X509V3_EXT_GET_NID(3) Library Functions Manual X509V3_EXT_GET_NID(3) NAME X509V3_EXT_get_nid, X509V3_EXT_get - retrieve X.509v3 certificate extension methods SYNOPSIS #include const X509V3_EXT_METHOD * X509V3_EXT_get_nid(int nid); const X509V3_EXT_METHOD * X509V3_EXT_get(X509_EXTENSION *ext); DESCRIPTION An X.509v3 certificate extension contains an Object Identifier (OID), a boolean criticality indicator, and an opaque extension value (an ASN1_OCTET_STRING) whose meaning is determined by the OID. The library's X509V3_EXT_METHOD type, which is not yet documented in detail, contains a numeric identifier to represent the OID and various handlers for encoding, decoding, printing, and configuring the extension's value. Criticality is handled separately, for example as an argument to X509V3_add1_i2d(3). RETURN VALUES X509V3_EXT_get_nid() returns the X509V3_EXT_METHOD corresponding to the numeric identifier nid, or NULL if there is none. X509V3_EXT_get() returns the X509V3_EXT_METHOD associated with the extension type of ext, or NULL if there is none. SEE ALSO i2s_ASN1_ENUMERATED_TABLE(3), OBJ_create(3), X509_EXTENSION_get_object(3), X509V3_get_d2i(3) STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - section 4.2: Certificate Extensions HISTORY These functions first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6. CAVEATS LibreSSL only supports built-in extension methods. Other implementations have incomplete support for custom extension methods, whose API is not threadsafe, does not affect the behavior of X509_verify_cert(3), and has various other surprising quirks. Both functions prefer built-in methods over custom methods with the same OID. Linux 6.10.10-arch1-1 May 14, 2024 Linux 6.10.10-arch1-1