X509_KEYID_SET1(3) Library Functions Manual X509_KEYID_SET1(3)
NAME
X509_keyid_set1, X509_keyid_get0, X509_alias_set1, X509_alias_get0 — auxiliary certificate data for PKCS#12
SYNOPSIS
#include <openssl/x509.h>
int
X509_keyid_set1(X509 *x, const unsigned char *data, int len);
unsigned char *
X509_keyid_get0(X509 *x, int *plen);
int
X509_alias_set1(X509 *x, const unsigned char *data, int len);
unsigned char *
X509_alias_get0(X509 *x, int *plen);
DESCRIPTION
These functions store non-standard auxiliary data in x and retrieve it.
The len bytes of data stored using X509_keyid_set1() will be written to the localKeyID attribute of the PKCS#12 structure if PKCS12_create(3) is later called on x, and the data stored using X509_alias_set1() will be written to the friendlyName attribute. If data points to a NUL-terminated string, −1 can be passed as the len argument to let len be calculated internally using strlen(3). If a NULL pointer is passed as the data argument, the respective auxiliary data stored in x, if any, is removed from x and freed.
Conversely, PKCS12_parse(3) retrieves these attributes from a PKCS#12 structure such that they can subsequently be accessed with X509_keyid_get0() and X509_alias_get0(). Unless NULL is passed for the plen argument, these functions store the size of the returned buffer in bytes in *plen. After the call, the returned buffer is not necessarily NUL-terminated, but it may contain internal NUL bytes.
API design is very incomplete; given the complexity of PKCS#12, that’s probably an asset rather than a defect. The PKCS#12 standard defines many attributes that cannot be stored in X509 objects.
To associate certificates with alternative names and key identifiers, X.509 certificate extensions are more commonly used than PKCS#12 attributes, for example using X509_EXTENSION_create_by_NID(3) with NID_subject_alt_name or NID_subject_key_identifier.
RETURN VALUES
X509_keyid_set1() and X509_alias_set1() return 1 if data is NULL or if the input data was successfully copied into x, or 0 if data is not NULL but could not be copied because x is NULL or memory allocation failed.
X509_keyid_get0() and X509_alias_get0() return an internal pointer to an array of bytes or NULL if x does not contain auxiliary data of the requested kind.
SEE ALSO
ASN1_STRING_set(3), X509_CERT_AUX_new(3), X509_EXTENSION_new(3), X509_new(3), X509V3_get_d2i(3)
HISTORY
X509_alias_set1() and X509_alias_get0() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.
X509_keyid_set1() first appeared in OpenSSL 0.9.6 and has been available since OpenBSD 2.9.
X509_keyid_get0() first appeared in OpenSSL 0.9.8 and has been available since OpenBSD 4.5. GNU July 9, 2021 X509_KEYID_SET1(3)