1 /* $OpenBSD: x509_local.h,v 1.34 2025/01/26 20:01:58 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2013. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2013 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #ifndef HEADER_X509_LOCAL_H 60 #define HEADER_X509_LOCAL_H 61 62 #include <openssl/x509v3.h> 63 64 #include "bytestring.h" 65 66 __BEGIN_HIDDEN_DECLS 67 68 #define TS_HASH_EVP EVP_sha1() 69 #define TS_HASH_LEN SHA_DIGEST_LENGTH 70 71 #define X509_CERT_HASH_EVP EVP_sha512() 72 #define X509_CERT_HASH_LEN SHA512_DIGEST_LENGTH 73 #define X509_CRL_HASH_EVP EVP_sha512() 74 #define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH 75 76 #define X509_TRUST_ACCEPT_ALL -1 77 78 /* check_trust return codes */ 79 #define X509_TRUST_TRUSTED 1 80 #define X509_TRUST_REJECTED 2 81 #define X509_TRUST_UNTRUSTED 3 82 83 int X509_check_trust(X509 *x, int id, int flags); 84 85 struct X509_val_st { 86 ASN1_TIME *notBefore; 87 ASN1_TIME *notAfter; 88 } /* X509_VAL */; 89 90 struct X509_pubkey_st { 91 X509_ALGOR *algor; 92 ASN1_BIT_STRING *public_key; 93 EVP_PKEY *pkey; 94 }; 95 96 struct X509_sig_st { 97 X509_ALGOR *algor; 98 ASN1_OCTET_STRING *digest; 99 } /* X509_SIG */; 100 101 struct X509_name_entry_st { 102 ASN1_OBJECT *object; 103 ASN1_STRING *value; 104 int set; 105 int size; /* temp variable */ 106 } /* X509_NAME_ENTRY */; 107 108 /* we always keep X509_NAMEs in 2 forms. */ 109 struct X509_name_st { 110 STACK_OF(X509_NAME_ENTRY) *entries; 111 int modified; /* true if 'bytes' needs to be built */ 112 #ifndef OPENSSL_NO_BUFFER 113 BUF_MEM *bytes; 114 #else 115 char *bytes; 116 #endif 117 /* unsigned long hash; Keep the hash around for lookups */ 118 unsigned char *canon_enc; 119 int canon_enclen; 120 } /* X509_NAME */; 121 122 struct X509_extension_st { 123 ASN1_OBJECT *object; 124 ASN1_BOOLEAN critical; 125 ASN1_OCTET_STRING *value; 126 } /* X509_EXTENSION */; 127 128 struct x509_attributes_st { 129 ASN1_OBJECT *object; 130 STACK_OF(ASN1_TYPE) *set; 131 } /* X509_ATTRIBUTE */; 132 133 struct X509_req_info_st { 134 ASN1_ENCODING enc; 135 ASN1_INTEGER *version; 136 X509_NAME *subject; 137 X509_PUBKEY *pubkey; 138 /* d=2 hl=2 l= 0 cons: cont: 00 */ 139 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 140 } /* X509_REQ_INFO */; 141 142 struct X509_req_st { 143 X509_REQ_INFO *req_info; 144 X509_ALGOR *sig_alg; 145 ASN1_BIT_STRING *signature; 146 int references; 147 } /* X509_REQ */; 148 149 /* 150 * This stuff is certificate "auxiliary info" it contains details which are 151 * useful in certificate stores and databases. When used this is tagged onto 152 * the end of the certificate itself. 153 */ 154 typedef struct x509_cert_aux_st { 155 STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ 156 STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ 157 ASN1_UTF8STRING *alias; /* "friendly name" */ 158 ASN1_OCTET_STRING *keyid; /* key id of private key */ 159 STACK_OF(X509_ALGOR) *other; /* other unspecified info */ 160 } X509_CERT_AUX; 161 162 X509_CERT_AUX *X509_CERT_AUX_new(void); 163 void X509_CERT_AUX_free(X509_CERT_AUX *a); 164 X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len); 165 int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out); 166 extern const ASN1_ITEM X509_CERT_AUX_it; 167 int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); 168 169 struct x509_cinf_st { 170 ASN1_INTEGER *version; /* [ 0 ] default of v1 */ 171 ASN1_INTEGER *serialNumber; 172 X509_ALGOR *signature; 173 X509_NAME *issuer; 174 X509_VAL *validity; 175 X509_NAME *subject; 176 X509_PUBKEY *key; 177 ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ 178 ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ 179 STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ 180 ASN1_ENCODING enc; 181 } /* X509_CINF */; 182 183 struct x509_st { 184 X509_CINF *cert_info; 185 X509_ALGOR *sig_alg; 186 ASN1_BIT_STRING *signature; 187 int valid; 188 int references; 189 char *name; 190 CRYPTO_EX_DATA ex_data; 191 /* These contain copies of various extension values */ 192 long ex_pathlen; 193 unsigned long ex_flags; 194 unsigned long ex_kusage; 195 unsigned long ex_xkusage; 196 unsigned long ex_nscert; 