z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_encode_certificate_extension()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Encodes an X.509 certificate extension.

Format

   #include <gskcms.h>

   gsk_status gsk_encode_certificate_extension (  
                                                 x509_decoded_extension *         decoded_extension,   
                                                 gsk_boolean                      critical,   
                                                 x509_extension *                 encoded_extension)

Parameters

decoded_extension
Specifies the decoded extension data.
critical
Specify TRUE if this is a critical extension or FALSE if it is not a critical extension.
encoded_extension
Returns the encoded X.509 extension. The application should call the gsk_free_certificate_extension() routine to release the extension when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
[ASN_NO_MEMORY]
Insufficient memory is available.
[CMSERR_EXT_NOT_SUPPORTED]
The certificate extension is not supported.
[CMSERR_NO_MEMORY]
Insufficient memory is available.

Usage

The gsk_encode_certificate_extension() routine encodes a certificate extension and returns the encoded extension in a format that can be used as input to the gsk_encode_certificate() routine.

The gsk_encode_certificate_extension() routine assumes character strings use UTF-8 encoding. The application is responsible for providing character data in this format.

These certificate extensions are supported:
  • AuthorityInfoAccess
  • AuthorityKeyIdentifier
  • BasicConstraints
  • CertificateIssuer
  • CertificatePolicies
  • CrlDistributionPoints
  • CrlNumber
  • CrlReasonCode
  • DeltaCrlIndicator
  • ExtKeyUsage
  • FreshestCRL
  • HoldInstructionCode
  • HostIDMapping (z/OS® specific extension 1.3.18.0.2.18.1)
  • InhibitAnyPolicy
  • InvalidityDate
  • IssuerAltName
  • IssuingDistributionPoint
  • KeyUsage
  • NameConstraints
  • PolicyConstraints
  • PolicyMappings
  • PrivateKeyUsagePeriod (not supported in RFC 5280)
  • SubjectAltName
  • SubjectDirectoryAttributes
  • SubjectInfoAccess
  • SubjectKeyIdentifier
These general name types are supported:
  • DirectoryName
  • DnsName
  • IpAddress
  • RegisteredId
  • Rfc822Name
  • UniformResourceIdentifier

See RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile for more information about the various certificate extensions.

Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014