Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
|X509V3_EXT_PRINT(3)||Library Functions Manual||X509V3_EXT_PRINT(3)|
pretty-print an X.509 extension
X509V3_EXT_print(BIO *bio, X509_EXTENSION *ext, unsigned long flags, int indent);
X509V3_EXT_print() decodes ext and prints the data contained in it to bio in a human-readable format with a left margin of indent space characters. The details of both the decoding and the printing depend on the type of ext. For most extension types, the decoding is done in the same way as it would be done by the appropriate public API function, for example:
- extension type
- decoding function
- non-public function built into the library
- If the bit
X509V3_EXT_PARSE_UNKNOWNis set, ASN1_parse_dump(3) is called on the BER-encoded data of the extension, passing -1 for the dump argument. Thus, some information about the encoding of the extension gets printed and some about its decoded content, falling back to BIO_dump_indent(3) for the decoded content unless a dedicated printing method is known for the respective data type(s). Note that even if an extension type is unknown, the data type used by the unknown extension, or, if that data type is constructed, of the values contained in it, may still be known, which may allow printing the content of even an unknown extension in a structured or partially structured form.
- If the bit
X509V3_EXT_DUMP_UNKNOWNis set, BIO_dump_indent(3) is called on the BER-encoded data of the extension without decoding it first, which is usually less readable than the above but poses a smaller risk of omitting or misrepresenting parts of the information.
- If the bit
X509V3_EXT_ERROR_UNKNOWNis set, only the fixed string “<Not Supported>” is printed for an unknown type or only the fixed string “<Parse Error>” if the parsing functions fails, but printing is considered as successful anyway.
- If more than one of these three bits is set, or if a bit in
X509V3_EXT_UNKNOWN_MASKis set that is not listed above, nothing is printed, but printing is considered as successful anyway.
- If none of the bits in
X509V3_EXT_UNKNOWN_MASKare set, nothing is printed and printing is considered as failed.
X509V3_EXT_print() returns 0 if failure was both detected and considered relevant. Otherwise, 1 is returned, and in general the user cannot tell whether failure simply went undetected, whether the function detected failure but regarded it as irrelevant, or whether printing did indeed succeed. BIO_new(3), X509_EXTENSION_new(3), X509_get0_extensions(3), X509_get_ext(3), X509V3_extensions_print(3)
X509V3_EXT_print() first appeared in OpenSSL 0.9.2 and has been available since OpenBSD 2.6.
X509V3_EXT_print() lacks error handling throughout. When a write operation fails, it will usually ignore the fact that information was omitted from the output and report success to the caller anyway.
|July 12, 2021||Debian|