1X509(3) User Contributed Perl Documentation X509(3)
2
3
4
6 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
7
9 use Crypt::OpenSSL::X509;
10
11 my $x509 = Crypt::OpenSSL::X509->new_from_file('cert.pem');
12
13 print $x509->pubkey() . "\n";
14 print $x509->subject() . "\n";
15 print $x509->hash() . "\n";
16 print $x509->email() . "\n";
17 print $x509->issuer() . "\n";
18 print $x509->issuer_hash() . "\n";
19 print $x509->notBefore() . "\n";
20 print $x509->notAfter() . "\n";
21 print $x509->modulus() . "\n";
22 print $x509->exponent() . "\n";
23 print $x509->fingerprint_md5() . "\n";
24 print $x509->fingerprint_sha256() . "\n";
25 print $x509->as_string() . "\n";
26
27 my $x509 = Crypt::OpenSSL::X509->new_from_string(
28 $der_encoded_data, Crypt::OpenSSL::X509::FORMAT_ASN1
29 );
30
31 # given a time offset of $seconds, will the certificate be valid?
32 if ($x509->checkend($seconds)) {
33 # cert is expired at $seconds offset
34 } else {
35 # cert is ok at $seconds offset
36 }
37
38 my $exts = $x509->extensions_by_oid();
39
40 foreach my $oid (keys %$exts) {
41 my $ext = $$exts{$oid};
42 print $oid, " ", $ext->object()->name(), ": ", $ext->value(), "\n";
43 }
44
46 Crypt::OpenSSL::X509 - Perl extension to OpenSSL's X509 API.
47
49 This implement a large majority of OpenSSL's useful X509 API.
50
51 The email() method supports both certificates where the
52 subject is of the form:
53 "... CN=Firstname lastname/emailAddress=user@domain", and also
54 certificates where there is a X509v3 Extension of the form
55 "X509v3 Subject Alternative Name: email=user@domain".
56
57 EXPORT
58 None by default.
59
60 On request:
61
62 FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
63 FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
64
66 X509 CONSTRUCTORS
67 new ( )
68 Create a new X509 object.
69
70 new_from_string ( STRING [ FORMAT ] )
71 new_from_file ( FILENAME [ FORMAT ] )
72 Create a new X509 object from a string or file. "FORMAT" should be
73 "FORMAT_ASN1" or "FORMAT_PEM".
74
75 X509 ACCESSORS
76 subject
77 Subject name as a string.
78
79 issuer
80 Issuer name as a string.
81
82 issuer_hash
83 Issuer name hash as a string.
84
85 serial
86 Serial number as a string.
87
88 hash
89 Alias for subject_hash
90
91 subject_hash
92 Subject name hash as a string.
93
94 notBefore
95 "notBefore" time as a string.
96
97 notAfter
98 "notAfter" time as a string.
99
100 email
101 Email addresses as string, if multiple addresses found, they are
102 seperated by a space (' ').
103
104 version
105 Certificate version as a string.
106
107 sig_alg_name
108 Signature algorithm name as a string.
109
110 key_alg_name
111 Public key algorithm name as a string.
112
113 curve
114 Name of the EC curve used in the public key.
115
116 X509 METHODS
117 subject_name ( )
118 issuer_name ( )
119 Return a Name object for the subject or issuer name. Methods for
120 handling Name objects are given below.
121
122 is_selfsigned ( )
123 Return Boolean value if subject and issuer name are the same.
124
125 as_string ( [ FORMAT ] )
126 Return the certificate as a string in the specified format.
127 "FORMAT" can be one of "FORMAT_PEM" (the default) or "FORMAT_ASN1".
128
129 modulus ( )
130 Return the modulus for an RSA public key as a string of hex digits.
131 For DSA and EC return the public key. Other algorithms are not
132 supported.
133
134 bit_length ( )
135 Return the length of the modulus as a number of bits.
136
137 fingerprint_md5 ( )
138 fingerprint_sha1 ( )
139 fingerprint_sha224 ( )
140 fingerprint_sha256 ( )
141 fingerprint_sha384 ( )
142 fingerprint_sha512 ( )
143 Return the specified message digest for the certificate.
144
145 checkend( OFFSET )
146 Given an offset in seconds, will the certificate be expired?
147 Returns True if the certificate will be expired. False otherwise.
148
149 pubkey ( )
150 Return the RSA, DSA, or EC public key.
151
152 num_extensions ( )
153 Return the number of extensions in the certificate.
154
155 extension ( INDEX )
156 Return the Extension specified by the integer "INDEX". Methods for
157 handling Extension objects are given below.
