/test/fips_test_suite
/test/ssltest_old
/test/x509aux
+/test/v3ext
*.so*
*.dylib*
*.dll*
X509_check_purpose(x, -1, -1);
return x->skid;
}
+
+long X509_get_pathlen(X509 *x)
+{
+ /* Called for side effect of caching extensions */
+ if (X509_check_purpose(x, -1, -1) != 1
+ || (x->ex_flags & EXFLAG_BCONS) == 0)
+ return -1;
+ return x->ex_pathlen;
+}
=head1 NAME
+X509_get_pathlen,
X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
-retrieve certificate extension flags
+retrieve certificate extension data
=head1 SYNOPSIS
#include <openssl/x509v3.h>
+ long X509_get_pathlen(X509 *x);
uint32_t X509_get_extension_flags(X509 *x);
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
=head1 DESCRIPTION
-These functions retrieve flags related to commonly used certificate extensions.
+These functions retrieve information related to commonly used certificate extensions.
+
+X509_get_pathlen() retrieves the path length extension from a certificate.
+This extension is used to limit the length of a cert chain that may be
+issued from that CA.
X509_get_extension_flags() retrieves general information about a certificate,
it will return one or more of the following flags ored together.
=head1 RETURN VALUE
+X509_get_pathlen() returns the path length value, or -1 if the extension
+is not present.
+
X509_get_extension_flags(), X509_get_key_usage() and
X509_get_extended_key_usage() return sets of flags corresponding to the
certificate extension values.
L<X509_check_purpose(3)>
+=head1 HISTORY
+
+X509_get_pathlen() was added in OpenSSL 1.1.0.
+
=head1 COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
=head1 NAME
-SSL_get_version - get the protocol version of a connection
+SSL_get_version, SSL_is_dtls - get the protocol information of a connection
=head1 SYNOPSIS
const char *SSL_get_version(const SSL *ssl);
+ int SSL_is_dtls(const SSL *ssl);
+
=head1 DESCRIPTION
SSL_get_version() returns the name of the protocol used for the
connection B<ssl>.
+SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
+
=head1 RETURN VALUES
-The following strings can be returned:
+SSL_get_verison() returns one of the following strings:
=over 4
L<ssl(3)>
+=head1 HISTORY
+
+SSL_is_dtls() was added in OpenSSL 1.1.0.
+
=head1 COPYRIGHT
Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
=item const char *B<SSL_get_cipher>(const SSL *ssl);
+=item int B<SSL_is_dtls>(const SSL *ssl);
+
=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
SSL *SSL_new(SSL_CTX *ctx);
int SSL_up_ref(SSL *s);
+int SSL_is_dtls(const SSL *s);
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+long X509_get_pathlen(X509 *x);
int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
# ifndef OPENSSL_NO_RSA
return NULL;
}
+int SSL_is_dtls(const SSL *s)
+{
+ return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
int SSL_up_ref(SSL *s)
{
int i;
mdc2test rmdtest \
randtest dhtest enginetest casttest \
bftest ssltest_old dsatest exptest rsa_test \
- evp_test evp_extra_test igetest v3nametest \
+ evp_test evp_extra_test igetest v3nametest v3ext \
danetest heartbeat_test p5_crpt2_test \
constant_time_test verify_extra_test clienthellotest \
packettest asynctest secmemtest srptest memleaktest \
INCLUDE[v3nametest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[v3nametest]=../libcrypto
+ SOURCE[v3ext]=v3ext.c
+ INCLUDE[v3ext]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
+ DEPEND[v3ext]=../libcrypto
+
SOURCE[danetest]=danetest.c
INCLUDE[danetest]="{- rel2abs(catdir($builddir,"../include")) -}" ../include
DEPEND[danetest]=../libcrypto ../libssl
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
+h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
+1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
+mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
+FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
+iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
+dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
+xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
+2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
+8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
+CA==
+-----END CERTIFICATE-----
setup("test_x509");
-plan tests => 4;
+plan tests => 5;
require_ok(srctop_file('test','recipes','tconversion.pl'));
subtest 'x509 -- second x.509 v3 certificate' => sub {
tconversion("x509", srctop_file("test","v3-cert2.pem"));
};
+
+subtest 'x509 -- pathlen' => sub {
+ ok(run(test(["v3ext", srctop_file("test/certs", "pathlen.pem")])));
+}
--- /dev/null
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+int main(int ac, char **av)
+{
+ X509 *x = NULL;
+ BIO *b = NULL;
+ long pathlen;
+ int ret = 1;
+
+ if (ac != 2) {
+ fprintf(stderr, "Usage error\n");
+ goto end;
+ }
+ b = BIO_new_file(av[1], "r");
+ if (b == NULL)
+ goto end;
+ x = PEM_read_bio_X509(b, NULL, NULL, NULL);
+ if (x == NULL)
+ goto end;
+ pathlen = X509_get_pathlen(x);
+ if (pathlen == 6)
+ ret = 0;
+
+end:
+ ERR_print_errors_fp(stderr);
+ BIO_free(b);
+ X509_free(x);
+ return ret;
+}
X509_OBJECT_new 4089 1_1_0 EXIST::FUNCTION:
X509_STORE_get0_param 4090 1_1_0 EXIST::FUNCTION:
PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION:
+X509_get_pathlen 4092 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get0_hostname 396 1_1_0 EXIST::FUNCTION:
SSL_client_version 397 1_1_0 EXIST::FUNCTION:
SSL_SESSION_get_protocol_version 398 1_1_0 EXIST::FUNCTION:
+SSL_is_dtls 399 1_1_0 EXIST::FUNCTION:
projects / openssl / commitdiff