]>
Commit | Line | Data |
---|---|---|
9946fceb DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
d8652be0 | 5 | X509_new, X509_new_ex, |
d53b437f DDO |
6 | X509_free, X509_up_ref, |
7 | X509_chain_up_ref - X509 certificate ASN1 allocation functions | |
9946fceb DSH |
8 | |
9 | =head1 SYNOPSIS | |
10 | ||
c264592d UM |
11 | #include <openssl/x509.h> |
12 | ||
9946fceb | 13 | X509 *X509_new(void); |
b4250010 | 14 | X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq); |
9946fceb | 15 | void X509_free(X509 *a); |
c5ebfcab | 16 | int X509_up_ref(X509 *a); |
cf4462da | 17 | STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); |
9946fceb DSH |
18 | |
19 | =head1 DESCRIPTION | |
20 | ||
21 | The X509 ASN1 allocation routines, allocate and free an | |
22 | X509 structure, which represents an X509 certificate. | |
23 | ||
d8652be0 | 24 | X509_new_ex() allocates and initializes a X509 structure with a |
6725682d SL |
25 | library context of I<libctx>, property query of <propq> and a reference |
26 | count of B<1>. Many X509 functions such as X509_check_purpose(), and | |
27 | X509_verify() use this library context to select which providers supply the | |
e6c2f964 SL |
28 | fetched algorithms (SHA1 is used internally). This created X509 object can then |
29 | be used when loading binary data using d2i_X509(). | |
6725682d | 30 | |
d8652be0 | 31 | X509_new() is similar to X509_new_ex() but sets the library context |
6725682d SL |
32 | and property query to NULL. This results in the default (NULL) library context |
33 | being used for any X509 operations requiring algorithm fetches. | |
9946fceb | 34 | |
3a59ad98 DSH |
35 | X509_free() decrements the reference count of B<X509> structure B<a> and |
36 | frees it up if the reference count is zero. If B<a> is NULL nothing is done. | |
37 | ||
38 | X509_up_ref() increments the reference count of B<a>. | |
39 | ||
cf4462da | 40 | X509_chain_up_ref() increases the reference count of all certificates in |
d53b437f | 41 | chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL. |
cf4462da | 42 | |
3a59ad98 DSH |
43 | =head1 NOTES |
44 | ||
45 | The function X509_up_ref() if useful if a certificate structure is being | |
46 | used by several different operations each of which will free it up after | |
47 | use: this avoids the need to duplicate the entire certificate structure. | |
9946fceb | 48 | |
cf4462da | 49 | The function X509_chain_up_ref() doesn't just up the reference count of |
d53b437f | 50 | each certificate. It also returns a copy of the stack, using sk_X509_dup(), |
cf4462da DSH |
51 | but it serves a similar purpose: the returned chain persists after the |
52 | original has been freed. | |
53 | ||
9946fceb DSH |
54 | =head1 RETURN VALUES |
55 | ||
d53b437f | 56 | If the allocation fails, X509_new() returns NULL and sets an error |
9b86974e | 57 | code that can be obtained by L<ERR_get_error(3)>. |
9946fceb DSH |
58 | Otherwise it returns a pointer to the newly allocated structure. |
59 | ||
c5ebfcab | 60 | X509_up_ref() returns 1 for success and 0 for failure. |
9946fceb | 61 | |
d53b437f | 62 | X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred. |
cf4462da | 63 | |
9946fceb DSH |
64 | =head1 SEE ALSO |
65 | ||
035014cd DSH |
66 | L<d2i_X509(3)>, |
67 | L<ERR_get_error(3)>, | |
68 | L<X509_CRL_get0_by_serial(3)>, | |
69 | L<X509_get0_signature(3)>, | |
70 | L<X509_get_ext_d2i(3)>, | |
71 | L<X509_get_extension_flags(3)>, | |
72 | L<X509_get_pubkey(3)>, | |
73 | L<X509_get_subject_name(3)>, | |
74 | L<X509_get_version(3)>, | |
75 | L<X509_NAME_add_entry_by_txt(3)>, | |
76 | L<X509_NAME_ENTRY_get_object(3)>, | |
77 | L<X509_NAME_get_index_by_NID(3)>, | |
78 | L<X509_NAME_print_ex(3)>, | |
79 | L<X509_sign(3)>, | |
80 | L<X509V3_get_d2i(3)>, | |
81 | L<X509_verify_cert(3)> | |
9946fceb | 82 | |
6725682d SL |
83 | =head1 HISTORY |
84 | ||
d8652be0 | 85 | The function X509_new_ex() was added in OpenSSL 3.0. |
6725682d | 86 | |
e2f92610 RS |
87 | =head1 COPYRIGHT |
88 | ||
a28d06f3 | 89 | Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 90 | |
4746f25a | 91 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
92 | this file except in compliance with the License. You can obtain a copy |
93 | in the file LICENSE in the source distribution or at | |
94 | L<https://www.openssl.org/source/license.html>. | |
95 | ||
96 | =cut |