openssl/doc/man3/X509V3_set_ctx.pod

=pod

=head1 NAME

X509V3_set_ctx,
X509V3_set_issuer_pkey - X.509 v3 extension generation utilities

=head1 SYNOPSIS

 #include <openssl/x509v3.h>

 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
                     X509_REQ *req, X509_CRL *crl, int flags);
 int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);

=head1 DESCRIPTION

X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
providing details potentially needed by functions producing X509 v3 extensions,
e.g., to look up values for filling in authority key identifiers.
Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate,
certification request, or certificate revocation list, respectively.
If I<subj> or I<crl> is provided, I<issuer> should point to its issuer,
for instance to help generating an authority key identifier extension.
Note that if I<subj> is provided, I<issuer> may be the same as I<subj>,
which means that I<subj> is self-issued (or even self-signed).
I<flags> may be 0
or contain B<X509V3_CTX_TEST>, which means that just the syntax of
extension definitions is to be checked without actually producing an extension,
or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
defined in some configuration section shall replace any already existing
extension with the same OID.

X509V3_set_issuer_pkey() explicitly sets the issuer private key of
the certificate that has been provided in I<ctx>.
This should be done for self-issued certificates (which may be self-signed
or not) to provide fallback data for the authority key identifier extension.

=head1 RETURN VALUES

X509V3_set_ctx() and X509V3_set_issuer_pkey()
return 1 on success and 0 on error.

=head1 SEE ALSO

L<X509_add_ext(3)>

=head1 HISTORY

X509V3_set_issuer_pkey() was added in OpenSSL 3.0.

CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.

=head1 COPYRIGHT

Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2020-12-24 18:25:47 +08:00			`=pod`

			`=head1 NAME`

			`X509V3_set_ctx,`
x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2021-01-11 14:52:45 +08:00			`X509V3_set_issuer_pkey - X.509 v3 extension generation utilities`
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2020-12-24 18:25:47 +08:00
			`=head1 SYNOPSIS`

			`#include <openssl/x509v3.h>`

			`void X509V3_set_ctx(X509V3_CTX ctx, X509 issuer, X509 *subject,`
			`X509_REQ req, X509_CRL crl, int flags);`
			`int X509V3_set_issuer_pkey(X509V3_CTX ctx, EVP_PKEY pkey);`

			`=head1 DESCRIPTION`

			`X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,`
x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2021-01-11 14:52:45 +08:00			`providing details potentially needed by functions producing X509 v3 extensions,`
			`e.g., to look up values for filling in authority key identifiers.`
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2020-12-24 18:25:47 +08:00			`Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate,`
			`certification request, or certificate revocation list, respectively.`
			`If I<subj> or I<crl> is provided, I<issuer> should point to its issuer,`
			`for instance to help generating an authority key identifier extension.`
			`Note that if I<subj> is provided, I<issuer> may be the same as I<subj>,`
			`which means that I<subj> is self-issued (or even self-signed).`
x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2021-01-11 14:52:45 +08:00			`I<flags> may be 0`
			`or contain B<X509V3_CTX_TEST>, which means that just the syntax of`
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2020-12-24 18:25:47 +08:00			`extension definitions is to be checked without actually producing an extension,`
			`or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as`
			`defined in some configuration section shall replace any already existing`
			`extension with the same OID.`

			`X509V3_set_issuer_pkey() explicitly sets the issuer private key of`
			`the certificate that has been provided in I<ctx>.`
			`This should be done for self-issued certificates (which may be self-signed`
			`or not) to provide fallback data for the authority key identifier extension.`

			`=head1 RETURN VALUES`

			`X509V3_set_ctx() and X509V3_set_issuer_pkey()`
			`return 1 on success and 0 on error.`

			`=head1 SEE ALSO`

			`L<X509_add_ext(3)>`

			`=head1 HISTORY`

			`X509V3_set_issuer_pkey() was added in OpenSSL 3.0.`

x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2021-01-11 14:52:45 +08:00			`CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.`

Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2020-12-24 18:25:47 +08:00			`=head1 COPYRIGHT`

Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999) 2021-01-28 20:54:57 +08:00			`Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.`
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658) 2020-12-24 18:25:47 +08:00
			`Licensed under the Apache License 2.0 (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`