Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Crypto::BackUser:ContributedPPerlCDypto::Backend::OpenSSL::Config(3)

Name
       OpenXPKI::Crypto::Backend::OpenSSL::Config

Description
       This module was designed	to create an OpenSSL configuration on the fly
       for the various operations of OpenXPKI. The module support the
       following different section types:

       - general OpenSSL configuration
       - engine	configuration
       - new OIDs
       - CA configuration
       - CRL extension configuration
       - certificate extension configuration
       - CRL distribution points
       - subject alternative names

Functions
       - new
       - set_engine
       - set_profile
       - set_crl_items
	   This	method prepares	the OpenSSL-specific representation of the
	   certificate database	(index.txt). The method	expects	an arrayref
	   containing a	list of	all certificates to revoke.

	   Each	item in	the array must be an array with	one or more elements:

	   o   certificate serial number, either binary	or as hex prefixed
	       with 0x

	   o   time of revocation (epoch)

	   o   reason_code

	   o   time of invalidity (epoch)

	   The first argument is mandatory, all	other element can be empty or
	   even	left out.

	   If a	revocation time	is specified, it is used as the	revocation
	   timestamp in	the generated CRL. The timestamp is specified in
	   seconds since epoch.

	   The reason code is accepted literally. It should be one of
	     'unspecified',
	     'keyCompromise',
	     'CACompromise',
	     'affiliationChanged',
	     'superseded',
	     'cessationOfOperation',

	   The reason codes
	     'certificateHold',
	     'removeFromCRL'.

	   are currently not handled correctly and should be avoided. However,
	   they	will currently simply be passed	in the CRL which may not have
	   the desired result.

	   If the reason code is incorrect, a warning is logged	and the	reason
	   code	is set to 'unspecified'	in order to make sure the certificate
	   gets	revoked	at all.

	   Invalidity timestamp	is only	used in	conjunction with a reason code
	   of keyCompromise. The timestamp is specified	in seconds since
	   epoch.

       - dump
       - get_config_filename

Example
       my $profile = OpenXPKI::Crypto::Backend::OpenSSL::Config->new (
		     {
			 TMP	=> '/tmp',
		     }); $profile->set_engine($engine);
       $profile->set_profile($crl_profile); $profile->dump(); my $conf =
       $profile->get_config_filename();	... execute an OpenSSL command with
       "-config	$conf" ...  ...	or execute an OpenSSL command with
       "OPENSSL_CONF=$conf openssl" ...

See Also
       OpenXPKI::Crypto::Profile::Base,	OpenXPKI::Crypto::Profile::CRL,
       OpenXPKI::Crypto::Profile::Certificate and
       OpenXPKI::Crypto::Backend::OpenSSL

perl v5.32.0			 OpenXPKI::Crypto::Backend::OpenSSL::Config(3)

Name | Description | Functions | Example | See Also

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Crypto::Backend::OpenSSL::Config&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help