1X509(3) User Contributed Perl Documentation X509(3)
2
3
4
6 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7
9 use Crypt::OpenSSL::X509;
10
11 my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12
13 print $x509->pubkey() . "\n";
14 print $x509->subject() . "\n";
15 print $x509->hash() . "\n";
16 print $x509->email() . "\n";
17 print $x509->issuer() . "\n";
18 print $x509->issuer_hash() . "\n";
19 print $x509->notBefore() . "\n";
20 print $x509->notAfter() . "\n";
21 print $x509->modulus() . "\n";
22 print $x509->exponent() . "\n";
23 print $x509->fingerprint_md5() . "\n";
24 print $x509->fingerprint_sha256() . "\n";
25 print $x509->as_string() . "\n";
26
27 my $x509 = Crypt::OpenSSL::X509->new_from_string(
28 $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
29 );
30
31 # given a time offset of $seconds, will the certificate be valid?
32 if ($x509->checkend($seconds)) {
33 # cert is expired at $seconds offset
34 } else {
35 # cert is ok at $seconds offset
36 }
37
38 my $exts = $x509->extensions_by_oid();
39
40 foreach my $oid (keys %$exts) {
41 my $ext = $$exts{$oid};
42 print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
43 }
44
46 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
47
49 This implement a large majority of OpenSSL's useful X509 API.
50
51 The email() method supports both certificates where the
52 subject is of the form:
53 "... CN=Firstname lastname/emailAddress=user@domain", and also
54 certificates where there is a X509v3 Extension of the form
55 "X509v3 Subject Alternative Name: email=user@domain".
56
57 EXPORT
58 None by default.
59
60 On request:
61
62 FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
63 FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
64
66 X509 CONSTRUCTORS
67 new ( )
68 Create a new X509 object.
69
70 new_from_string ( STRING [ FORMAT ] )
71 new_from_file ( FILENAME [ FORMAT ] )
72 Create a new X509 object from a string or file. "FORMAT" should be
73 "FORMAT_ASN1" or "FORMAT_PEM".
74
75 X509 ACCESSORS
76 subject
77 Subject name as a string.
78
79 issuer
80 Issuer name as a string.
81
82 issuer_hash
83 Issuer name hash as a string.
84
85 serial
86 Serial number as a string.
87
88 hash
89 Alias for subject_hash
90
91 subject_hash
92 Subject name hash as a string.
93
94 notBefore
95 "notBefore" time as a string.
96
97 notAfter
98 "notAfter" time as a string.
99
100 email
101 Email addresses as string, if multiple addresses found, they are
102 separated by a space (' ').
103
104 version
105 Certificate version as a string.
106
107 sig_alg_name
108 Signature algorithm name as a string.
109
110 key_alg_name
111 Public key algorithm name as a string.
112
113 curve
114 Name of the EC curve used in the public key.
115
116 X509 METHODS
117 subject_name ( )
118 issuer_name ( )
119 Return a Name object for the subject or issuer name. Methods for
120 handling Name objects are given below.
121
122 is_selfsigned ( )
123 Return Boolean value if subject and issuer name are the same.
124
125 as_string ( [ FORMAT ] )
126 Return the certificate as a string in the specified format.
127 "FORMAT" can be one of "FORMAT_PEM" (the default) or "FORMAT_ASN1".
128
129 modulus ( )
130 Return the modulus for an RSA public key as a string of hex digits.
131 For DSA and EC return the public key. Other algorithms are not
132 supported.
133
134 bit_length ( )
135 Return the length of the modulus as a number of bits.
136
137 fingerprint_md5 ( )
138 fingerprint_sha1 ( )
139 fingerprint_sha224 ( )
140 fingerprint_sha256 ( )
141 fingerprint_sha384 ( )
142 fingerprint_sha512 ( )
143 Return the specified message digest for the certificate.
144
145 checkend( OFFSET )
146 Given an offset in seconds, will the certificate be expired?
147 Returns True if the certificate will be expired. False otherwise.
148
149 pubkey ( )
150 Return the RSA, DSA, or EC public key.
151
152 num_extensions ( )
153 Return the number of extensions in the certificate.
154
155 extension ( INDEX )
156 Return the Extension specified by the integer "INDEX". Methods for
157 handling Extension objects are given below.
158
159 extensions_by_oid ( )
160 extensions_by_name ( )
161 extensions_by_long_name ( )
162 Return a hash of Extensions indexed by OID or name.
163
164 has_extension_oid ( OID )
165 Return true if the certificate has the extension specified by
166 "OID".
167
168 subjectaltname ( )
169 Uses Convert::ASN1 to extract the Subject Alternative Names from
170 the X509 object. subjectaltname ( ) returns an array of
171 "rfc822Name"s
172
173 [
174 {
175 'rfc822Name' => 'altuser@mpi-sws.org'
176 },
177 {
178 'rfc822Name' => 'user@mpi-sws.org'
179 },
180 ]
181
182 X509::Extension METHODS
183 critical ( )
184 Return a value indicating if the extension is critical or not.
185 FIXME: the value is an ASN.1 BOOLEAN value.
186
187 object ( )
188 Return the ObjectID of the extension. Methods for handling
189 ObjectID objects are given below.
190
191 value ( )
192 Return the value of the extension as an asn1parse(1) style hex
193 dump.
