+++ /dev/null
-=pod
-
-=head1 NAME
-
-OSSL_CRMF_MSG_set_validity,
-OSSL_CRMF_MSG_set_certReqId,
-OSSL_CRMF_CERTTEMPLATE_fill,
-OSSL_CRMF_MSG_set0_extensions,
-OSSL_CRMF_MSG_push0_extension,
-OSSL_CRMF_MSG_create_popo,
-OSSL_CRMF_MSGS_verify_popo
-- functions populating and verifying CRMF CertReqMsg structures
-
-=head1 SYNOPSIS
-
- #include <openssl/crmf.h>
-
- int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to);
-
- int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
-
- int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
- EVP_PKEY *pubkey,
- const X509_NAME *subject,
- const X509_NAME *issuer,
- const ASN1_INTEGER *serial);
-
- int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
-
- int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
-
- int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
- int dgst, int ppmtd);
-
- int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
- int rid, int acceptRAVerified);
-
-=head1 DESCRIPTION
-
-OSSL_CRMF_MSG_set_validity() sets B<from> as notBefore and B<to> as notAfter
-as the validity in the certTemplate of B<crm>.
-
-OSSL_CRMF_MSG_set_certReqId() sets B<rid> as the certReqId of B<crm>.
-
-OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate B<tmpl>
-for which non-NULL values are provided: B<pubkey>, B<subject>, B<issuer>,
-and/or B<serial>.
-On success the reference counter of the B<pubkey> (if given) is incremented,
-while the B<subject>, B<issuer>, and B<serial> structures (if given) are copied.
-
-OSSL_CRMF_MSG_set0_extensions() sets B<exts> as the extensions in the
-certTemplate of B<crm>. Frees any pre-existing ones and consumes B<exts>.
-
-OSSL_CRMF_MSG_push0_extension() pushes the X509 extension B<ext> to the
-extensions in the certTemplate of B<crm>. Consumes B<ext>.
-
-OSSL_CRMF_MSG_create_popo() creates and sets the Proof-of-Possession (POPO)
-according to the method B<ppmtd> in B<crm>.
-In case the method is OSSL_CRMF_POPO_SIGNATURE the POPO is calculated
-using the private B<pkey> and the digest algorithm NID B<dgst>.
-
-B<ppmtd> can be one of the following:
-
-=over 8
-
-=item * OSSL_CRMF_POPO_NONE - RFC 4211, section 4, POP field omitted.
-CA/RA uses out-of-band method to verify POP. Note that servers may fail in this
-case, resulting for instance in HTTP error code 500 (Internal error).
-
-=item * OSSL_CRMF_POPO_RAVERIFIED - RFC 4211, section 4, explicit indication
-that the RA has already verified the POP.
-
-=item * OSSL_CRMF_POPO_SIGNATURE - RFC 4211, section 4.1, only case 3 supported
-so far.
-
-=item * OSSL_CRMF_POPO_KEYENC - RFC 4211, section 4.2, only indirect method
-(subsequentMessage/enccert) supported,
-challenge-response exchange (challengeResp) not yet supported.
-
-=item * OSSL_CRMF_POPO_KEYAGREE - RFC 4211, section 4.3, not yet supported.
-
-=back
-
-OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with
-the given B<rid> in the list of B<reqs>. Optionally accepts RAVerified.
-
-=head1 RETURN VALUES
-
-All functions return 1 on success, 0 on error.
-
-=head1 SEE ALSO
-
-RFC 4211
-
-=head1 HISTORY
-
-The OpenSSL CRMF support was added in OpenSSL 3.0.
-
-=head1 COPYRIGHT
-
-Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
projects / oweals / openssl.git / blobdiff