1=pod 2 3=head1 NAME 4 5X509V3_set_ctx, 6X509V3_set_issuer_pkey - X.509 v3 extension generation utilities 7 8=head1 SYNOPSIS 9 10 #include <openssl/x509v3.h> 11 12 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, 13 X509_REQ *req, X509_CRL *crl, int flags); 14 int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); 15 16=head1 DESCRIPTION 17 18X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, 19providing details potentially needed by functions producing X509 v3 extensions. 20These may make use of fields of the certificate I<subject>, the certification 21request I<req>, or the certificate revocation list I<crl>. 22At most one of these three parameters can be non-NULL. 23When constructing the subject key identifier of a certificate by computing a 24hash value of its public key, the public key is taken from I<subject> or I<req>. 25Similarly, when constructing subject alternative names from any email addresses 26contained in a subject DN, the subject DN is taken from I<subject> or I<req>. 27If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for 28instance as a reference for generating the authority key identifier extension. 29I<issuer> may be the same pointer value as I<subject> (which usually is an 30indication that the I<subject> certificate is self-issued or even self-signed). 31In this case the fallback source for generating the authority key identifier 32extension will be taken from any value provided using X509V3_set_issuer_pkey(). 33I<flags> may be 0 34or contain B<X509V3_CTX_TEST>, which means that just the syntax of 35extension definitions is to be checked without actually producing any extension, 36or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as 37defined in some configuration section shall replace any already existing 38extension with the same OID. 39 40X509V3_set_issuer_pkey() explicitly sets the issuer private key of 41the subject certificate that has been provided in I<ctx>. 42This should be done in case the I<issuer> and I<subject> arguments to 43X509V3_set_ctx() have the same pointer value 44to provide fallback data for the authority key identifier extension. 45 46=head1 RETURN VALUES 47 48X509V3_set_ctx() and X509V3_set_issuer_pkey() 49return 1 on success and 0 on error. 50 51=head1 SEE ALSO 52 53L<X509_add_ext(3)> 54 55=head1 HISTORY 56 57X509V3_set_issuer_pkey() was added in OpenSSL 3.0. 58 59CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. 60 61=head1 COPYRIGHT 62 63Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 64 65Licensed under the Apache License 2.0 (the "License"). You may not use 66this file except in compliance with the License. You can obtain a copy 67in the file LICENSE in the source distribution or at 68L<https://www.openssl.org/source/license.html>. 69 70=cut 71
