hx509 certificate functions(3) | Heimdalx509library | hx509 certificate functions(3) |
NAME
hx509 certificate functions -Functions
int hx509_cert_init (hx509_context context, const Certificate *c, hx509_cert *cert)
Detailed Description
See the The basic certificate for description and examples.Function Documentation
int hx509_cert_binary (hx509_context context, hx509_cert c, heim_octet_string * os)
Encodes the hx509 certificate as a DER encode binary.Parameters:
Returns:
int hx509_cert_check_eku (hx509_context context, hx509_cert cert, const heim_oid * eku, int allow_any_eku)
Check the extended key usage on the hx509 certificate.Parameters:
Returns:
int hx509_cert_cmp (hx509_cert p, hx509_cert q)
Compare to hx509 certificate object, useful for sorting.Parameters:
Returns:
int hx509_cert_find_subjectAltName_otherName (hx509_context context, hx509_cert cert, const heim_oid * oid, hx509_octet_string_list * list)
Return a list of subjectAltNames specified by oid in the certificate. On error theThe returned list of octet string should be freed with hx509_free_octet_string_list().
Parameters:
Returns:
void hx509_cert_free (hx509_cert cert)
Free reference to the hx509 certificate object, if the refcounter reaches 0, the object if freed. Its allowed to pass in NULL.Parameters:
hx509_cert_attribute hx509_cert_get_attribute (hx509_cert cert, const heim_oid * oid)
Get an external attribute for the certificate, examples are friendly name and id.Parameters:
Returns:
int hx509_cert_get_base_subject (hx509_context context, hx509_cert c, hx509_name * name)
Return the name of the base subject of the hx509 certificate. If the certiicate is a verified proxy certificate, the this function return the base certificate (root of the proxy chain). If the proxy certificate is not verified with the base certificate HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.Parameters:
Returns:
const char* hx509_cert_get_friendly_name (hx509_cert cert)
Get friendly name of the certificate.Parameters:
Returns:
int hx509_cert_get_issuer (hx509_cert p, hx509_name * name)
Return the name of the issuer of the hx509 certificate.Parameters:
Returns:
int hx509_cert_get_issuer_unique_id (hx509_context context, hx509_cert p, heim_bit_string * issuer)
Get a copy of the Issuer Unique IDParameters:
Returns:
time_t hx509_cert_get_notAfter (hx509_cert p)
Get notAfter time of the certificate.Parameters:
Returns:
time_t hx509_cert_get_notBefore (hx509_cert p)
Get notBefore time of the certificate.Parameters:
Returns:
int hx509_cert_get_serialnumber (hx509_cert p, heim_integer * i)
Get serial number of the certificate.Parameters:
Returns:
int hx509_cert_get_SPKI (hx509_context context, hx509_cert p, SubjectPublicKeyInfo * spki)
Get the SubjectPublicKeyInfo structure from the hx509 certificate.Parameters:
Returns:
int hx509_cert_get_SPKI_AlgorithmIdentifier (hx509_context context, hx509_cert p, AlgorithmIdentifier * alg)
Get the AlgorithmIdentifier from the hx509 certificate.Parameters:
Returns:
int hx509_cert_get_subject (hx509_cert p, hx509_name * name)
Return the name of the subject of the hx509 certificate.Parameters:
Returns:
int hx509_cert_get_subject_unique_id (hx509_context context, hx509_cert p, heim_bit_string * subject)
Get a copy of the Subect Unique IDParameters:
Returns:
int hx509_cert_init (hx509_context context, const Certificate * c, hx509_cert * cert)
Allocate and init an hx509 certificate object from the decoded certificate `c卒.Parameters:
Returns:
int hx509_cert_init_data (hx509_context context, const void * ptr, size_t len, hx509_cert * cert)
Just like hx509_cert_init(), but instead of a decode certificate takes an pointer and length to a memory region that contains a DER/BER encoded certificate.If the memory region doesn't contain just the certificate and nothing more the function will fail with HX509_EXTRA_DATA_AFTER_STRUCTURE.
Parameters:
Returns:
hx509_cert hx509_cert_ref (hx509_cert cert)
Add a reference to a hx509 certificate object.Parameters:
Returns:
int hx509_cert_set_friendly_name (hx509_cert cert, const char * name)
Set the friendly name on the certificate.Parameters:
Returns:
int hx509_print_cert (hx509_context context, hx509_cert cert, FILE * out)
Print a simple representation of a certificateParameters:
Returns:
int hx509_query_alloc (hx509_context context, hx509_query ** q)
Allocate an query controller. Free using hx509_query_free().Parameters:
Returns:
void hx509_query_free (hx509_context context, hx509_query * q)
Free the query controller.Parameters:
int hx509_query_match_cmp_func (hx509_query * q, int(*)(hx509_context, hx509_cert, void *) func, void * ctx)
Set the query controller to match using a specific match function.Parameters:
Returns:
int hx509_query_match_eku (hx509_query * q, const heim_oid * eku)
Set the query controller to require an one specific EKU (extended key usage). Any previous EKU matching is overwitten. If NULL is passed in as the eku, the EKU requirement is reset.Parameters:
Returns:
int hx509_query_match_friendly_name (hx509_query * q, const char * name)
Set the query controller to match on a friendly nameParameters:
Returns:
int hx509_query_match_issuer_serial (hx509_query * q, const Name * issuer, const heim_integer * serialNumber)
Set the issuer and serial number of match in the query controller. The function make copies of the isser and serial number.Parameters:
Returns:
void hx509_query_match_option (hx509_query * q, hx509_query_option option)
Set match options for the hx509 query controller.Parameters:
Returns:
void hx509_query_statistic_file (hx509_context context, const char * fn)
Set a statistic file for the query statistics.Parameters:
void hx509_query_unparse_stats (hx509_context context, int printtype, FILE * out)
Unparse the statistics file and print the result on a FILE descriptor.Parameters:
void hx509_verify_ctx_f_allow_default_trustanchors (hx509_verify_ctx ctx, int boolean)
Allow using the operating system builtin trust anchors if no other trust anchors are configured.Parameters:
Returns:
int hx509_verify_hostname (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char * hostname, const struct sockaddr * sa, int sa_size)
Verify that the certificate is allowed to be used for the hostname and address.Parameters:
- •
- HX509_VHN_F_ALLOW_NO_MATCH no match is ok
type type of hostname:
- •
- HX509_HN_HOSTNAME for plain hostname.
- •
- HX509_HN_DNSSRV for DNS SRV names.
hostname the hostname to check
sa address of the host
sa_size length of address
Returns:
11 Jan 2012 | Version 1.5.2 |