crypto/x509v3/format

   1 AuthorityKeyIdentifier
   2         {
   3         keyIdentifier           [0] OCTET_STRING        OPTIONAL
   4         authorityCertIssuer     [1] GeneralNames        OPTIONAL
   5         authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
   6         }
   7
   8 SubjectKeyIdentifier    OCTET_STRING
   9
  10 KeyUsage
  11         {
  12         BIT_STRING
  13                 digitalSignature        0
  14                 nonRepudiation          1
  15                 keyEncipherment         2
  16                 dataEncipherment        3
  17                 keyAgreement            4
  18                 keyCertSign             5
  19                 cRLSign                 6
  20                 encipherOnly            7
  21                 decipherOnly            8
  22         }
  23
  24 extKeyUsage
  25         {
  26         SEQUENCE of OBJECT_IDENTIFIER
  27         }
  28
  29 privateKeyUsagePeriod
  30         {
  31         notBefore       [0]     GeneralizedTime OPTIONAL
  32         notAfter        [1]     GeneralizedTime OPTIONAL
  33         }
  34
  35 certificatePoliciesSyntax
  36         SEQUENCE of PoliciesInformation
  37
  38 PoliciesInformation     XXX
  39 policyMappings          XXX
  40 supportedAlgorithms     XXX
  41
  42 subjectAltName
  43         GeneralNames sequence of GeneralName
  44
  45 GeneralName
  46         {
  47         otherName       [0] INSTANCE OF OTHER-NAME
  48         rfc882Name      [1] IA5String
  49         dNSName         [2] IA5String
  50         x400Address     [3] ORAddress
  51         directoryName   [4] Name
  52         ediPartyName    [5]
  53                                 {
  54                                 nameAssigner    [0] DirectoryString OPTIONAL
  55                                 partyName       [1] DirectoryString
  56                                 }
  57         uniformResourceIdentifier [6] IA5String
  58         iPAddress       [7] OCTET_STRING
  59         registeredID    [8] OBJECT_IDENTIFIER
  60         }
  61
  62 issuerAltName
  63         GeneralNames sequence of GeneralName
  64
  65 subjectDirectoryAttribute SEQUENCE of Attribute
  66
  67 basicConstraints
  68         {
  69         cA                      BOOLEAN default FALSE
  70         pathLenConstraint       INTEGER OPTIONAL
  71         }
  72
  73 nameConstraints
  74         {
  75         permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
  76         excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
  77         }
  78
  79 GeneralSubtree
  80         {
  81         base    GeneralName
  82         minimum [0] BaseDistance DEFAULT 0
  83         maximum [1] BaseDistance OPTIONAL
  84         }
  85
  86 PolicyConstraints
  87         {
  88         requiredExplicitPolicy  [0] SkipCerts OPTIONAL
  89         inhibitPolicyMapping    [1] SkipCerts OPTIONAL
  90         }
  91 SkipCerts == INTEGER
  92