158
159 extensions_by_oid ( )
160 extensions_by_name ( )
161 extensions_by_long_name ( )
162 Return a hash of Extensions indexed by OID or name.
163
164 has_extension_oid ( OID )
165 Return true if the certificate has the extension specified by
166 "OID".
167
168 X509::Extension METHODS
169 critical ( )
170 Return a value indicating if the extension is critical or not.
171 FIXME: the value is an ASN.1 BOOLEAN value.
172
173 object ( )
174 Return the ObjectID of the extension. Methods for handling
175 ObjectID objects are given below.
176
177 value ( )
178 Return the value of the extension as an asn1parse(1) style hex
179 dump.
180
181 as_string ( )
182 Return a human-readable version of the extension as formatted by
183 X509V3_EXT_print. Note that this will return an empty string for
184 OIDs with unknown ASN.1 encodings.
185
186 X509::ObjectID METHODS
187 name ( )
188 Return the long name of the object as a string.
189
190 oid ( )
191 Return the numeric dot-separated form of the object identifier as a
192 string.
193
194 X509::Name METHODS
195 as_string ( )
196 Return a string representation of the Name
197
198 entries ( )
199 Return an array of Name_Entry objects. Methods for handling
200 Name_Entry objects are given below.
201
202 has_entry ( TYPE [ LASTPOS ] )
203 has_long_entry ( TYPE [ LASTPOS ] )
204 has_oid_entry ( TYPE [ LASTPOS ] )
205 Return true if a name has an entry of the specified "TYPE".
206 Depending on the function the "TYPE" may be in the short form (e.g.
207 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
208 specified then the search is made from that index rather than from
209 the start.
210
211 get_index_by_type ( TYPE [ LASTPOS ] )
212 get_index_by_long_type ( TYPE [ LASTPOS ] )
213 get_index_by_oid_type ( TYPE [ LASTPOS ] )
214 Return the index of an entry of the specified "TYPE" in a name.
215 Depending on the function the "TYPE" may be in the short form (e.g.
216 "CN"), long form ("commonName") or OID (2.5.4.3). If "LASTPOS" is
217 specified then the search is made from that index rather than from
218 the start.
219
220 get_entry_by_type ( TYPE [ LASTPOS ] )
221 get_entry_by_long_type ( TYPE [ LASTPOS ] )
222 These methods work similarly to get_index_by_* but return the
223 Name_Entry rather than the index.
224
225 X509::Name_Entry METHODS
226 as_string ( [ LONG ] )
227 Return a string representation of the Name_Entry of the form
228 "typeName=Value". If "LONG" is 1, the long form of the type is
229 used.
230
231 type ( [ LONG ] )
232 Return a string representation of the type of the Name_Entry. If
233 "LONG" is 1, the long form of the type is used.
234
235 value ( )
236 Return a string representation of the value of the Name_Entry.
237
238 is_printableString ( )
239 is_ia5string ( )
240 is_utf8string ( )
241 is_asn1_type ( [ASN1_TYPE] )
242 Return true if the Name_Entry value is of the specified type. The
243 value of "ASN1_TYPE" should be as listed in OpenSSL's "asn1.h".
244
246 OpenSSL(1), Crypt::OpenSSL::RSA, Crypt::OpenSSL::Bignum
247
249 Dan Sully
250
252 • Timonthy Legge, release 1.9.10
253
254 • Patrick Cernko, release 1.9.9
255
256 • Shoichi Kaji, release 1.9.3 and 1.9.8
257
258 • Neil Bowers, release 1.8.13
259
260 • kmx, release 1.8.9
261
262 • Sebastian Andrzej Siewior
263
264 • David O'Callaghan, <david.ocallaghan@cs.tcd.ie>
265
266 • Daniel Kahn Gillmor <dkg@fifthhorseman.net>
267
269 Copyright 2004-2021 by Dan Sully
270
271 This library is free software; you can redistribute it and/or modify it
272 under the same terms as Perl itself.
273
274
275
276perl v5.34.0 2022-01-21 X509(3)