1X509(3) User Contributed Perl Documentation X509(3)
2
6 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7
9 use Crypt::OpenSSL::X509;
10 my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12 print $x509->pubkey() . "\n";
14 print $x509->subject() . "\n";
15 print $x509->hash() . "\n";
16 print $x509->email() . "\n";
17 print $x509->issuer() . "\n";
18 print $x509->issuer_hash() . "\n";
19 print $x509->notBefore() . "\n";
20 print $x509->notAfter() . "\n";
21 print $x509->modulus() . "\n";
22 print $x509->exponent() . "\n";
23 print $x509->fingerprint_md5() . "\n";
24 print $x509->fingerprint_sha256() . "\n";
25 print $x509->as_string() . "\n";
26 my $x509 = Crypt::OpenSSL::X509->new_from_string(
28 $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
29 );
30 # given a time offset of $seconds, will the certificate be valid?
32 if ($x509->checkend($seconds)) {
33 # cert is expired at $seconds offset
34 } else {
35 # cert is ok at $seconds offset
36 }
37 my $exts = $x509->extensions_by_oid();
39 foreach my $oid (keys %$exts) {
41 my $ext = $$exts{$oid};
42 print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
43 }
44
46 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
47
49 This implement a large majority of OpenSSL's useful X509 API.
50 The email() method supports both certificates where the
52 subject is of the form:
53 "... CN=Firstname lastname/emailAddress=user@domain", and also
54 certificates where there is a X509v3 Extension of the form
55 "X509v3 Subject Alternative Name: email=user@domain".
56 EXPORT
58 None by default.
59 On request:
61 FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
63 FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
64
66 X509 CONSTRUCTORS
67 new ( )
68 Create a new X509 object.
69 new_from_string ( STRING [ FORMAT ] )
71 new_from_file ( FILENAME [ FORMAT ] )
72 Create a new X509 object from a string or file. "FORMAT" should be
73 "FORMAT_ASN1" or "FORMAT_PEM".
74 X509 ACCESSORS
76 subject
77 Subject name as a string.
78 issuer
80 Issuer name as a string.
81 issuer_hash
83 Issuer name hash as a string.
84 serial
86 Serial number as a string.
87 hash
89 Alias for subject_hash
90 subject_hash
92 Subject name hash as a string.
93 notBefore
95 "notBefore" time as a string.
96 notAfter
98 "notAfter" time as a string.
99 email
101 Email addresses as string, if multiple addresses found, they are
102 separated by a space (' ').
103 version
105 Certificate version as a string.
106 sig_alg_name
108 Signature algorithm name as a string.
109 key_alg_name
111 Public key algorithm name as a string.
112 curve
114 Name of the EC curve used in the public key.
115 X509 METHODS
117 subject_name ( )
118 issuer_name ( )
119 Return a Name object for the subject or issuer name. Methods for
120 handling Name objects are given below.
121 is_selfsigned ( )
123 Return Boolean value if subject and issuer name are the same.
124 as_string ( [ FORMAT ] )
126 Return the certificate as a string in the specified format.
127 "FORMAT" can be one of "FORMAT_PEM" (the default) or "FORMAT_ASN1".
128 modulus ( )
130 Return the modulus for an RSA public key as a string of hex digits.
131 For DSA and EC return the public key. Other algorithms are not
132 supported.
133 bit_length ( )
135 Return the length of the modulus as a number of bits.
136 fingerprint_md5 ( )
138 fingerprint_sha1 ( )
139 fingerprint_sha224 ( )
140 fingerprint_sha256 ( )
141 fingerprint_sha384 ( )
142 fingerprint_sha512 ( )
143 Return the specified message digest for the certificate.
144 checkend( OFFSET )
146 Given an offset in seconds, will the certificate be expired?
147 Returns True if the certificate will be expired. False otherwise.
148 pubkey ( )
150 Return the RSA, DSA, or EC public key.
151 num_extensions ( )
153 Return the number of extensions in the certificate.
154 extension ( INDEX )
156 Return the Extension specified by the integer "INDEX". Methods for
157 handling Extension objects are given below.
158 extensions_by_oid ( )
160 extensions_by_name ( )
161 extensions_by_long_name ( )
162 Return a hash of Extensions indexed by OID or name.
163 has_extension_oid ( OID )
165 Return true if the certificate has the extension specified by
166 "OID".
167 subjectaltname ( )
169 Uses Convert::ASN1 to extract the Subject Alternative Names from
170 the X509 object. subjectaltname ( ) returns an array of
171 "rfc822Name"s
172 [
174 {
175 'rfc822Name' => 'altuser@mpi-sws.org'
176 },
177 {
178 'rfc822Name' => 'user@mpi-sws.org'
179 },
180 ]
181 X509::Extension METHODS
183 critical ( )
184 Return a value indicating if the extension is critical or not.
185 FIXME: the value is an ASN.1 BOOLEAN value.
186 object ( )
188 Return the ObjectID of the extension. Methods for handling
189 ObjectID objects are given below.
190 value ( )
192 Return the value of the extension as an asn1parse(1) style hex
193 dump.
