[thirdparty/openssl.git] / doc / man3 / X509_new.pod

=pod

=head1 NAME

X509_new, X509_new_ex,
X509_free, X509_up_ref,
X509_chain_up_ref - X509 certificate ASN1 allocation functions

=head1 SYNOPSIS

 #include <openssl/x509.h>

 X509 *X509_new(void);
 X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
 void X509_free(X509 *a);
 int X509_up_ref(X509 *a);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);

=head1 DESCRIPTION

The X509 ASN1 allocation routines, allocate and free an
X509 structure, which represents an X509 certificate.

X509_new_ex() allocates and initializes a X509 structure with a
library context of I<libctx>, property query of <propq> and a reference
count of B<1>. Many X509 functions such as X509_check_purpose(), and
X509_verify() use this library context to select which providers supply the
fetched algorithms (SHA1 is used internally). This created X509 object can then
be used when loading binary data using d2i_X509().

X509_new() is similar to X509_new_ex() but sets the library context
and property query to NULL. This results in the default (NULL) library context
being used for any X509 operations requiring algorithm fetches.

X509_free() decrements the reference count of B<X509> structure B<a> and
frees it up if the reference count is zero. If B<a> is NULL nothing is done.

X509_up_ref() increments the reference count of B<a>.

X509_chain_up_ref() increases the reference count of all certificates in
chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.

=head1 NOTES

The function X509_up_ref() if useful if a certificate structure is being
used by several different operations each of which will free it up after
use: this avoids the need to duplicate the entire certificate structure.

The function X509_chain_up_ref() doesn't just up the reference count of
each certificate. It also returns a copy of the stack, using sk_X509_dup(),
but it serves a similar purpose: the returned chain persists after the
original has been freed.

=head1 RETURN VALUES

If the allocation fails, X509_new() returns NULL and sets an error
code that can be obtained by L<ERR_get_error(3)>.
Otherwise it returns a pointer to the newly allocated structure.

X509_up_ref() returns 1 for success and 0 for failure.

X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.

=head1 SEE ALSO

L<d2i_X509(3)>,
L<ERR_get_error(3)>,
L<X509_CRL_get0_by_serial(3)>,
L<X509_get0_signature(3)>,
L<X509_get_ext_d2i(3)>,
L<X509_get_extension_flags(3)>,
L<X509_get_pubkey(3)>,
L<X509_get_subject_name(3)>,
L<X509_get_version(3)>,
L<X509_NAME_add_entry_by_txt(3)>,
L<X509_NAME_ENTRY_get_object(3)>,
L<X509_NAME_get_index_by_NID(3)>,
L<X509_NAME_print_ex(3)>,
L<X509_sign(3)>,
L<X509V3_get_d2i(3)>,
L<X509_verify_cert(3)>

=head1 HISTORY

The function X509_new_ex() was added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
9946fceb DSH	1	=pod
	2
	3	=head1 NAME
	4
d8652be0	5	X509_new, X509_new_ex,
d53b437f DDO	6	X509_free, X509_up_ref,
d53b437f DDO	7	X509_chain_up_ref - X509 certificate ASN1 allocation functions
9946fceb DSH	8
	9	=head1 SYNOPSIS
	10
c264592d UM	11	#include <openssl/x509.h>
c264592d UM	12
9946fceb	13	X509 *X509_new(void);
b4250010	14	X509 X509_new_ex(OSSL_LIB_CTX libctx, const char *propq);
9946fceb	15	void X509_free(X509 *a);
c5ebfcab	16	int X509_up_ref(X509 *a);
cf4462da	17	STACK_OF(X509) X509_chain_up_ref(STACK_OF(X509) x);
9946fceb DSH	18
	19	=head1 DESCRIPTION
	20
	21	The X509 ASN1 allocation routines, allocate and free an
	22	X509 structure, which represents an X509 certificate.
	23
d8652be0	24	X509_new_ex() allocates and initializes a X509 structure with a
6725682d SL	25	library context of I<libctx>, property query of <propq> and a reference
	26	count of B<1>. Many X509 functions such as X509_check_purpose(), and
	27	X509_verify() use this library context to select which providers supply the
e6c2f964 SL	28	fetched algorithms (SHA1 is used internally). This created X509 object can then
e6c2f964 SL	29	be used when loading binary data using d2i_X509().
6725682d	30
d8652be0	31	X509_new() is similar to X509_new_ex() but sets the library context
6725682d SL	32	and property query to NULL. This results in the default (NULL) library context
6725682d SL	33	being used for any X509 operations requiring algorithm fetches.
9946fceb	34
3a59ad98 DSH	35	X509_free() decrements the reference count of B<X509> structure B<a> and
	36	frees it up if the reference count is zero. If B<a> is NULL nothing is done.
	37
	38	X509_up_ref() increments the reference count of B<a>.
	39
cf4462da	40	X509_chain_up_ref() increases the reference count of all certificates in
d53b437f	41	chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.
cf4462da	42
3a59ad98 DSH	43	=head1 NOTES
	44
	45	The function X509_up_ref() if useful if a certificate structure is being
	46	used by several different operations each of which will free it up after
	47	use: this avoids the need to duplicate the entire certificate structure.
9946fceb	48
cf4462da	49	The function X509_chain_up_ref() doesn't just up the reference count of
d53b437f	50	each certificate. It also returns a copy of the stack, using sk_X509_dup(),
cf4462da DSH	51	but it serves a similar purpose: the returned chain persists after the
	52	original has been freed.
	53
9946fceb DSH	54	=head1 RETURN VALUES
9946fceb DSH	55
d53b437f	56	If the allocation fails, X509_new() returns NULL and sets an error
9b86974e	57	code that can be obtained by L<ERR_get_error(3)>.
9946fceb DSH	58	Otherwise it returns a pointer to the newly allocated structure.
9946fceb DSH	59
c5ebfcab	60	X509_up_ref() returns 1 for success and 0 for failure.
9946fceb	61
d53b437f	62	X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.
cf4462da	63
9946fceb DSH	64	=head1 SEE ALSO
9946fceb DSH	65
035014cd DSH	66	L<d2i_X509(3)>,
	67	L<ERR_get_error(3)>,
	68	L<X509_CRL_get0_by_serial(3)>,
	69	L<X509_get0_signature(3)>,
	70	L<X509_get_ext_d2i(3)>,
	71	L<X509_get_extension_flags(3)>,
	72	L<X509_get_pubkey(3)>,
	73	L<X509_get_subject_name(3)>,
	74	L<X509_get_version(3)>,
	75	L<X509_NAME_add_entry_by_txt(3)>,
	76	L<X509_NAME_ENTRY_get_object(3)>,
	77	L<X509_NAME_get_index_by_NID(3)>,
	78	L<X509_NAME_print_ex(3)>,
	79	L<X509_sign(3)>,
	80	L<X509V3_get_d2i(3)>,
	81	L<X509_verify_cert(3)>
9946fceb	82
6725682d SL	83	=head1 HISTORY
6725682d SL	84
d8652be0	85	The function X509_new_ex() was added in OpenSSL 3.0.
6725682d	86
e2f92610 RS	87	=head1 COPYRIGHT
e2f92610 RS	88
a28d06f3	89	Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	90
4746f25a	91	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	92	this file except in compliance with the License. You can obtain a copy
	93	in the file LICENSE in the source distribution or at
	94	L<https://www.openssl.org/source/license.html>.
	95
	96	=cut