NAME
X509_add1_trust_object
,
X509_trust_clear
,
X509_add1_reject_object
,
X509_reject_clear
—
mark an X.509 certificate as intended
for a specific purpose
SYNOPSIS
#include
<openssl/x509.h>
int
X509_add1_trust_object
(X509 *x,
const ASN1_OBJECT *purpose);
void
X509_trust_clear
(X509 *x);
int
X509_add1_reject_object
(X509 *x,
const ASN1_OBJECT *purpose);
void
X509_reject_clear
(X509 *x);
DESCRIPTION
X509_add1_trust_object
()
appends a deep copy of the purpose object to the set of
intended purposes that x contains as non-standard
auxiliary data. The function
OBJ_nid2obj(3) can be used to create appropriate purpose objects from
the NID_*
constants mentioned in
X509_check_purpose(3), even though the
X509_PURPOSE_*
constants listed in that manual page
are not intended for use with
X509_add1_trust_object
().
X509_trust_clear
()
frees and removes all purpose objects from the set of intended purposes in
the non-standard auxiliary data of x.
X509_add1_reject_object
()
and
X509_reject_clear
()
are similar except that they operate on a set of unintended purposes.
As an alternative to using the functions documented in the present manual page, X.509 certificate extensions can be used. At the price of higher complexity, those allow storing the purpose inside the certificate itself in a standard-conforming way rather than merely in non-standard auxiliary data associated with the certificate. See EXTENDED_KEY_USAGE_new(3) for details.
RETURN VALUES
X509_add1_trust_object
() and
X509_add1_reject_object
() return the new number of
purposes in the respective set or 0 if an error occurs, in particular if
memory allocation fails or if x does not contain a
sub-object that can hold non-standard auxiliary data.
SEE ALSO
ASN1_OBJECT_new(3), EXTENDED_KEY_USAGE_new(3), OBJ_nid2obj(3), X509_CERT_AUX_new(3), X509_check_trust(3), X509_new(3)
HISTORY
These functions first appeared in OpenSSL 0.9.4 and have been available since OpenBSD 2.7.