]>
Commit | Line | Data |
---|---|---|
e33ffaca DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
da15c616 | 5 | CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions. |
e33ffaca DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/cms.h> | |
10 | ||
11 | STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); | |
12 | ||
38d3a738 | 13 | int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); |
da15c616 | 14 | ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); |
e33ffaca DSH |
15 | int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); |
16 | void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); | |
17 | ||
18 | =head1 DESCRIPTION | |
19 | ||
20 | The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures | |
21 | associated with a CMS signedData structure. | |
22 | ||
23 | CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier | |
24 | associated with a specific CMS_SignerInfo structure B<si>. Either the | |
25 | keyidentifier will be set in B<keyid> or B<both> issuer name and serial number | |
26 | in B<issuer> and B<sno>. | |
27 | ||
da15c616 DSH |
28 | CMS_SignerInfo_get0_signature() retrieves the signature associated with |
29 | B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned | |
30 | corresponds to the internal signature value if B<si> so it may be read or | |
31 | modified. | |
32 | ||
c420fab5 | 33 | CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer |
e33ffaca DSH |
34 | identifier B<si>. It returns zero if the comparison is successful and non zero |
35 | if not. | |
36 | ||
37 | CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B<si> to | |
38 | B<signer>. | |
39 | ||
40 | =head1 NOTES | |
41 | ||
42 | The main purpose of these functions is to enable an application to lookup | |
43 | signers certificates using any appropriate technique when the simpler method | |
44 | of CMS_verify() is not appropriate. | |
45 | ||
46 | In typical usage and application will retrieve all CMS_SignerInfo structures | |
47 | using CMS_get0_SignerInfo() and retrieve the identifier information using | |
48 | CMS. It will then obtain the signer certificate by some unspecified means | |
49 | (or return and error if it cannot be found) and set it using | |
50 | CMS_SignerInfo_set1_signer_cert(). | |
51 | ||
52 | Once all signer certificates have been set CMS_verify() can be used. | |
53 | ||
54 | Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if | |
55 | there are no signers this is not a problem in practice because the only | |
56 | error which can occur is if the B<cms> structure is not of type signedData | |
57 | due to application error. | |
58 | ||
59 | =head1 RETURN VALUES | |
60 | ||
61 | CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there | |
62 | are no signers or an error occurs. | |
63 | ||
64 | CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure. | |
65 | ||
66 | CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non | |
67 | zero otherwise. | |
68 | ||
69 | CMS_SignerInfo_set1_signer_cert() does not return a value. | |
70 | ||
71 | Any error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> | |
72 | ||
73 | =head1 SEE ALSO | |
74 | ||
75 | L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)> | |
76 | ||
77 | =head1 HISTORY | |
78 | ||
79 | These functions were first was added to OpenSSL 0.9.8 | |
80 | ||
81 | =cut |