aboutsummaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/man3/X509_get_extension_flags.3')
-rw-r--r--secure/lib/libcrypto/man/man3/X509_get_extension_flags.3176
1 files changed, 50 insertions, 126 deletions
diff --git a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3
index 2f28ceb5c5b8..1c9cb90ad790 100644
--- a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3
+++ b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3
@@ -1,4 +1,5 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -15,29 +16,12 @@
.ft R
.fi
..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
. ds C`
. ds C'
'br\}
@@ -68,75 +52,15 @@
. \}
.\}
.rr rF
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "X509_GET_EXTENSION_FLAGS 3ossl"
-.TH X509_GET_EXTENSION_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL"
+.TH X509_GET_EXTENSION_FLAGS 3ossl 2025-07-01 3.5.1 OpenSSL
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
-.SH "NAME"
+.SH NAME
X509_get0_subject_key_id,
X509_get0_authority_key_id,
X509_get0_authority_issuer,
@@ -148,7 +72,7 @@ X509_get_extended_key_usage,
X509_set_proxy_flag,
X509_set_proxy_pathlen,
X509_get_proxy_pathlen \- retrieve certificate extension data
-.SH "SYNOPSIS"
+.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509v3.h>
@@ -165,113 +89,113 @@ X509_get_proxy_pathlen \- retrieve certificate extension data
\& void X509_set_proxy_pathlen(int l);
\& long X509_get_proxy_pathlen(X509 *x);
.Ve
-.SH "DESCRIPTION"
+.SH DESCRIPTION
.IX Header "DESCRIPTION"
These functions retrieve information related to commonly used certificate extensions.
.PP
\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate.
This extension is used to limit the length of a cert chain that may be
-issued from that \s-1CA.\s0
+issued from that CA.
.PP
\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate,
it will return one or more of the following flags ored together.
-.IP "\fB\s-1EXFLAG_V1\s0\fR" 4
+.IP \fBEXFLAG_V1\fR 4
.IX Item "EXFLAG_V1"
The certificate is an obsolete version 1 certificate.
-.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4
+.IP \fBEXFLAG_BCONS\fR 4
.IX Item "EXFLAG_BCONS"
The certificate contains a basic constraints extension.
-.IP "\fB\s-1EXFLAG_CA\s0\fR" 4
+.IP \fBEXFLAG_CA\fR 4
.IX Item "EXFLAG_CA"
-The certificate contains basic constraints and asserts the \s-1CA\s0 flag.
-.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4
+The certificate contains basic constraints and asserts the CA flag.
+.IP \fBEXFLAG_PROXY\fR 4
.IX Item "EXFLAG_PROXY"
The certificate is a valid proxy certificate.
-.IP "\fB\s-1EXFLAG_SI\s0\fR" 4
+.IP \fBEXFLAG_SI\fR 4
.IX Item "EXFLAG_SI"
The certificate is self issued (that is subject and issuer names match).
-.IP "\fB\s-1EXFLAG_SS\s0\fR" 4
+.IP \fBEXFLAG_SS\fR 4
.IX Item "EXFLAG_SS"
The subject and issuer names match and extension values imply it is self
signed.
-.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4
+.IP \fBEXFLAG_FRESHEST\fR 4
.IX Item "EXFLAG_FRESHEST"
-The freshest \s-1CRL\s0 extension is present in the certificate.
-.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4
+The freshest CRL extension is present in the certificate.
+.IP \fBEXFLAG_CRITICAL\fR 4
.IX Item "EXFLAG_CRITICAL"
The certificate contains an unhandled critical extension.
-.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4
+.IP \fBEXFLAG_INVALID\fR 4
.IX Item "EXFLAG_INVALID"
Some certificate extension values are invalid or inconsistent.
The certificate should be rejected.
This bit may also be raised after an out-of-memory error while
processing the X509 object, so it may not be related to the processed
-\&\s-1ASN1\s0 object itself.
-.IP "\fB\s-1EXFLAG_NO_FINGERPRINT\s0\fR" 4
+ASN1 object itself.
+.IP \fBEXFLAG_NO_FINGERPRINT\fR 4
.IX Item "EXFLAG_NO_FINGERPRINT"
-Failed to compute the internal \s-1SHA1\s0 hash value of the certificate or \s-1CRL.\s0
-This may be due to malloc failure or because no \s-1SHA1\s0 implementation was found.
-.IP "\fB\s-1EXFLAG_INVALID_POLICY\s0\fR" 4
+Failed to compute the internal SHA1 hash value of the certificate or CRL.
+This may be due to malloc failure or because no SHA1 implementation was found.
+.IP \fBEXFLAG_INVALID_POLICY\fR 4
.IX Item "EXFLAG_INVALID_POLICY"
The NID_certificate_policies certificate extension is invalid or
inconsistent. The certificate should be rejected.
This bit may also be raised after an out-of-memory error while
processing the X509 object, so it may not be related to the processed
-\&\s-1ASN1\s0 object itself.
-.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4
+ASN1 object itself.
+.IP \fBEXFLAG_KUSAGE\fR 4
.IX Item "EXFLAG_KUSAGE"
The certificate contains a key usage extension. The value can be retrieved
using \fBX509_get_key_usage()\fR.
-.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4
+.IP \fBEXFLAG_XKUSAGE\fR 4
.IX Item "EXFLAG_XKUSAGE"
The certificate contains an extended key usage extension. The value can be
retrieved using \fBX509_get_extended_key_usage()\fR.
.PP
\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key
usage is present will return zero or more of the flags:
-\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR,
-\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR,
-\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to
-individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is
+\&\fBKU_DIGITAL_SIGNATURE\fR, \fBKU_NON_REPUDIATION\fR, \fBKU_KEY_ENCIPHERMENT\fR,
+\&\fBKU_DATA_ENCIPHERMENT\fR, \fBKU_KEY_AGREEMENT\fR, \fBKU_KEY_CERT_SIGN\fR,
+\&\fBKU_CRL_SIGN\fR, \fBKU_ENCIPHER_ONLY\fR or \fBKU_DECIPHER_ONLY\fR corresponding to
+individual key usage bits. If key usage is absent then \fBUINT32_MAX\fR is
returned.
.PP
\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage
extension. If extended key usage is present it will return zero or more of the
-flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR
-\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These
+flags: \fBXKU_SSL_SERVER\fR, \fBXKU_SSL_CLIENT\fR, \fBXKU_SMIME\fR, \fBXKU_CODE_SIGN\fR
+\&\fBXKU_OCSP_SIGN\fR, \fBXKU_TIMESTAMP\fR, \fBXKU_DVCS\fR or \fBXKU_ANYEKU\fR. These
correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR,
\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR,
\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively.
-Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are
+Additionally \fBXKU_SGC\fR is set if either Netscape or Microsoft SGC OIDs are
present.
.PP
\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key
-identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension
+identifier of \fBx\fR as an \fBASN1_OCTET_STRING\fR or \fBNULL\fR if the extension
is not present or cannot be parsed.
.PP
\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key
-identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension
+identifier of \fBx\fR as an \fBASN1_OCTET_STRING\fR or \fBNULL\fR if the extension
is not present or cannot be parsed.
.PP
\&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority
-certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or
-\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed.
+certificate issuer of \fBx\fR as a stack of \fBGENERAL_NAME\fR structures or
+\&\fBNULL\fR if the extension is not present or cannot be parsed.
.PP
\&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority
-certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the
+certificate serial number of \fBx\fR as an \fBASN1_INTEGER\fR or \fBNULL\fR if the
extension is not present or cannot be parsed.
.PP
-\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag.
+\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fBEXFLAG_PROXY\fR flag.
This is for the users who need to mark non\-RFC3820 proxy certificates as
-such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
+such, as OpenSSL only detects RFC3820 compliant ones.
.PP
\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given
certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy
-certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
+certificates as such, as OpenSSL only detects RFC3820 compliant ones.
.PP
\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the
given certificate \fBx\fR if it is a proxy certificate.
-.SH "NOTES"
+.SH NOTES
.IX Header "NOTES"
The value of the flags correspond to extension values which are cached
in the \fBX509\fR structure. If the flags returned do not provide sufficient
@@ -280,12 +204,12 @@ for example using \fBX509_get_ext_d2i()\fR.
.PP
If the key usage or extended key usage extension is absent then typically usage
is unrestricted. For this reason \fBX509_get_key_usage()\fR and
-\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding
+\&\fBX509_get_extended_key_usage()\fR return \fBUINT32_MAX\fR when the corresponding
extension is absent. Applications can additionally check the return value of
\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is
absent.
.PP
-If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be
+If \fBX509_get0_subject_key_id()\fR returns \fBNULL\fR then the extension may be
absent or malformed. Applications can determine the precise reason using
\&\fBX509_get_ext_d2i()\fR.
.SH "RETURN VALUES"
@@ -298,7 +222,7 @@ is not present.
certificate extension values.
.PP
\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a
-pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension
+pointer to an \fBASN1_OCTET_STRING\fR structure or \fBNULL\fR if the extension
is absent or an error occurred during parsing.
.PP
\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given
@@ -306,15 +230,15 @@ certificate is a proxy one and has a path length set, and \-1 otherwise.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBX509_check_purpose\fR\|(3)
-.SH "HISTORY"
+.SH HISTORY
.IX Header "HISTORY"
\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and
\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0.
-.SH "COPYRIGHT"
+.SH COPYRIGHT
.IX Header "COPYRIGHT"
Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
-Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
-in the file \s-1LICENSE\s0 in the source distribution or at
+in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 16:19:35 +0000