z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_decode_certificate_extension()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Decodes an X.509 certificate extension.

Format

   #include <gskcms.h>

   gsk_status gsk_decode_certificate_extension (    
                                                 x509_extension *                 encoded_extension,   
                                                 x509_decoded_extension *         decoded_extension)

Parameters

encoded_extension
Specifies the encoded X.509 extension as returned by the gsk_decode_certificate() or gsk_decode_crl() routine.
decoded_extension
Returns the decoded extension data. The application should call the gsk_free_decoded_extension() routine to release the decoded extension when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
[ASN_NO_MEMORY]
Insufficient memory is available.
[CMSERR_EXT_NOT_SUPPORTED]
The certificate extension is not supported.
[CMSERR_NO_MEMORY]
Insufficient memory is available.

Usage

The gsk_decode_certificate() and gsk_decode_crl() routines returns all of the certificate extensions in the x509_extensions structure with the extension values still in ASN.1 encoded format. The application then calls the gsk_decode_certificate_extension() routine to decode a specific certificate extension.

The gsk_decode_certificate_extension() routine returns character strings using UTF-8 encoding. If necessary, the application can call the iconv() routine to convert the strings to a different encoding.

These certificate extensions are supported:
  • AuthorityInfoAccess
  • AuthorityKeyIdentifier
  • BasicConstraints
  • CertificateIssuer
  • CertificatePolicies
  • CrlDistributionPoints
  • CrlNumber
  • CrlReasonCode
  • DeltaCrlIndicator
  • ExtKeyUsage
  • FreshestCRL
  • HoldInstructionCode
  • HostIDMapping ( z/OS® specific extension 1.3.18.0.2.18.1)
  • InhibitAnyPolicy
  • InvalidityDate
  • IssuerAltName
  • IssuingDistributionPoint
  • KeyUsage
  • NameConstraints
  • PolicyConstraints
  • PolicyMappings
  • PrivateKeyUsagePeriod (not supported in RFC 5280)
  • SubjectAltName
  • SubjectDirectoryAttributes
  • SubjectInfoAccess
  • SubjectKeyIdentifier
These general name types are supported:
  • DirectoryName
  • DnsName
  • IpAddress
  • RegisteredId
  • Rfc822Name
  • UniformResourceIdentifier
These general name types are not supported and will be copied to the decoded extension data as an ASN.1-encoded sequence:
  • otherName
  • x400Address
  • ediPartyName
See RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile for more information about the various certificate extensions.
Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014