NAME

X509V3_EXT_get_nid, X509V3_EXT_get — retrieve X.509v3 certificate extension methods

SYNOPSIS

#include <openssl/x509v3.h>

const X509V3_EXT_METHOD *
X509V3_EXT_get_nid(int nid);

const X509V3_EXT_METHOD *
X509V3_EXT_get(X509_EXTENSION *ext);

DESCRIPTION

An X.509v3 certificate extension contains an Object Identifier (OID), a boolean criticality indicator, and an opaque extension value (an ASN1_OCTET_STRING) whose meaning is determined by the OID. The library's X509V3_EXT_METHOD type, which is not yet documented in detail, contains a numeric identifier (NID) to represent the OID and various handlers for encoding, decoding, printing, and configuring the extension's value. Criticality is handled separately, for example as an argument to X509V3_add1_i2d(3).

RETURN VALUES

X509V3_EXT_get_nid() returns the X509V3_EXT_METHOD corresponding to the numeric identifier nid, or NULL if there is none.

X509V3_EXT_get() returns the X509V3_EXT_METHOD associated with the extension type of ext, or NULL if there is none.

SEE ALSO

i2s_ASN1_ENUMERATED_TABLE(3), OBJ_create(3), v2i_ASN1_BIT_STRING(3), X509_EXTENSION_get_object(3), X509V3_get_d2i(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

• section 4.2: Certificate Extensions

HISTORY

These functions first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.

CAVEATS

In LibreSSL, these functions only support built-in nid values corresponding to static built-in objects. Other implementations have incomplete support for custom extension methods, whose API is not threadsafe, does not affect the behavior of X509_verify_cert(3), and has various other surprising quirks. Both functions prefer built-in methods over custom methods with the same OID.