Purdue University

Identity and Access Management

IAMO Home > Services > Web Page / Application Authentication > I2A2 >

Man Page for puid_x509ext

Introduction to Library Functions                 puid_x509ext(3)

NAME
     puid_getcertOBJ(), puid_getcertPUID(), puid_puissuer() -
     PUID X.509 certificate extension functions

SYNOPSIS
     #include "puid_x509ext.h"

     char * puid_getcertOBJ(X509 *x, char *oid);

     int puid_getcertPUID(X509 *x, puid_t *puid);

     int puid_puissuer(X509 *x);

DESCRIPTION
     The puid_x509ext family of functions provides services for
     accessing PUID-related X.509 certificate extensions.

     The puid_getcertOBJ() function returns a pointer to the
     string value of the X.509 certificate extension whose Object
     IDentifier (OID) is addressed by the *oid argument.  The
     certificate is addressed by the *x argument.  NULL is
     returned if no extension is located.

     The puid_getcertPUID() function returns the value of the
     PUID in the X.509 certificate addressed by the *x argument.
     The *puid argument is a pointer to the binary variable where
     the PUID is returned.  If a PUID is available in the certi-
     ficate, the function return value is 0 (zero); if not, 1
     (one).

     The puid_puisser() function returns a 0 (zero) if the certi-
     ficate addressed by the *x argument was issued by the Purdue
     Certificate Authority (CA), and 1 (one) if it wasn't.

OPTIONS
     The puid_x509ext family of functions requires Secure Socket
     Layer (SSL) and X.509 header and library files.  Currently
     it can acquire those from the OpenSSL distribution or from
     BSAFE SSL-C from RSA Security Inc.

     The person compiling and using these functions must know
     which support base is being used.  OpenSSL is the default.
     If BSAFE SSL-C is being used, the SSLC symbol must be
     defined at compile time - e.g.,

          #define   SSLC 1

     In either case, the person compiling must specify the base
     location of the supporting header files.  The OpenSSL header
     files are usually located at a base path that looks some-
     thing like this:

SunOS 5.8                 Last change:                          1

Introduction to Library Functions                 puid_x509ext(3)

          -I/usr/local/src/puid/libssl/include

     The BSAFE SSL-C header files usually have a base path that
     looks like:

          -I/usr/local/sslc/sslc11/library/include

     When loading, OpenSSL users must supply these libraries:

          -lssl -lcrypto -lRSAglue -lrsaref

     When loading, BSAFE SSL-C users must supply:

          -lsslc

     The location (and even existence) of these libraries is sub-
     ject to local convention.  The -lrsaref library was once
     available in the public domain from RSA Security Inc., but
     now may be hard to locate; its version 2.0 is required.

RETURN VALUES
     The puid_getcertOBJ() function returns a character pointer
     to a string that contains the value of the object named in
     the *oid argument.  NULL is returned if the named extension
     wasn't found.  The returned string pointer addresses a
     buffer that is statically allocated to puid_getcertOBJ().
     Thus the value must be used before another call is made to
     puid_getcertOBJ().  In short, puid_getcertOBJ() is NOT
     thread-safe.

     The puid_getcertPUID() function returns a 0 (zero) if a PUID
     extension was found in the certificate; and 1 (one), if none
     was found.  When a PUID extension is found, the PUID's
     binary value is returned in the variable addressed by the
     *puid argument.

     The puid_puissuer() returns 0 (zero) if the X.509 certifi-
     cate was issued by Purdue; and 1 (one) if it wasn't.

EXAMPLES
     This example first determines that the X.509 certificate was
     issued by the Purdue CA, then searches the certificate for
     the PUID object identifier.  (PUIDNETD_PUID_OID is defined
     in puidnetd.h).

          char *puid;
          X509 *x;  /* value previously assigned */

          if (!puid_puissuer(x)) {
               if (!(puid = puid_getcertOBJ(x, PUIDNETD_PUID_OID)))
                    /* PUIDNETD_PUID_OID wasn't found. */
               else

SunOS 5.8                 Last change:                          2

Introduction to Library Functions                 puid_x509ext(3)

                    /* PUIDNETD_PUID_OID was found and
                     * puid points to its string. */
          } else
               /* The certificate wasn't issued by the Purdue CA. */

     This example uses puid_getcertPUID() to get the PUID from
     the X.509 certificate.

          puid_t puid;
          X509 *x;  /* value previously assigned */

          if (!puid_getcertPUID(x, &puid))
               /* PUID was found and is in puid. */
          else
               /* PUID wasn't found. */

FILES
          puid_x509ext.h     contains the necessary #include
                             pre-processor directives for the
                             puid_x509ext family of functions and
                             definitions of their prototypes.  It
                             depends on the presence of support-
                             ing header files, as described in
                             the OPTIONS section.

AUTHOR
     The puid_x509ext function family was written by Victor A.
     Abell <abe@purdue.edu>.

SEE ALSO
     puidnetd_strerror(3), puidnetd_unpk(3), puidnetd(4).

SunOS 5.8                 Last change:                          3