Introduction to Library Functions puid_x509ext(3) NAME puid_getcertOBJ(), puid_getcertPUID(), puid_puissuer() - PUID X.509 certificate extension functions SYNOPSIS #include "puid_x509ext.h" char * puid_getcertOBJ(X509 *x, char *oid); int puid_getcertPUID(X509 *x, puid_t *puid); int puid_puissuer(X509 *x); DESCRIPTION The puid_x509ext family of functions provides services for accessing PUID-related X.509 certificate extensions. The puid_getcertOBJ() function returns a pointer to the string value of the X.509 certificate extension whose Object IDentifier (OID) is addressed by the *oid argument. The certificate is addressed by the *x argument. NULL is returned if no extension is located. The puid_getcertPUID() function returns the value of the PUID in the X.509 certificate addressed by the *x argument. The *puid argument is a pointer to the binary variable where the PUID is returned. If a PUID is available in the certi- ficate, the function return value is 0 (zero); if not, 1 (one). The puid_puisser() function returns a 0 (zero) if the certi- ficate addressed by the *x argument was issued by the Purdue Certificate Authority (CA), and 1 (one) if it wasn't. OPTIONS The puid_x509ext family of functions requires Secure Socket Layer (SSL) and X.509 header and library files. Currently it can acquire those from the OpenSSL distribution or from BSAFE SSL-C from RSA Security Inc. The person compiling and using these functions must know which support base is being used. OpenSSL is the default. If BSAFE SSL-C is being used, the SSLC symbol must be defined at compile time - e.g., #define SSLC 1 In either case, the person compiling must specify the base location of the supporting header files. The OpenSSL header files are usually located at a base path that looks some- thing like this: SunOS 5.8 Last change: 1 Introduction to Library Functions puid_x509ext(3) -I/usr/local/src/puid/libssl/include The BSAFE SSL-C header files usually have a base path that looks like: -I/usr/local/sslc/sslc11/library/include When loading, OpenSSL users must supply these libraries: -lssl -lcrypto -lRSAglue -lrsaref When loading, BSAFE SSL-C users must supply: -lsslc The location (and even existence) of these libraries is sub- ject to local convention. The -lrsaref library was once available in the public domain from RSA Security Inc., but now may be hard to locate; its version 2.0 is required. RETURN VALUES The puid_getcertOBJ() function returns a character pointer to a string that contains the value of the object named in the *oid argument. NULL is returned if the named extension wasn't found. The returned string pointer addresses a buffer that is statically allocated to puid_getcertOBJ(). Thus the value must be used before another call is made to puid_getcertOBJ(). In short, puid_getcertOBJ() is NOT thread-safe. The puid_getcertPUID() function returns a 0 (zero) if a PUID extension was found in the certificate; and 1 (one), if none was found. When a PUID extension is found, the PUID's binary value is returned in the variable addressed by the *puid argument. The puid_puissuer() returns 0 (zero) if the X.509 certifi- cate was issued by Purdue; and 1 (one) if it wasn't. EXAMPLES This example first determines that the X.509 certificate was issued by the Purdue CA, then searches the certificate for the PUID object identifier. (PUIDNETD_PUID_OID is defined in puidnetd.h). char *puid; X509 *x; /* value previously assigned */ if (!puid_puissuer(x)) { if (!(puid = puid_getcertOBJ(x, PUIDNETD_PUID_OID))) /* PUIDNETD_PUID_OID wasn't found. */ else SunOS 5.8 Last change: 2 Introduction to Library Functions puid_x509ext(3) /* PUIDNETD_PUID_OID was found and * puid points to its string. */ } else /* The certificate wasn't issued by the Purdue CA. */ This example uses puid_getcertPUID() to get the PUID from the X.509 certificate. puid_t puid; X509 *x; /* value previously assigned */ if (!puid_getcertPUID(x, &puid)) /* PUID was found and is in puid. */ else /* PUID wasn't found. */ FILES puid_x509ext.h contains the necessary #include pre-processor directives for the puid_x509ext family of functions and definitions of their prototypes. It depends on the presence of support- ing header files, as described in the OPTIONS section. AUTHOR The puid_x509ext function family was written by Victor A. Abell <abe@purdue.edu>. SEE ALSO puidnetd_strerror(3), puidnetd_unpk(3), puidnetd(4). SunOS 5.8 Last change: 3