89 lines
3.0 KiB
Plaintext
89 lines
3.0 KiB
Plaintext
|
=pod
|
||
|
|
|
||
|
|
=head1 NAME
|
||
|
|
|
||
|
|
d2i_X509_AUX, i2d_X509_AUX,
|
||
|
|
i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs
|
||
|
|
- X509 encode and decode functions
|
||
|
|
|
||
|
|
=head1 SYNOPSIS
|
||
|
|
|
||
|
|
#include <openssl/x509.h>
|
||
|
|
|
||
|
|
X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
|
||
|
|
int i2d_X509_AUX(const X509 *x, unsigned char **out);
|
||
|
|
int i2d_re_X509_tbs(X509 *x, unsigned char **out);
|
||
|
|
int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
|
||
|
|
int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
|
||
|
|
|
||
|
|
=head1 DESCRIPTION
|
||
|
|
|
||
|
|
The X509 encode and decode routines encode and parse an
|
||
|
|
B<X509> structure, which represents an X509 certificate.
|
||
|
|
|
||
|
|
d2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to
|
||
|
|
consist of an X509 certificate followed by auxiliary trust information.
|
||
|
|
This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
|
||
|
|
This function should not be called on untrusted input.
|
||
|
|
|
||
|
|
i2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output
|
||
|
|
contains both the certificate and any auxiliary trust information.
|
||
|
|
This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
|
||
|
|
Note that this is a non-standard OpenSSL-specific data format.
|
||
|
|
|
||
|
|
i2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only
|
||
|
|
the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs()
|
||
|
|
and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request,
|
||
|
|
respectively. The "re" in B<i2d_re_X509_tbs> stands for "re-encode",
|
||
|
|
and ensures that a fresh encoding is generated in case the object has been
|
||
|
|
modified after creation (see the BUGS section).
|
||
|
|
|
||
|
|
The encoding of the TBSCertificate portion of a certificate is cached
|
||
|
|
in the B<X509> structure internally to improve encoding performance
|
||
|
|
and to ensure certificate signatures are verified correctly in some
|
||
|
|
certificates with broken (non-DER) encodings.
|
||
|
|
|
||
|
|
If, after modification, the B<X509> object is re-signed with X509_sign(),
|
||
|
|
the encoding is automatically renewed. Otherwise, the encoding of the
|
||
|
|
TBSCertificate portion of the B<X509> can be manually renewed by calling
|
||
|
|
i2d_re_X509_tbs().
|
||
|
|
|
||
|
|
=head1 RETURN VALUES
|
||
|
|
|
||
|
|
d2i_X509_AUX() returns a valid B<X509> structure or NULL if an error occurred.
|
||
|
|
|
||
|
|
i2d_X509_AUX() returns the length of encoded data or -1 on error.
|
||
|
|
|
||
|
|
i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the
|
||
|
|
length of encoded data or <=0 on error.
|
||
|
|
|
||
|
|
=head1 SEE ALSO
|
||
|
|
|
||
|
|
L<ERR_get_error(3)>
|
||
|
|
L<X509_CRL_get0_by_serial(3)>,
|
||
|
|
L<X509_get0_signature(3)>,
|
||
|
|
L<X509_get_ext_d2i(3)>,
|
||
|
|
L<X509_get_extension_flags(3)>,
|
||
|
|
L<X509_get_pubkey(3)>,
|
||
|
|
L<X509_get_subject_name(3)>,
|
||
|
|
L<X509_get_version(3)>,
|
||
|
|
L<X509_NAME_add_entry_by_txt(3)>,
|
||
|
|
L<X509_NAME_ENTRY_get_object(3)>,
|
||
|
|
L<X509_NAME_get_index_by_NID(3)>,
|
||
|
|
L<X509_NAME_print_ex(3)>,
|
||
|
|
L<X509_new(3)>,
|
||
|
|
L<X509_sign(3)>,
|
||
|
|
L<X509V3_get_d2i(3)>,
|
||
|
|
L<X509_verify_cert(3)>
|
||
|
|
|
||
|
|
=head1 COPYRIGHT
|
||
|
|
|
||
|
|
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
|
|
||
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
|
this file except in compliance with the License. You can obtain a copy
|
||
|
|
in the file LICENSE in the source distribution or at
|
||
|
|
L<https://www.openssl.org/source/license.html>.
|
||
|
|
|
||
|
|
=cut
|