Returns requested certificate information for an X.509 certificate.
Format
#include <gskcms.h>
gsk_status gsk_get_certificate_info(
gsk_buffer * cert_stream,
x509_cert_info_id cert_info_id,
gsk_buffer * cert_info)
Parameters
- cert_stream
- Specifies either a DER-encoded X.509 certificate or a non-decoded
TBSCertificate ASN.1 sequence.
- cert_info_id
- The X.509 certificate information identifier specifying the certificate
information to be returned.
- cert_info
- Returns the requested certificate information. The application
should call the gsk_free_buffer() routine to release the certificate
information when it is no longer needed.
Results
The function return value will be
0 if no error is detected. Otherwise, it will be one of the return
codes listed in the
gskcms.h include file. These are some
possible errors:
- [ASN_NO_MEMORY]
- Insufficient storage is available.
- [ASN_ELEMENTS_MISSING]
- Required data element is missing.
- [ASN_UNSUPPORTED_VERSION]
- Version is not supported.
- [CMSERR_BAD_ISSUER_NAME]
- Issuer name is not valid.
- [CMSERR_BAD_SUBJECT_NAME]
- Subject name is not valid.
- [CMSERR_ATTRIBUTE_INVALID_ENUMERATION]
- The enumeration value is not valid.
Usage
The
gsk_get_certificate_info() routine
returns information about an X.509 certificate. The certificate stream
may be either:
- An X.509 certificate encoded as described in RFC 5280: Internet X.509 Public
Key Infrastructure Certificate and Certificate Revocation List (CRL)
Profile.
- The derCertificate field of the x509_certificate structure,
which contains the non-decoded TBSCertificate ASN.1 sequence.
The application may request certificate information by
using one of the following enumeration identifiers.
- x509_cert_info_subject_dn_der
- The subject distinguished name for the X.509 certificate in binary
ASN.1 DER-encoded format.
- x509_cert_info_issuer_dn_der
- The issuer distinguished name for the X.509 certificate in binary
ASN.1 DER-encoded format.
z/OS Cryptographic Services System SSL Programming
Copyright IBM Corporation 1990, 2014