OpenBSD manual page server

Manual Page Search Parameters
X509_KEYID_SET1(3) Library Functions Manual X509_KEYID_SET1(3)

X509_keyid_set1, X509_keyid_get0, X509_alias_set1, X509_alias_get0auxiliary certificate data for PKCS#12

/* -lcrypto */
#include <openssl/x509.h>

int
X509_keyid_set1(X509 *x, const unsigned char *data, int len);

unsigned char *
X509_keyid_get0(X509 *x, int *plen);

int
X509_alias_set1(X509 *x, const unsigned char *data, int len);

unsigned char *
X509_alias_get0(X509 *x, int *plen);

These functions store non-standard auxiliary data in x and retrieve it.

The len bytes of data stored using () will be written to the attribute of the PKCS#12 structure if PKCS12_create(3) is later called on x, and the data stored using () will be written to the attribute. If data points to a NUL-terminated string, -1 can be passed as the len argument to let len be calculated internally using strlen(3). If a NULL pointer is passed as the data argument, the respective auxiliary data stored in x, if any, is removed from x and freed.

Conversely, PKCS12_parse(3) retrieves these attributes from a PKCS#12 structure such that they can subsequently be accessed with () and (). Unless NULL is passed for the plen argument, these functions store the size of the returned buffer in bytes in *plen. After the call, the returned buffer is not necessarily NUL-terminated, but it may contain internal NUL bytes.

API design is very incomplete; given the complexity of PKCS#12, that's probably an asset rather than a defect. The PKCS#12 standard defines many attributes that cannot be stored in X509 objects.

To associate certificates with alternative names and key identifiers, X.509 certificate extensions are more commonly used than PKCS#12 attributes, for example using X509_EXTENSION_create_by_NID(3) with NID_subject_alt_name or NID_subject_key_identifier.

X509_keyid_set1() and X509_alias_set1() return 1 if data is NULL or if the input data was successfully copied into x, or 0 if data is not NULL but could not be copied because x is NULL or memory allocation failed.

X509_keyid_get0() and X509_alias_get0() return an internal pointer to an array of bytes or NULL if x does not contain auxiliary data of the requested kind.

ASN1_STRING_set(3), X509_CERT_AUX_new(3), X509_EXTENSION_new(3), X509_new(3), X509V3_get_d2i(3)

X509_alias_set1() and X509_alias_get0() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

X509_keyid_set1() first appeared in OpenSSL 0.9.6 and has been available since OpenBSD 2.9.

X509_keyid_get0() first appeared in OpenSSL 0.9.8 and has been available since OpenBSD 4.5.

June 8, 2025 OpenBSD-current