1 .\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.4 2018/03/23 04:34:23 schwarze Exp $
3 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
5 .\" Permission to use, copy, modify, and distribute this software for any
6 .\" purpose with or without fee is hereby granted, provided that the above
7 .\" copyright notice and this permission notice appear in all copies.
9 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 .Dd $Mdocdate: March 23 2018 $
18 .Dt ESS_SIGNING_CERT_NEW 3
21 .Nm ESS_SIGNING_CERT_new ,
22 .Nm ESS_SIGNING_CERT_free ,
24 .Nm ESS_CERT_ID_free ,
25 .Nm ESS_ISSUER_SERIAL_new ,
26 .Nm ESS_ISSUER_SERIAL_free
27 .Nd signing certificates for S/MIME
30 .Ft ESS_SIGNING_CERT *
31 .Fn ESS_SIGNING_CERT_new void
33 .Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert"
35 .Fn ESS_CERT_ID_new void
37 .Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id"
38 .Ft ESS_ISSUER_SERIAL *
39 .Fn ESS_ISSUER_SERIAL_new void
41 .Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial"
43 The signing certificate may be included in the signedAttributes
46 structure to mitigate simple substitution and re-issue attacks.
48 .Fn ESS_SIGNING_CERT_new
49 allocates and initializes an empty
51 object, representing an ASN.1
52 .Vt SigningCertificate
53 structure defined in RFC 2634 section 5.4.
54 It can hold the certificate used for signing the data,
55 additional authorization certificates that can be used during
56 validation, and policies applying to the certificate.
57 .Fn ESS_SIGNING_CERT_free
62 allocates and initializes an empty
64 object, representing an ASN.1
66 structure defined in RFC 2634 section 5.4.1.
67 Such objects can be used inside
69 objects, and each one can hold a SHA1 hash of one certificate.
74 .Fn ESS_ISSUER_SERIAL_new
75 allocates and initializes an empty
77 object, representing an ASN.1
79 structure defined in RFC 2634 section 5.4.1.
80 It can hold an issuer name and a serial number and can be included in an
82 object, which is useful for additional authorization certificates,
83 but redundant for the signing certificate itself.
84 .Fn ESS_ISSUER_SERIAL_free
88 .Fn ESS_SIGNING_CERT_new ,
91 .Fn ESS_ISSUER_SERIAL_new
93 .Vt ESS_SIGNING_CERT ,
97 object, respectively, or
101 RFC 2634: Enhanced Security Services for S/MIME,
102 section 5: Signing Certificate Attribute
104 Note that RFC 2634 has been updated by RFC 5035:
105 Enhanced Security Services (ESS) Update:
106 Adding CertID Algorithm Agility.
107 But the current implementation only supports the
108 Signing Certificate Attribute Definition Version 1
109 according to RFC 2634, not the
110 Signing Certificate Attribute Definition Version 2
111 according to RFC 5035.
113 These functions first appeared in OpenSSL 1.0.0
114 and have been available since