dd6a0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4503,3 +4503,4 @@ OCSP_basic_sign_ctx 4444 1_1_1 EXIST::FUNCTION:OCSP RAND_DRBG_bytes 4445 1_1_1 EXIST::FUNCTION: RAND_DRBG_secure_new 4446 1_1_1 EXIST::FUNCTION: OSSL_STORE_vctrl 4447 1_1_1 EXIST::FUNCTION: +X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits