]>
Commit | Line | Data |
---|---|---|
4bfe304e PY |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | X509_cmp, X509_NAME_cmp, | |
6 | X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, | |
7 | X509_CRL_cmp, X509_CRL_match | |
8 | - compare X509 certificates and related values | |
9 | ||
10 | =head1 SYNOPSIS | |
11 | ||
12 | #include <openssl/x509.h> | |
13 | ||
14 | int X509_cmp(const X509 *a, const X509 *b); | |
15 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); | |
16 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); | |
17 | int X509_issuer_name_cmp(const X509 *a, const X509 *b); | |
18 | int X509_subject_name_cmp(const X509 *a, const X509 *b); | |
19 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); | |
20 | int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); | |
21 | ||
22 | =head1 DESCRIPTION | |
23 | ||
24 | This set of functions are used to compare X509 objects, including X509 | |
25 | certificates, X509 CRL objects and various values in an X509 certificate. | |
26 | ||
27 | The X509_cmp() function compares two B<X509> objects indicated by parameters | |
28 | B<a> and B<b>. The comparison is based on the B<memcmp> result of the hash | |
29 | values of two B<X509> objects and the canonical (DER) encoding values. | |
30 | ||
31 | The X509_NAME_cmp() function compares two B<X509_NAME> objects indicated by | |
32 | parameters B<a> and B<b>. The comparison is based on the B<memcmp> result of | |
33 | the canonical (DER) encoding values of the two objects. L<i2d_X509_NAME(3)> | |
34 | has a more detailed description of the DER encoding of the B<X509_NAME> structure. | |
35 | ||
36 | The X509_issuer_and_serial_cmp() function compares the serial number and issuer | |
37 | values in the given B<X509> objects B<a> and B<b>. | |
38 | ||
39 | The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions | |
40 | are effectively wrappers of the X509_NAME_cmp() function. These functions compare | |
41 | issuer names and subject names of the X<509> objects, or issuers of B<X509_CRL> | |
42 | objects, respectively. | |
43 | ||
44 | The X509_CRL_match() function compares two B<X509_CRL> objects. Unlike the | |
45 | X509_CRL_cmp() function, this function compares the whole CRL content instead | |
46 | of just the issuer name. | |
47 | ||
48 | =head1 RETURN VALUES | |
49 | ||
50 | Like common memory comparison functions, the B<X509> comparison functions return | |
51 | an integer less than, equal to, or greater than zero if object B<a> is found to | |
52 | be less than, to match, or be greater than object B<b>, respectively. | |
53 | ||
54 | X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), | |
55 | X509_subject_name_cmp() and X509_CRL_cmp() may return B<-2> to indicate an error. | |
56 | ||
57 | =head1 NOTES | |
58 | ||
59 | These functions in fact utilize the underlying B<memcmp> of the C library to do | |
60 | the comparison job. Data to be compared varies from DER encoding data, hash | |
61 | value or B<ASN1_STRING>. The sign of the comparison can be used to order the | |
62 | objects but it does not have a special meaning in some cases. | |
63 | ||
64 | X509_NAME_cmp() and wrappers utilize the value B<-2> to indicate errors in some | |
65 | circumstances, which could cause confusion for the applications. | |
66 | ||
67 | =head1 SEE ALSO | |
68 | ||
69 | L<i2d_X509_NAME(3)>, L<i2d_X509(3)> | |
70 | ||
71 | =head1 COPYRIGHT | |
72 | ||
73 | Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
74 | ||
75 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
76 | this file except in compliance with the License. You can obtain a copy | |
77 | in the file LICENSE in the source distribution or at | |
78 | L<https://www.openssl.org/source/license.html>. | |
79 | ||
80 | =cut |