197 ASN1_OCTET_STRING *skid; 198 AUTHORITY_KEYID *akid; 199 STACK_OF(DIST_POINT) *crldp; 200 STACK_OF(GENERAL_NAME) *altname; 201 NAME_CONSTRAINTS *nc; 202 #ifndef OPENSSL_NO_RFC3779 203 STACK_OF(IPAddressFamily) *rfc3779_addr; 204 ASIdentifiers *rfc3779_asid; 205 #endif 206 unsigned char hash[X509_CERT_HASH_LEN]; 207 X509_CERT_AUX *aux; 208 } /* X509 */; 209 210 struct x509_revoked_st { 211 ASN1_INTEGER *serialNumber; 212 ASN1_TIME *revocationDate; 213 STACK_OF(X509_EXTENSION) /* optional */ *extensions; 214 /* Set up if indirect CRL */ 215 STACK_OF(GENERAL_NAME) *issuer; 216 /* Revocation reason */ 217 int reason; 218 int sequence; /* load sequence */ 219 }; 220 221 struct X509_crl_info_st { 222 ASN1_INTEGER *version; 223 X509_ALGOR *sig_alg; 224 X509_NAME *issuer; 225 ASN1_TIME *lastUpdate; 226 ASN1_TIME *nextUpdate; 227 STACK_OF(X509_REVOKED) *revoked; 228 STACK_OF(X509_EXTENSION) /* [0] */ *extensions; 229 ASN1_ENCODING enc; 230 } /* X509_CRL_INFO */; 231 232 struct X509_crl_st { 233 /* actual signature */ 234 X509_CRL_INFO *crl; 235 X509_ALGOR *sig_alg; 236 ASN1_BIT_STRING *signature; 237 int references; 238 int flags; 239 /* Copies of various extensions */ 240 AUTHORITY_KEYID *akid; 241 ISSUING_DIST_POINT *idp; 242 /* Convenient breakdown of IDP */ 243 int idp_flags; 244 int idp_reasons; 245 /* CRL and base CRL numbers for delta processing */ 246 ASN1_INTEGER *crl_number; 247 ASN1_INTEGER *base_crl_number; 248 unsigned char hash[X509_CRL_HASH_LEN]; 249 STACK_OF(GENERAL_NAMES) *issuers; 250 } /* X509_CRL */; 251 252 struct pkcs8_priv_key_info_st { 253 ASN1_INTEGER *version; 254 X509_ALGOR *pkeyalg; 255 ASN1_OCTET_STRING *pkey; 256 STACK_OF(X509_ATTRIBUTE) *attributes; 257 }; 258 259 struct x509_object_st { 260 /* one of the above types */ 261 int type; 262 union { 263 X509 *x509; 264 X509_CRL *crl; 265 } data; 266 } /* X509_OBJECT */; 267 268 struct x509_lookup_method_st { 269 const char *name; 270 int (*new_item)(X509_LOOKUP *ctx); 271 void (*free)(X509_LOOKUP *ctx); 272 int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, 273 char **ret); 274 int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, 275 X509_OBJECT *ret); 276 } /* X509_LOOKUP_METHOD */; 277 278 struct X509_VERIFY_PARAM_st { 279 char *name; 280 time_t check_time; /* Time to use */ 281 unsigned long inh_flags; /* Inheritance flags */ 282 unsigned long flags; /* Various verify flags */ 283 int purpose; /* purpose to check untrusted certificates */ 284 int trust; /* trust setting to check */ 285 int depth; /* Verify depth */ 286 int security_level; /* 'Security level', see SP800-57. */ 287 STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ 288 STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ 289 unsigned int hostflags; /* Flags to control matching features */ 290 char *peername; /* Matching hostname in peer certificate */ 291 char *email; /* If not NULL email address to match */ 292 size_t emaillen; 293 unsigned char *ip; /* If not NULL IP address to match */ 294 size_t iplen; /* Length of IP address */ 295 int poisoned; 296 } /* X509_VERIFY_PARAM */; 297 298 /* 299 * This is used to hold everything. It is used for all certificate 300 * validation. Once we have a certificate chain, the 'verify' 301 * function is then called to actually check the cert chain. 302 */ 303 struct x509_store_st { 304 /* The following is a cache of trusted certs */ 305 STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ 306 307 /* These are external lookup methods */ 308 STACK_OF(X509_LOOKUP) *get_cert_methods; 309 310 X509_VERIFY_PARAM *param; 311 312 /* Callbacks for various operations */ 313 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ 314 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ 315 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ 316 317 CRYPTO_EX_DATA ex_data; 318 int references; 319 } /* X509_STORE */; 320 321 /* This is the functions plus an instance of the local variables. */ 322 struct x509_lookup_st { 323 const X509_LOOKUP_METHOD *method; /* the functions */ 324 void *method_data; /* method data */ 325 326 X509_STORE *store_ctx; /* who owns us */ 327 } /* X509_LOOKUP */; 328 329 /* 330 * This is used when verifying cert chains. Since the gathering of the cert 331 * chain can take some time (and has to be 'retried'), this needs to be kept 332 * and passed around. 333 */ 334 struct x509_store_ctx_st { 335 X509_STORE *store; 336 int current_method; /* used when looking up certs */ 337 338 /* The following are set by the caller */ 339 X509 *cert; /* The cert to check */ 340 STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ 341 STACK_OF(X509) *trusted; /* trusted stack for use with get_issuer() */ 342 STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ 343 344 X509_VERIFY_PARAM *param; 345 346 /* Callbacks for various operations */ 347 int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ 348 int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ 349 int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ 350 int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ 351 352 /* The following is built up */ 353 int valid; /* if 0, rebuild chain */ 354 int num_untrusted; /* number of untrusted certs in chain */ 355 STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ 356 357 int explicit_policy; /* Require explicit policy value */ 358 359 /* When something goes wrong, this is why */ 360 int error_depth; 361 int error; 362 X509 *current_cert; 363 X509 *current_issuer; /* cert currently being tested as valid issuer */ 364 X509_CRL *current_crl; /* current CRL */ 365 366 int current_crl_score; /* score of current CRL */ 367 unsigned int current_reasons; /* Reason mask */ 368 369 X509_STORE_CTX *parent; /* For CRL path validation: parent context */ 370 371 CRYPTO_EX_DATA ex_data; 372 } /* X509_STORE_CTX */; 373 374 int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); 375 376 int name_cmp(const char *name, const char *cmp); 377 378 int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md); 379 int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type, 380 void *parameter_value); 381 382 int X509_policy_check(const STACK_OF(X509) *certs, 383 const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags, 384 X509 **out_current_cert); 385 386 PBEPARAM *PBEPARAM_new(void); 387 void PBEPARAM_free(PBEPARAM *a); 388 PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len); 389 int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out); 390 391 /* Password based encryption V2 structures */ 392 typedef struct PBE2PARAM_st { 393 X509_ALGOR *keyfunc; 394 X509_ALGOR *encryption; 395 } PBE2PARAM; 396 397 PBE2PARAM *PBE2PARAM_new(void); 398 void PBE2PARAM_free(PBE2PARAM *a); 399 PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len); 400 int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out); 401 extern const ASN1_ITEM PBE2PARAM_it; 402 403 typedef struct PBKDF2PARAM_st { 404 /* Usually OCTET STRING but could be anything */ 405 ASN1_TYPE *salt; 406 ASN1_INTEGER *iter; 407 ASN1_INTEGER *keylength; 408 X509_ALGOR *prf; 409 } PBKDF2PARAM; 410 411 PBKDF2PARAM *PBKDF2PARAM_new(void); 412 void PBKDF2PARAM_free(PBKDF2PARAM *a); 413 PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len); 414 int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out); 415 extern const ASN1_ITEM PBKDF2PARAM_it; 416 417 int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, 418 const unsigned char *salt, int saltlen); 419 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 420 unsigned char *salt, int saltlen); 421 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, 422 int saltlen); 423 X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, 424 int prf_nid, int keylen); 425 426 int X509_PURPOSE_get_by_id(int id); 427 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); 428 429 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, 430 int lastpos); 431 int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, 432 const ASN1_OBJECT *obj, int lastpos); 433 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, 434 X509_ATTRIBUTE *attr); 435 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, 436 const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); 437 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, 438 int nid, int type, const unsigned char *bytes, int len); 439 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, 440 const char *attrname, int type, const unsigned char *bytes, int len); 441 void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, 442 const ASN1_OBJECT *obj, int lastpos, int type); 443 444 int X509_NAME_ENTRY_add_cbb(CBB *cbb, const X509_NAME_ENTRY *ne); 445 446 int X509V3_add_value(const char *name, const char *value, 447 STACK_OF(CONF_VALUE) **extlist); 448 int X509V3_add_value_uchar(const char *name, const unsigned char *value, 449 STACK_OF(CONF_VALUE) **extlist); 450 int X509V3_add_value_bool(const char *name, int asn1_bool, 451 STACK_OF(CONF_VALUE) **extlist); 452 int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, 453 STACK_OF(CONF_VALUE) **extlist); 454 455 int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); 456 int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); 457 458 STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); 459 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); 460 461 const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void); 462 const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void); 463 const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void); 464 const X509V3_EXT_METHOD *x509v3_ext_method_certificate_policies(void); 465 const X509V3_EXT_METHOD *x509v3_ext_method_crl_distribution_points(void); 466 const X509V3_EXT_METHOD *x509v3_ext_method_crl_number(void); 467 const X509V3_EXT_METHOD *x509v3_ext_method_crl_reason(void); 468 const X509V3_EXT_METHOD *x509v3_ext_method_ct_cert_scts(void); 469 const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_poison(void); 470 const X509V3_EXT_METHOD *x509v3_ext_method_ct_precert_scts(void); 471 const X509V3_EXT_METHOD *x509v3_ext_method_delta_crl(void); 472 const X509V3_EXT_METHOD *x509v3_ext_method_ext_key_usage(void); 473 const X509V3_EXT_METHOD *x509v3_ext_method_freshest_crl(void); 474 const X509V3_EXT_METHOD *x509v3_ext_method_hold_instruction_code(void); 475 const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_CrlID(void); 476 const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_Nonce(void); 477 const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_acceptableResponses(void); 478 const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_archiveCutoff(void); 479 const X509V3_EXT_METHOD *x509v3_ext_method_id_pkix_OCSP_serviceLocator(void); 480 const X509V3_EXT_METHOD *x509v3_ext_method_info_access(void); 481 const X509V3_EXT_METHOD *x509v3_ext_method_inhibit_any_policy(void); 482 const X509V3_EXT_METHOD *x509v3_ext_method_invalidity_date(void); 483 const X509V3_EXT_METHOD *x509v3_ext_method_issuer_alt_name(void); 484 const X509V3_EXT_METHOD *x509v3_ext_method_issuing_distribution_point(void); 485 const X509V3_EXT_METHOD *x509v3_ext_method_key_usage(void); 486 const X509V3_EXT_METHOD *x509v3_ext_method_name_constraints(void); 487 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_base_url(void); 488 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_policy_url(void); 489 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ca_revocation_url(void); 490 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_cert_type(void); 491 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_comment(void); 492 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_renewal_url(void); 493 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_revocation_url(void); 494 const X509V3_EXT_METHOD *x509v3_ext_method_netscape_ssl_server_name(void); 495 const X509V3_EXT_METHOD *x509v3_ext_method_policy_constraints(void); 496 const X509V3_EXT_METHOD *x509v3_ext_method_policy_mappings(void); 497 const X509V3_EXT_METHOD *x509v3_ext_method_private_key_usage_period(void); 498 const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_ipAddrBlock(void); 499 const X509V3_EXT_METHOD *x509v3_ext_method_sbgp_autonomousSysNum(void); 500 const X509V3_EXT_METHOD *x509v3_ext_method_sinfo_access(void); 501 const X509V3_EXT_METHOD *x509v3_ext_method_subject_alt_name(void); 502 const X509V3_EXT_METHOD *x509v3_ext_method_subject_key_identifier(void); 503 504 __END_HIDDEN_DECLS 505 506 #endif /* !HEADER_X509_LOCAL_H */ 507