X509V3_set_ctx() fills in the basic fields of ctx of type X509V3_CTX, providing details potentially
needed by functions producing X509 v3 extensions. These may make use of fields of the certificate
subject, the certification request req, or the certificate revocation list crl. At most one of these
three parameters can be non-NULL. When constructing the subject key identifier of a certificate by
computing a hash value of its public key, the public key is taken from subject or req. Similarly, when
constructing subject alternative names from any email addresses contained in a subject DN, the subject DN
is taken from subject or req. If subject or crl is provided, issuer should point to its issuer, for
instance as a reference for generating the authority key identifier extension. issuer may be the same
pointer value as subject (which usually is an indication that the subject certificate is self-issued or
even self-signed). In this case the fallback source for generating the authority key identifier
extension will be taken from any value provided using X509V3_set_issuer_pkey(). flags may be 0 or
contain X509V3_CTX_TEST, which means that just the syntax of extension definitions is to be checked
without actually producing any extension, or X509V3_CTX_REPLACE, which means that each X.509v3 extension
added as defined in some configuration section shall replace any already existing extension with the same
OID.
X509V3_set_issuer_pkey() explicitly sets the issuer private key of the subject certificate that has been
provided in ctx. This should be done in case the issuer and subject arguments to X509V3_set_ctx() have
the same pointer value to provide fallback data for the authority key identifier extension.
Install Now
PNG Icons
