GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Crypto::Backend::OpenSSL::Config(3) User Contributed Perl Documentation OpenXPKI::Crypto::Backend::OpenSSL::Config(3)

OpenXPKI::Crypto::Backend::OpenSSL::Config

This module was designed to create an OpenSSL configuration on the fly for the various operations of OpenXPKI. The module support the following different section types:
- general OpenSSL configuration
- engine configuration
- new OIDs
- CA configuration
- CRL extension configuration
- certificate extension configuration
- CRL distribution points
- subject alternative names

- new
- set_engine
- set_profile
- set_crl_items
This method prepares the OpenSSL-specific representation of the certificate database (index.txt). The method expects an arrayref containing a list of all certificates to revoke.

Each item in the array must be an array with one or more elements:

  • certificate serial number, either binary or as hex prefixed with 0x
  • time of revocation (epoch)
  • reason_code
  • time of invalidity (epoch)

The first argument is mandatory, all other element can be empty or even left out.

If a revocation time is specified, it is used as the revocation timestamp in the generated CRL. The timestamp is specified in seconds since epoch.

The reason code is accepted literally. It should be one of 'unspecified', 'keyCompromise', 'CACompromise', 'affiliationChanged', 'superseded', 'cessationOfOperation',

The reason codes 'certificateHold', 'removeFromCRL'.

are currently not handled correctly and should be avoided. However, they will currently simply be passed in the CRL which may not have the desired result.

If the reason code is incorrect, a warning is logged and the reason code is set to 'unspecified' in order to make sure the certificate gets revoked at all.

Invalidity timestamp is only used in conjunction with a reason code of keyCompromise. The timestamp is specified in seconds since epoch.

- dump
- get_config_filename

my $profile = OpenXPKI::Crypto::Backend::OpenSSL::Config->new ( { TMP => '/tmp', }); $profile->set_engine($engine); $profile->set_profile($crl_profile); $profile->dump(); my $conf = $profile->get_config_filename(); ... execute an OpenSSL command with "-config $conf" ... ... or execute an OpenSSL command with "OPENSSL_CONF=$conf openssl" ...

OpenXPKI::Crypto::Profile::Base, OpenXPKI::Crypto::Profile::CRL, OpenXPKI::Crypto::Profile::Certificate and OpenXPKI::Crypto::Backend::OpenSSL
2022-05-14 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.