}
}
- if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+ if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
return akeyid;
if (ctx == NULL) {
X509_EXTENSION *ext;
int i, num;
- if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+ if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
return 1;
if (!ctx || !ctx->issuer_cert) {
ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS);
GENERAL_NAME *gen = NULL;
int i = -1;
- if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+ if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
return 1;
if (ctx == NULL
|| (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
if (strcmp(str, "hash") != 0)
return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str);
- if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+ if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
return ASN1_OCTET_STRING_new();
if (ctx == NULL
|| (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
=head1 NAME
X509V3_set_ctx,
-X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
+X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
=head1 SYNOPSIS
=head1 DESCRIPTION
X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
-providing details potentially needed by functions producing X509 v3 certificate
-extensions, e.g., to look up values for filling in authority key identifiers.
+providing details potentially needed by functions producing X509 v3 extensions,
+e.g., to look up values for filling in authority key identifiers.
Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate,
certification request, or certificate revocation list, respectively.
If I<subj> or I<crl> is provided, I<issuer> should point to its issuer,
for instance to help generating an authority key identifier extension.
Note that if I<subj> is provided, I<issuer> may be the same as I<subj>,
which means that I<subj> is self-issued (or even self-signed).
-I<flags> may be 0 or contain B<CTX_TEST>, which means that just the syntax of
+I<flags> may be 0
+or contain B<X509V3_CTX_TEST>, which means that just the syntax of
extension definitions is to be checked without actually producing an extension,
or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
defined in some configuration section shall replace any already existing
X509V3_set_issuer_pkey() was added in OpenSSL 3.0.
+CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
+
=head1 COPYRIGHT
Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
} X509V3_CONF_METHOD;
-/* Context specific info */
+/* Context specific info for producing X509 v3 extensions*/
struct v3_ext_ctx {
-# define CTX_TEST 0x1
+# define X509V3_CTX_TEST 0x1
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define CTX_TEST X509V3_CTX_TEST
+# endif
# define X509V3_CTX_REPLACE 0x2
int flags;
X509 *issuer_cert;
",name:", (val)->name, ",value:", (val)->value)
# define X509V3_set_ctx_test(ctx) \
- X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \