summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/X509_get_extension_flags.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/X509_get_extension_flags.3')
-rw-r--r--secure/lib/libcrypto/man/X509_get_extension_flags.372
1 files changed, 38 insertions, 34 deletions
diff --git a/secure/lib/libcrypto/man/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/X509_get_extension_flags.3
index c0146c0e31955..82ed11dd4fbec 100644
--- a/secure/lib/libcrypto/man/X509_get_extension_flags.3
+++ b/secure/lib/libcrypto/man/X509_get_extension_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_GET_EXTENSION_FLAGS 3"
-.TH X509_GET_EXTENSION_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET_EXTENSION_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,11 +159,11 @@ X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get_pathlen, X509_get
.IX Header "DESCRIPTION"
These functions retrieve information related to commonly used certificate extensions.
.PP
-\&\fIX509_get_pathlen()\fR retrieves the path length extension from a certificate.
+\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate.
This extension is used to limit the length of a cert chain that may be
issued from that \s-1CA.\s0
.PP
-\&\fIX509_get_extension_flags()\fR retrieves general information about a certificate,
+\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate,
it will return one or more of the following flags ored together.
.IP "\fB\s-1EXFLAG_V1\s0\fR" 4
.IX Item "EXFLAG_V1"
@@ -193,13 +197,13 @@ certificate should be rejected.
.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4
.IX Item "EXFLAG_KUSAGE"
The certificate contains a key usage extension. The value can be retrieved
-using \fIX509_get_key_usage()\fR.
+using \fBX509_get_key_usage()\fR.
.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4
.IX Item "EXFLAG_XKUSAGE"
The certificate contains an extended key usage extension. The value can be
-retrieved using \fIX509_get_extended_key_usage()\fR.
+retrieved using \fBX509_get_extended_key_usage()\fR.
.PP
-\&\fIX509_get_key_usage()\fR returns the value of the key usage extension. If key
+\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key
usage is present will return zero or more of the flags:
\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR,
\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR,
@@ -207,7 +211,7 @@ usage is present will return zero or more of the flags:
individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is
returned.
.PP
-\&\fIX509_get_extended_key_usage()\fR returns the value of the extended key usage
+\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage
extension. If extended key usage is present it will return zero or more of the
flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR
\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These
@@ -217,63 +221,63 @@ correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR,
Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are
present.
.PP
-\&\fIX509_get0_subject_key_id()\fR returns an internal pointer to the subject key
+\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key
identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension
is not present or cannot be parsed.
.PP
-\&\fIX509_get0_authority_key_id()\fR returns an internal pointer to the authority key
+\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key
identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension
is not present or cannot be parsed.
.PP
-\&\fIX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag.
+\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag.
This is for the users who need to mark non\-RFC3820 proxy certificates as
such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
.PP
-\&\fIX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given
+\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given
certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy
certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
.PP
-\&\fIX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the
+\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the
given certificate \fBx\fR if it is a proxy certificate.
.SH "NOTES"
.IX Header "NOTES"
The value of the flags correspond to extension values which are cached
in the \fBX509\fR structure. If the flags returned do not provide sufficient
information an application should examine extension values directly
-for example using \fIX509_get_ext_d2i()\fR.
+for example using \fBX509_get_ext_d2i()\fR.
.PP
If the key usage or extended key usage extension is absent then typically usage
-is unrestricted. For this reason \fIX509_get_key_usage()\fR and
-\&\fIX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding
+is unrestricted. For this reason \fBX509_get_key_usage()\fR and
+\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding
extension is absent. Applications can additionally check the return value of
-\&\fIX509_get_extension_flags()\fR and take appropriate action is an extension is
+\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is
absent.
.PP
-If \fIX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be
+If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be
absent or malformed. Applications can determine the precise reason using
-\&\fIX509_get_ext_d2i()\fR.
+\&\fBX509_get_ext_d2i()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIX509_get_pathlen()\fR returns the path length value, or \-1 if the extension
+\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension
is not present.
.PP
-\&\fIX509_get_extension_flags()\fR, \fIX509_get_key_usage()\fR and
-\&\fIX509_get_extended_key_usage()\fR return sets of flags corresponding to the
+\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and
+\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the
certificate extension values.
.PP
-\&\fIX509_get0_subject_key_id()\fR returns the subject key identifier as a
+\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a
pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension
is absent or an error occurred during parsing.
.PP
-\&\fIX509_get_proxy_pathlen()\fR returns the path length value if the given
+\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given
certificate is a proxy one and has a path length set, and \-1 otherwise.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIX509_check_purpose\fR\|(3)
+\&\fBX509_check_purpose\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIX509_get_pathlen()\fR, \fIX509_set_proxy_flag()\fR, \fIX509_set_proxy_pathlen()\fR and
-\&\fIX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0.
+\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and
+\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 19:04:25 +0000