=head1 NAME
+X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
#include <openssl/x509v3.h>
- void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
int *idx);
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
void *X509V3_EXT_d2i(X509_EXTENSION *ext);
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
- void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+ void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags);
- void *X509_CRL_get_ext_d2i(X509_CRL *crl, int nid, int *crit, int *idx);
+ void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
unsigned long flags);
- void *X509_REVOKED_get_ext_d2i(X509_REVOKED *r, int nid, int *crit, int *idx);
+ void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
unsigned long flags);
- STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
- STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
- STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
+ const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+ const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
=head1 DESCRIPTION
=head1 NOTES
In almost all cases an extension can occur at most once and multiple
-occurences is an error. Therefore the B<idx> parameter is usually B<NULL>.
+occurrences is an error. Therefore the B<idx> parameter is usually B<NULL>.
The B<flags> parameter may be one of the following values.
B<X509V3_ADD_APPEND> appends a new extension, ignoring whether the extension
already exists.
-B<X509V3_ADD_REPLACE> replaces an extension if it exists otherwise apppends
+B<X509V3_ADD_REPLACE> replaces an extension if it exists otherwise appends
a new extension.
B<X509V3_ADD_REPLACE_EXISTING> replaces an existing extension if it exists
not already exist. An error B<is not> returned if the extension does already
exist.
-B<X509V3_ADD_DELETE> extension B<nid> is deleted: no new extenion is added.
+B<X509V3_ADD_DELETE> extension B<nid> is deleted: no new extension is added.
If B<X509V3_ADD_SILENT> is ored with B<flags>: any error returned will not
be added to the error queue.
The following sections contain a list of all supported extensions
including their name and NID.
-=head2 PKIX CERTIFICATE EXTENSIONS
+=head2 PKIX Certificate Extensions
The following certificate extensions are defined in PKIX standards such as
RFC5280.
Policy Constraints NID_policy_constraints
Inhibit Any Policy NID_inhibit_any_policy
-=head2 NETSCAPE CERTIFICATE EXTENSIONS
+ TLS Feature NID_tlsfeature
+
+=head2 Netscape Certificate Extensions
The following are (largely obsolete) Netscape certificate extensions.
Netscape SSL Server Name NID_netscape_ssl_server_name
Netscape Comment NID_netscape_comment
-=head2 MISCELLANEOUS CERTIFICATE EXTENSIONS
+=head2 Miscellaneous Certificate Extensions
Strong Extranet ID NID_sxnet
Proxy Certificate Information NID_proxyCertInfo
-=head2 PKIX CRL EXTENSIONS
+=head2 PKIX CRL Extensions
The following are CRL extensions from PKIX standards such as RFC5280.
Delta CRL Indicator NID_delta_crl
Freshest CRL NID_freshest_crl
Invalidity Date NID_invalidity_date
- Issuing Distrubution Point NID_issuing_distribution_point
+ Issuing Distribution Point NID_issuing_distribution_point
The following are CRL entry extensions from PKIX standards such as RFC5280.
CRL Reason Code NID_crl_reason
Certificate Issuer NID_certificate_issuer
-=head2 OCSP EXTENSIONS
+=head2 OCSP Extensions
OCSP Nonce NID_id_pkix_OCSP_Nonce
OCSP CRL ID NID_id_pkix_OCSP_CrlID
OCSP Service Locator NID_id_pkix_OCSP_serviceLocator
Hold Instruction Code NID_hold_instruction_code
-=head2 CERTIFICATE TRANSPARENCY EXTENSIONS
+=head2 Certificate Transparency Extensions
The following extensions are used by certificate transparency, RFC6962
failure.
X509_get0_extensions(), X509_CRL_get0_extensions() and
-X509_REVOKED_get0_extensions() return a stack of extensions. They can return
+X509_REVOKED_get0_extensions() return a stack of extensions. They return
NULL if no extensions are present.
=head1 SEE ALSO
L<d2i_X509(3)>,
-L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_get_error(3)>,
L<X509_CRL_get0_by_serial(3)>,
L<X509_get0_signature(3)>,
L<X509_get_ext_d2i(3)>,
L<X509_sign(3)>,
L<X509_verify_cert(3)>
+=head1 COPYRIGHT
+
+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
=cut