hx509_ca - Online Linux Manual PageSection : 3
Updated : Tue Nov 15 2022
Source : Version 7.8.0
Note : Heimdal x509 library

NAMEhx509_ca − hx509 CA functions

SYNOPSIS

Functionsint hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs *tbs)
void hx509_ca_tbs_free (hx509_ca_tbs *tbs)
int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)
int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)
int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)
const struct units * hx509_ca_tbs_template_units (void)
int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)
int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)
int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)
int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)
int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)
int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)
int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)
int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char *principal)
int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char *principal)
int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char *jid)
int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)
int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)
int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)
int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)
int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)
int hx509_ca_tbs_set_signature_algorithm (hx509_context context, hx509_ca_tbs tbs, const AlgorithmIdentifier *sigalg)
int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)
int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)

Detailed DescriptionSee the Hx509 CA functions for description and examples​.

Function Documentation

int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert * certificate)Sign a to-be-signed certificate object with a issuer certificate​. The caller needs to at least have called the following functions on the to-be-signed certificate object: • hx509_ca_tbs_init() • hx509_ca_tbs_set_subject() • hx509_ca_tbs_set_spki() When done the to-be-signed certificate object should be freed with hx509_ca_tbs_free()​. When creating self-signed certificate use hx509_ca_sign_self() instead​. Parameters context A hx509 context​.
tbs object to be signed​.
signer the CA certificate object to sign with (need private key)​.
certificate return cerificate, free with hx509_cert_free()​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert * certificate)Work just like hx509_ca_sign() but signs it-self​. Parameters context A hx509 context​.
tbs object to be signed​.
signer private key to sign with​.
certificate return cerificate, free with hx509_cert_free()​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char * uri, hx509_name issuername)Add CRL distribution point URI to the to-be-signed certificate object​. Parameters context A hx509 context​.
tbs object to be signed​.
uri uri to the CRL​.
issuername name of the issuer​.
Returns An hx509 error code, see hx509_get_error_string()​. issuername not supported

int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid)An an extended key usage to the to-be-signed certificate object​. Duplicates will detected and not added​. Parameters context A hx509 context​.
tbs object to be signed​.
oid extended key usage to add​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char * dnsname)Add a Subject Alternative Name hostname to to-be-signed certificate object​. A domain match starts with ​., an exact match does not​. Example of a an domain match: ​.domain​.se matches the hostname host​.domain​.se​. Parameters context A hx509 context​.
tbs object to be signed​.
dnsname a hostame​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char * jid)Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object​. The jid is an UTF8 string​. Parameters context A hx509 context​.
tbs object to be signed​.
jid string of an a jabber id in UTF8​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char * principal)Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object​. The principal string is a UTF8 string​. Parameters context A hx509 context​.
tbs object to be signed​.
principal Microsoft UPN string​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid, const heim_octet_string * os)Add Subject Alternative Name otherName to the to-be-signed certificate object​. Parameters context A hx509 context​.
tbs object to be signed​.
oid the oid of the OtherName​.
os data in the other name​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char * principal)Add Kerberos Subject Alternative Name to the to-be-signed certificate object​. The principal string is a UTF8 string​. Parameters context A hx509 context​.
tbs object to be signed​.
principal Kerberos principal to add to the certificate​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char * rfc822Name)Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object​. Parameters context A hx509 context​.
tbs object to be signed​.
rfc822Name a string to a email address​.
Returns An hx509 error code, see hx509_get_error_string()​.

void hx509_ca_tbs_free (hx509_ca_tbs * tbs)Free an To Be Signed object​. Parameters tbs object to free​.

int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs * tbs)Allocate an to-be-signed certificate object that will be converted into an certificate​. Parameters context A hx509 context​.
tbs returned to-be-signed certicate object, free with hx509_ca_tbs_free()​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)Make the to-be-signed certificate object a CA certificate​. If the pathLenConstraint is negative path length constraint is used​. Parameters context A hx509 context​.
tbs object to be signed​.
pathLenConstraint path length constraint, negative, no constraint​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)Make the to-be-signed certificate object a windows domain controller certificate​. Parameters context A hx509 context​.
tbs object to be signed​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)Set the absolute time when the certificate is valid to​. Parameters context A hx509 context​.
tbs object to be signed​.
t time when the certificate will expire
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)Set the relative time when the certificiate is going to expire​. Parameters context A hx509 context​.
tbs object to be signed​.
delta seconds to the certificate is going to expire​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)Set the absolute time when the certificate is valid from​. If not set the current time will be used​. Parameters context A hx509 context​.
tbs object to be signed​.
t time the certificated will start to be valid
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)Make the to-be-signed certificate object a proxy certificate​. If the pathLenConstraint is negative path length constraint is used​. Parameters context A hx509 context​.
tbs object to be signed​.
pathLenConstraint path length constraint, negative, no constraint​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer * serialNumber)Set the serial number to use for to-be-signed certificate object​. Parameters context A hx509 context​.
tbs object to be signed​.
serialNumber serial number to use for the to-be-signed certificate object​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_signature_algorithm (hx509_context context, hx509_ca_tbs tbs, const AlgorithmIdentifier * sigalg)Set signature algorithm on the to be signed certificate Parameters context A hx509 context​.
tbs object to be signed​.
sigalg signature algorithm to use
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo * spki)Set the subject public key info (SPKI) in the to-be-signed certificate object​. SPKI is the public key and key related parameters in the certificate​. Parameters context A hx509 context​.
tbs object to be signed​.
spki subject public key info to use for the to-be-signed certificate object​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)Set the subject name of a to-be-signed certificate object​. Parameters context A hx509 context​.
tbs object to be signed​.
subject the name to set a subject​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)Initialize the to-be-signed certificate object from a template certifiate​. Parameters context A hx509 context​.
tbs object to be signed​.
flags bit field selecting what to copy from the template certifiate​.
cert template certificate​.
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string * subjectUniqueID, const heim_bit_string * issuerUniqueID)Set the issuerUniqueID and subjectUniqueID These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier​. This function is to allow application using legacy protocol to issue them​. Parameters context A hx509 context​.
tbs object to be signed​.
issuerUniqueID to be set
subjectUniqueID to be set
Returns An hx509 error code, see hx509_get_error_string()​.

int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)Expand the the subject name in the to-be-signed certificate object using hx509_name_expand()​. Parameters context A hx509 context​.
tbs object to be signed​.
env environment variable to expand variables in the subject name, see hx509_env_init()​.
Returns An hx509 error code, see hx509_get_error_string()​.

const struct units* hx509_ca_tbs_template_units (void)Make of template units, use to build flags argument to hx509_ca_tbs_set_template() with parse_units()​. Returns an units structure​.

AuthorGenerated automatically by Doxygen for Heimdal x509 library from the source code​.
0
Johanes Gumabo
Data Size   :   66,946 byte
man-hx509_ca_tbs_free.3Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   4 / 165,878
Visitor ID   :     :  
Visitor IP   :   3.142.197.111   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.