194
195 as_string ( )
196 Return a human-readable version of the extension as formatted by
197 X509V3_EXT_print. Note that this will return an empty string for
198 OIDs with unknown ASN.1 encodings.
199
200 X509::ObjectID METHODS
201 name ( )
202 Return the long name of the object as a string.
203
204 oid ( )
205 Return the numeric dot-separated form of the object identifier as a
206 string.
207
208 X509::Name METHODS
209 as_string ( )
210 Return a string representation of the Name
211
212 entries ( )
213 Return an array of Name_Entry objects. Methods for handling
214 Name_Entry objects are given below.
215
216 has_entry ( TYPE [ LASTPOS ] )
217 has_long_entry ( TYPE [ LASTPOS ] )
218 has_oid_entry ( TYPE [ LASTPOS ] )
219 Return true if a name has an entry of the specified "TYPE".
220 Depending on the function the "TYPE" may be in the short form (e.g.
221 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
222 specified then the search is made from that index rather than from
223 the start.
224
225 get_index_by_type ( TYPE [ LASTPOS ] )
226 get_index_by_long_type ( TYPE [ LASTPOS ] )
227 get_index_by_oid_type ( TYPE [ LASTPOS ] )
228 Return the index of an entry of the specified "TYPE" in a name.
229 Depending on the function the "TYPE" may be in the short form (e.g.
230 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
231 specified then the search is made from that index rather than from
232 the start.
233
234 get_entry_by_type ( TYPE [ LASTPOS ] )
235 get_entry_by_long_type ( TYPE [ LASTPOS ] )
236 These methods work similarly to get_index_by_* but return the
237 Name_Entry rather than the index.
238
239 X509::Name_Entry METHODS
240 as_string ( [ LONG ] )
241 Return a string representation of the Name_Entry of the form
242 "typeName=Value". If "LONG" is 1, the long form of the type is
243 used.
244
245 type ( [ LONG ] )
246 Return a string representation of the type of the Name_Entry. If
247 "LONG" is 1, the long form of the type is used.
248
249 value ( )
250 Return a string representation of the value of the Name_Entry.
251
252 is_printableString ( )
253 is_ia5string ( )
254 is_utf8string ( )
255 is_asn1_type ( [ASN1_TYPE] )
256 Return true if the Name_Entry value is of the specified type. The
257 value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
258
260 Please report any bugs or feature requests using GitHub.
261
262 • GitHub Issues <https://github.com/dsully/perl-crypt-openssl-
263 x509/issues>
264
266 • OpenSSL website <https://www.openssl.org/>
267
268 • Crypt::OpenSSL::RSA <https://metacpan.org/pod/Crypt::OpenSSL::RSA>
269
270 • Crypt::OpenSSL::Bignum
271 <https://metacpan.org/pod/Crypt::OpenSSL::Bignum>
272
273 • Crypt::OpenSSL::Guess
274 <https://metacpan.org/pod/Crypt::OpenSSL::Guess>
275
277 • Dan Sully, original author
278
279 • Jonas Brømsø, current maintainer
280
281 • Please see the "ACKNOWLEDGEMENTS" section for a list of
282 contributors.
283
285 In alphabetical order.
286
287 • @eserte
288
289 • @kmx
290
291 • @stphnlyd
292
293 • Ashley Hindmarsh @bestscarper
294
295 • Bernhard M. Wiedemann @bmwiedemann
296
297 • Brad Davidson @brandond
298
299 • Daniel Kahn Gillmor
300
301 • Daniel Risacher
302
303 • David O'Callaghan
304
305 • David Steinbrunner @dsteinbrunner
306
307 • dsteinwand
308
309 • Florian Schlichting @fschlich
310
311 • IKEDA Soji @ikedas
312
313 • James Hunt @jhunt
314
315 • James Rouzier @jrouzierinverse
316
317 • Johanna @0xxon
318
319 • Jonas Brømsø @jonasbn
320
321 • Louise Doran
322
323 • Michael McClimon @mmcclimon
324
325 • Michal Josef Špaček @michal-josef-spacek
326
327 • Neil Bowers @neilb
328
329 • Nicholas Harteau
330
331 • Otmar Lendl
332
333 • Patrick C. @errror
334
335 • Patrick Cernko
336
337 • Petr Pisar @ppisar
338
339 • pi-rho
340
341 • Salvador Fandiño @salva
342
343 • Sebastian Andrzej Siewior
344
345 • Sho Nakatani @laysakura
346
347 • Shoichi Kaji @skaji
348
349 • Timothy Legge @timlegge
350
351 • Todd Rinaldo @toddr
352
353 • Uli Scholler
354
356 Copyright 2004-2022 by Dan Sully
357
358 This library is free software; you can redistribute it and/or modify it
359 under the same terms as Perl itself.
360
361
362
363perl v5.38.0 2023-07-20 X509(3)