194 as_string ( )
196 Return a human-readable version of the extension as formatted by
197 X509V3_EXT_print. Note that this will return an empty string for
198 OIDs with unknown ASN.1 encodings.
199 X509::ObjectID METHODS
201 name ( )
202 Return the long name of the object as a string.
203 oid ( )
205 Return the numeric dot-separated form of the object identifier as a
206 string.
207 X509::Name METHODS
209 as_string ( )
210 Return a string representation of the Name
211 entries ( )
213 Return an array of Name_Entry objects. Methods for handling
214 Name_Entry objects are given below.
215 has_entry ( TYPE [ LASTPOS ] )
217 has_long_entry ( TYPE [ LASTPOS ] )
218 has_oid_entry ( TYPE [ LASTPOS ] )
219 Return true if a name has an entry of the specified "TYPE".
220 Depending on the function the "TYPE" may be in the short form (e.g.
221 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
222 specified then the search is made from that index rather than from
223 the start.
224 get_index_by_type ( TYPE [ LASTPOS ] )
226 get_index_by_long_type ( TYPE [ LASTPOS ] )
227 get_index_by_oid_type ( TYPE [ LASTPOS ] )
228 Return the index of an entry of the specified "TYPE" in a name.
229 Depending on the function the "TYPE" may be in the short form (e.g.
230 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
231 specified then the search is made from that index rather than from
232 the start.
233 get_entry_by_type ( TYPE [ LASTPOS ] )
235 get_entry_by_long_type ( TYPE [ LASTPOS ] )
236 These methods work similarly to get_index_by_* but return the
237 Name_Entry rather than the index.
238 X509::Name_Entry METHODS
240 as_string ( [ LONG ] )
241 Return a string representation of the Name_Entry of the form
242 "typeName=Value". If "LONG" is 1, the long form of the type is
243 used.
244 type ( [ LONG ] )
246 Return a string representation of the type of the Name_Entry. If
247 "LONG" is 1, the long form of the type is used.
248 value ( )
250 Return a string representation of the value of the Name_Entry.
251 is_printableString ( )
253 is_ia5string ( )
254 is_utf8string ( )
255 is_asn1_type ( [ASN1_TYPE] )
256 Return true if the Name_Entry value is of the specified type. The
257 value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
258
260 Please report any bugs or feature requests using GitHub.
261 • GitHub Issues <https://github.com/dsully/perl-crypt-openssl-
263 x509/issues>
264
266 • OpenSSL website <https://www.openssl.org/>
267 • Crypt::OpenSSL::RSA <https://metacpan.org/pod/Crypt::OpenSSL::RSA>
269 • Crypt::OpenSSL::Bignum
271 <https://metacpan.org/pod/Crypt::OpenSSL::Bignum>
272 • Crypt::OpenSSL::Guess
274 <https://metacpan.org/pod/Crypt::OpenSSL::Guess>
275
277 • Dan Sully, original author
278 • Jonas Brømsø, current maintainer
280 • Please see the "ACKNOWLEDGEMENTS" section for a list of
282 contributors.
283
285 In alphabetical order.
286 • @eserte
288 • @kmx
290 • @stphnlyd
292 • Ashley Hindmarsh @bestscarper
294 • Bernhard M. Wiedemann @bmwiedemann
296 • Brad Davidson @brandond
298 • Daniel Kahn Gillmor
300 • Daniel Risacher
302 • David O'Callaghan
304 • David Steinbrunner @dsteinbrunner
306 • dsteinwand
308 • Florian Schlichting @fschlich
310 • IKEDA Soji @ikedas
312 • James Hunt @jhunt
314 • James Rouzier @jrouzierinverse
316 • Johanna @0xxon
318 • Jonas Brømsø @jonasbn
320 • Louise Doran
322 • Michael McClimon @mmcclimon
324 • Michal Josef Špaček @michal-josef-spacek
326 • Neil Bowers @neilb
328 • Nicholas Harteau
330 • Otmar Lendl
332 • Patrick C. @errror
334 • Patrick Cernko
336 • Petr Pisar @ppisar
338 • pi-rho
340 • Salvador Fandiño @salva
342 • Sebastian Andrzej Siewior
344 • Sho Nakatani @laysakura
346 • Shoichi Kaji @skaji
348 • Timothy Legge @timlegge
350 • Todd Rinaldo @toddr
352 • Uli Scholler
354
356 Copyright 2004-2022 by Dan Sully
357 This library is free software; you can redistribute it and/or modify it
359 under the same terms as Perl itself.
360perl v5.38.0 2023-07-20 X509(3)