]>
Commit | Line | Data |
---|---|---|
4692340e RS |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | d2i_X509_AUX, i2d_X509_AUX, | |
6 | i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs | |
7 | - X509 encode and decode functions | |
8 | ||
9 | =head1 SYNOPSIS | |
10 | ||
11 | #include <openssl/x509.h> | |
12 | ||
13 | X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); | |
14 | int i2d_X509_AUX(X509 *x, unsigned char **out); | |
15 | int i2d_re_X509_tbs(X509 *x, unsigned char **out); | |
16 | int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); | |
17 | int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); | |
18 | ||
19 | =head1 DESCRIPTION | |
20 | ||
21 | The X509 encode and decode routines encode and parse an | |
22 | B<X509> structure, which represents an X509 certificate. | |
23 | ||
24 | d2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to | |
25 | consist of an X509 certificate followed by auxiliary trust information. | |
26 | This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. | |
27 | This function should not be called on untrusted input. | |
28 | ||
29 | i2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output | |
30 | contains both the certificate and any auxiliary trust information. | |
31 | This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. | |
32 | Note that this is a non-standard OpenSSL-specific data format. | |
33 | ||
34 | i2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only | |
35 | the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() | |
36 | and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, | |
37 | respectively. The "re" in B<i2d_re_X509_tbs> stands for "re-encode", | |
38 | and ensures that a fresh encoding is generated in case the object has been | |
39 | modified after creation (see the BUGS section). | |
40 | ||
41 | The encoding of the TBSCertificate portion of a certificate is cached | |
42 | in the B<X509> structure internally to improve encoding performance | |
43 | and to ensure certificate signatures are verified correctly in some | |
44 | certificates with broken (non-DER) encodings. | |
45 | ||
46 | If, after modification, the B<X509> object is re-signed with X509_sign(), | |
47 | the encoding is automatically renewed. Otherwise, the encoding of the | |
48 | TBSCertificate portion of the B<X509> can be manually renewed by calling | |
49 | i2d_re_X509_tbs(). | |
50 | ||
1f13ad31 PY |
51 | =head1 RETURN VALUES |
52 | ||
53 | d2i_X509_AUX() returns a valid B<X509> structure or NULL if an error occurred. | |
54 | ||
55 | i2d_X509_AUX() returns the length of encoded data or -1 on error. | |
56 | ||
57 | i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the | |
58 | length of encoded data or 0 on error. | |
59 | ||
4692340e RS |
60 | =head1 SEE ALSO |
61 | ||
62 | L<ERR_get_error(3)> | |
63 | L<X509_CRL_get0_by_serial(3)>, | |
64 | L<X509_get0_signature(3)>, | |
65 | L<X509_get_ext_d2i(3)>, | |
66 | L<X509_get_extension_flags(3)>, | |
67 | L<X509_get_pubkey(3)>, | |
68 | L<X509_get_subject_name(3)>, | |
69 | L<X509_get_version(3)>, | |
70 | L<X509_NAME_add_entry_by_txt(3)>, | |
71 | L<X509_NAME_ENTRY_get_object(3)>, | |
72 | L<X509_NAME_get_index_by_NID(3)>, | |
73 | L<X509_NAME_print_ex(3)>, | |
74 | L<X509_new(3)>, | |
75 | L<X509_sign(3)>, | |
76 | L<X509V3_get_d2i(3)>, | |
77 | L<X509_verify_cert(3)> | |
78 | ||
79 | =head1 COPYRIGHT | |
80 | ||
61f805c1 | 81 | Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. |
4692340e | 82 | |
4746f25a | 83 | Licensed under the Apache License 2.0 (the "License"). You may not use |
4692340e RS |
84 | this file except in compliance with the License. You can obtain a copy |
85 | in the file LICENSE in the source distribution or at | |
86 | L<https://www.openssl.org/source/license.html>. | |
87 | ||
88 | =cut |