#include <openssl/asn1.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include <openssl/x509_acert.h>
#include <openssl/http.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
return X509_REQ_verify_ex(a, r, NULL, NULL);
}
+int X509_ACERT_verify(X509_ACERT *a, EVP_PKEY *r)
+{
+ if (X509_ALGOR_cmp(&a->sig_alg, &a->acinfo->signature) != 0)
+ return 0;
+
+ return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_ACERT_INFO), &a->sig_alg,
+ &a->signature, a->acinfo,
+ NULL, r, NULL, NULL);
+}
+
int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
{
return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
ASN1_ITEM_rptr(X509_CRL));
}
+int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+ return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_ACERT_INFO), &x->sig_alg,
+ &x->acinfo->signature,
+ &x->signature, x->acinfo, NULL,
+ pkey, md, NULL, NULL);
+}
+
+int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx)
+{
+ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_ACERT_INFO),
+ &x->sig_alg, &x->acinfo->signature, &x->signature,
+ &x->acinfo, ctx);
+}
+
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
{
return
X509_sign, X509_sign_ctx,
X509_REQ_sign, X509_REQ_sign_ctx,
+X509_ACERT_sign, X509_ACERT_sign_ctx,
X509_CRL_sign, X509_CRL_sign_ctx -
sign certificate, certificate request, or CRL signature
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+ #include <openssl/x509_acert.h>
+
+ int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx);
+
=head1 DESCRIPTION
X509_sign() signs certificate I<x> using private key I<pkey> and message
these two functions make sure that the certificate bears X.509 version 3.
X509_REQ_sign(), X509_REQ_sign_ctx(),
+X509_ACERT_sign(), X509_ACERT_sign_ctx(),
X509_CRL_sign(), and X509_CRL_sign_ctx()
sign certificate requests and CRLs, respectively.
The X509_sign_ctx(), X509_REQ_sign_ctx()
and X509_CRL_sign_ctx() functions were added in OpenSSL 1.0.1.
+The X509_ACERT_sign() and X509_ACERT_sign_ctx() functions were added
+in OpenSSL 3.4.
+
=head1 COPYRIGHT
Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
X509_verify, X509_self_signed,
X509_REQ_verify_ex, X509_REQ_verify,
-X509_CRL_verify -
+X509_CRL_verify, X509_ACERT_verify -
verify certificate, certificate request, or CRL signature
=head1 SYNOPSIS
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+ #include <openssl/x509_acert.h>
+ int X509_ACERT_verify(X509_CRL *a, EVP_PKEY *r);
+
=head1 DESCRIPTION
X509_verify() verifies the signature of certificate I<x> using public key
The signature itself is actually verified only if B<verify_signature> is 1, as
for explicitly trusted certificates this verification is not worth the effort.
-X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify()
-verify the signatures of certificate requests and CRLs, respectively.
+X509_REQ_verify_ex(), X509_REQ_verify(), X509_CRL_verify() and X509_ACERT_verify()
+verify the signatures of certificate requests, CRLs and attribute certificates
+respectively.
=head1 RETURN VALUES
X509_REQ_verify_ex(), and X509_self_signed() were added in OpenSSL 3.0.
+X509_ACERT_verify() was added in OpenSSL 3.4.
+
=head1 COPYRIGHT
Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
X509_ACERT *d2i_X509_ACERT_bio(BIO *bp, X509_ACERT **acert);
int i2d_X509_ACERT_bio(BIO *bp, const X509_ACERT *acert);
+int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx);
+int X509_ACERT_verify(X509_ACERT *a, EVP_PKEY *r);
+
# define X509_ACERT_VERSION_2 1
const GENERAL_NAMES *X509_ACERT_get0_holder_entityName(const X509_ACERT *x);
X509_ACERT_add1_attr_by_OBJ ? 3_4_0 EXIST::FUNCTION:
X509_ACERT_add1_attr_by_NID ? 3_4_0 EXIST::FUNCTION:
X509_ACERT_add1_attr_by_txt ? 3_4_0 EXIST::FUNCTION:
+X509_ACERT_sign ? 3_4_0 EXIST::FUNCTION:
+X509_ACERT_sign_ctx ? 3_4_0 EXIST::FUNCTION:
+X509_ACERT_verify ? 3_4_0 EXIST::FUNCTION: