[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sat Nov 14 00:15:36 UTC 2015
The branch master has been updated
via ff7fbfd55039c6d1a003304abd89959365309d74 (commit)
via 699f1635242d509d0e47ca3132d1b5682a6a32b7 (commit)
via 748118a838bcb7b920c5e0bf389773544becc71b (commit)
from bf24ac9b54170c9060079c3f7a040162361c8e5e (commit)
- Log -----------------------------------------------------------------
commit ff7fbfd55039c6d1a003304abd89959365309d74
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Nov 2 11:52:01 2015 +0000
Document new functions
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 699f1635242d509d0e47ca3132d1b5682a6a32b7
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Sep 22 23:40:01 2015 +0100
Use accessors for X509_print_ex().
Print certificate details using accessor functions.
Since X509_CERT_AUX_print is only used in one place and can't
be used by applications (it uses an internal X509_CERT_AUX structure)
this has been removed and replaced by a function X509_aux_print which
takes an X509 pointer instead.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 748118a838bcb7b920c5e0bf389773544becc71b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Sep 22 23:40:43 2015 +0100
Add new X509 accessors
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/Makefile | 18 +-----
crypto/x509/t_x509.c | 99 ++++++++++++++++++++++++++-----
crypto/x509/t_x509a.c | 116 -------------------------------------
crypto/x509/x509_set.c | 18 ++++++
crypto/x509/x_x509a.c | 19 ++++++
doc/crypto/X509V3_get_d2i.pod | 12 ++++
doc/crypto/X509_get0_signature.pod | 8 ++-
doc/crypto/X509_get0_uids.pod | 47 +++++++++++++++
include/openssl/x509.h | 9 ++-
9 files changed, 195 insertions(+), 151 deletions(-)
delete mode 100644 crypto/x509/t_x509a.c
create mode 100644 doc/crypto/X509_get0_uids.pod
diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index ba0c87e..bb86d44 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -22,7 +22,7 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
x509type.c x509_lu.c x_all.c x509_txt.c \
x509_trs.c by_file.c by_dir.c x509_vpm.c \
x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
- x_x509a.c t_x509a.c x_attrib.c x_exten.c x_name.c
+ x_x509a.c x_attrib.c x_exten.c x_name.c
LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
x509_obj.o x509_req.o x509spki.o x509_vfy.o \
x509_set.o x509cset.o x509rset.o x509_err.o \
@@ -30,7 +30,7 @@ LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
x509type.o x509_lu.o x_all.o x509_txt.o \
x509_trs.o by_file.o by_dir.o x509_vpm.o \
x_crl.o t_crl.o x_req.o t_req.o x_x509.o t_x509.o \
- x_x509a.o t_x509a.o x_attrib.o x_exten.o x_name.o
+ x_x509a.o x_attrib.o x_exten.o x_name.o
SRC= $(LIBSRC)
@@ -145,20 +145,6 @@ t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_x509.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h
t_x509.o: ../include/internal/x509_int.h t_x509.c
-t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h
-t_x509a.o: t_x509a.c
x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 5a73db1..3a29f40 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -64,7 +64,6 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "internal/asn1_int.h"
-#include "internal/x509_int.h"
#ifndef OPENSSL_NO_STDIO
int X509_print_fp(FILE *fp, X509 *x)
@@ -101,7 +100,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
int ret = 0, i;
char *m = NULL, mlch = ' ';
int nmindent = 0;
- X509_CINF *ci;
ASN1_INTEGER *bs;
EVP_PKEY *pkey = NULL;
const char *neg;
@@ -114,7 +112,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
if (nmflags == X509_FLAG_COMPAT)
nmindent = 16;
- ci = &x->cert_info;
if (!(cflag & X509_FLAG_NO_HEADER)) {
if (BIO_write(bp, "Certificate:\n", 13) <= 0)
goto err;
@@ -162,7 +159,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
}
if (!(cflag & X509_FLAG_NO_SIGNAME)) {
- if (X509_signature_print(bp, &ci->signature, NULL) <= 0)
+ X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+ if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
goto err;
}
@@ -199,11 +197,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
goto err;
}
if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+ X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+ ASN1_OBJECT *xpoid;
+ X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
goto err;
if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
goto err;
- if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+ if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
@@ -219,30 +220,35 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
}
if (!(cflag & X509_FLAG_NO_IDS)) {
- if (ci->issuerUID) {
+ ASN1_BIT_STRING *iuid, *suid;
+ X509_get0_uids(&iuid, &suid, x);
+ if (iuid != NULL) {
if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
goto err;
- if (!X509_signature_dump(bp, ci->issuerUID, 12))
+ if (!X509_signature_dump(bp, iuid, 12))
goto err;
}
- if (ci->subjectUID) {
+ if (suid != NULL) {
if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
goto err;
- if (!X509_signature_dump(bp, ci->subjectUID, 12))
+ if (!X509_signature_dump(bp, suid, 12))
goto err;
}
}
if (!(cflag & X509_FLAG_NO_EXTENSIONS))
X509V3_extensions_print(bp, "X509v3 extensions",
- ci->extensions, cflag, 8);
+ X509_get0_extensions(x), cflag, 8);
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
- if (X509_signature_print(bp, &x->sig_alg, &x->signature) <= 0)
+ X509_ALGOR *sig_alg;
+ ASN1_BIT_STRING *sig;
+ X509_get0_signature(&sig, &sig_alg, x);
+ if (X509_signature_print(bp, sig_alg, sig) <= 0)
goto err;
}
if (!(cflag & X509_FLAG_NO_AUX)) {
- if (!X509_CERT_AUX_print(bp, x->aux, 0))
+ if (!X509_aux_print(bp, x, 0))
goto err;
}
ret = 1;
@@ -258,16 +264,19 @@ int X509_ocspid_print(BIO *bp, X509 *x)
int derlen;
int i;
unsigned char SHA1md[SHA_DIGEST_LENGTH];
+ ASN1_BIT_STRING *keybstr;
+ X509_NAME *subj;
/*
* display the hash of the subject as it would appear in OCSP requests
*/
if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
goto err;
- derlen = i2d_X509_NAME(x->cert_info.subject, NULL);
+ subj = X509_get_subject_name(x);
+ derlen = i2d_X509_NAME(subj, NULL);
if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
goto err;
- i2d_X509_NAME(x->cert_info.subject, &dertmp);
+ i2d_X509_NAME(subj, &dertmp);
if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
goto err;
@@ -284,8 +293,12 @@ int X509_ocspid_print(BIO *bp, X509 *x)
if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0)
goto err;
- if (!EVP_Digest(x->cert_info.key->public_key->data,
- x->cert_info.key->public_key->length,
+ keybstr = X509_get0_pubkey_bitstr(x);
+
+ if (keybstr == NULL)
+ goto err;
+
+ if (!EVP_Digest(ASN1_STRING_data(keybstr), ASN1_STRING_length(keybstr),
SHA1md, NULL, EVP_sha1(), NULL))
goto err;
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
@@ -347,3 +360,57 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
return 0;
return 1;
}
+
+int X509_aux_print(BIO *out, X509 *x, int indent)
+{
+ char oidstr[80], first;
+ STACK_OF(ASN1_OBJECT) *trust, *reject;
+ const unsigned char *alias, *keyid;
+ int keyidlen;
+ int i;
+ if (X509_trusted(x) == 0)
+ return 1;
+ trust = X509_get0_trust_objects(x);
+ reject = X509_get0_reject_objects(x);
+ if (trust) {
+ first = 1;
+ BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+ for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+ if (!first)
+ BIO_puts(out, ", ");
+ else
+ first = 0;
+ OBJ_obj2txt(oidstr, sizeof oidstr,
+ sk_ASN1_OBJECT_value(trust, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else
+ BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+ if (reject) {
+ first = 1;
+ BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+ for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+ if (!first)
+ BIO_puts(out, ", ");
+ else
+ first = 0;
+ OBJ_obj2txt(oidstr, sizeof oidstr,
+ sk_ASN1_OBJECT_value(reject, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else
+ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ alias = X509_alias_get0(x, NULL);
+ if (alias)
+ BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+ keyid = X509_keyid_get0(x, &keyidlen);
+ if (keyid) {
+ BIO_printf(out, "%*sKey Id: ", indent, "");
+ for (i = 0; i < keyidlen; i++)
+ BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]);
+ BIO_write(out, "\n", 1);
+ }
+ return 1;
+}
diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.c
deleted file mode 100644
index 06b227e..0000000
--- a/crypto/x509/t_x509a.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* t_x509a.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include "internal/x509_int.h"
-
-/*
- * X509_CERT_AUX and string set routines
- */
-
-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
-{
- char oidstr[80], first;
- int i;
- if (!aux)
- return 1;
- if (aux->trust) {
- first = 1;
- BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
- for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
- if (!first)
- BIO_puts(out, ", ");
- else
- first = 0;
- OBJ_obj2txt(oidstr, sizeof oidstr,
- sk_ASN1_OBJECT_value(aux->trust, i), 0);
- BIO_puts(out, oidstr);
- }
- BIO_puts(out, "\n");
- } else
- BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
- if (aux->reject) {
- first = 1;
- BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
- for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
- if (!first)
- BIO_puts(out, ", ");
- else
- first = 0;
- OBJ_obj2txt(oidstr, sizeof oidstr,
- sk_ASN1_OBJECT_value(aux->reject, i), 0);
- BIO_puts(out, oidstr);
- }
- BIO_puts(out, "\n");
- } else
- BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
- if (aux->alias)
- BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
- if (aux->keyid) {
- BIO_printf(out, "%*sKey Id: ", indent, "");
- for (i = 0; i < aux->keyid->length; i++)
- BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]);
- BIO_write(out, "\n", 1);
- }
- return 1;
-}
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 38ec0db..dbd9057 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -176,3 +176,21 @@ X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
{
return x->cert_info.key;
}
+
+STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
+{
+ return x->cert_info.extensions;
+}
+
+void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x)
+{
+ if (piuid != NULL)
+ *piuid = x->cert_info.issuerUID;
+ if (psuid != NULL)
+ *psuid = x->cert_info.subjectUID;
+}
+
+X509_ALGOR *X509_get0_tbs_sigalg(X509 *x)
+{
+ return &x->cert_info.signature;
+}
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index 76608b6..f79e5e7 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -83,6 +83,11 @@ ASN1_SEQUENCE(X509_CERT_AUX) = {
IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+int X509_trusted(const X509 *x)
+{
+ return x->aux ? 1 : 0;
+}
+
static X509_CERT_AUX *aux_get(X509 *x)
{
if (x == NULL)
@@ -198,3 +203,17 @@ void X509_reject_clear(X509 *x)
x->aux->reject = NULL;
}
}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x)
+{
+ if (x->aux != NULL)
+ return x->aux->trust;
+ return NULL;
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x)
+{
+ if (x->aux != NULL)
+ return x->aux->reject;
+ return NULL;
+}
diff --git a/doc/crypto/X509V3_get_d2i.pod b/doc/crypto/X509V3_get_d2i.pod
index 8e78488..8250010 100644
--- a/doc/crypto/X509V3_get_d2i.pod
+++ b/doc/crypto/X509V3_get_d2i.pod
@@ -31,6 +31,10 @@ X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
unsigned long flags);
+ STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
+ STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
+
=head1 DESCRIPTION
X509V3_get_ext_d2i() looks for an extension with OID B<nid> in the extensions
@@ -66,6 +70,10 @@ X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
extensions of B<X509_REVOKED> structure B<r> (i.e for CRL entry extensions),
they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().
+X509_get0_extensions(), X509_CRL_get0_extensions() and
+X509_REVOKED_get0_extensions() return a stack of all the extensions
+of a certificate a CRL or a CRL entry respectively.
+
=head1 NOTES
In almost all cases an extension can occur at most once and multiple
@@ -195,6 +203,10 @@ fails due to a non-fatal error (extension not found, already exists,
cannot be encoded) or -1 due to a fatal error such as a memory allocation
failure.
+X509_get0_extensions(), X509_CRL_get0_extensions() and
+X509_REVOKED_get0_extensions() return a stack of extensions. They can return
+NULL if no extensions are present.
+
=head1 SEE ALSO
L<d2i_X509(3)>,
diff --git a/doc/crypto/X509_get0_signature.pod b/doc/crypto/X509_get0_signature.pod
index 102c0c6..8758684 100644
--- a/doc/crypto/X509_get0_signature.pod
+++ b/doc/crypto/X509_get0_signature.pod
@@ -2,8 +2,8 @@
=head1 NAME
-X509_get0_signature, X509_get_signature_nid, X509_REQ_get0_signature,
-X509_REQ_get_signature_nid, X509_CRL_get0_signature,
+X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
+X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
X509_CRL_get_signature_nid - signature information.
=head1 SYNOPSIS
@@ -13,6 +13,7 @@ X509_CRL_get_signature_nid - signature information.
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x);
int X509_get_signature_nid(const X509 *x);
+ X509_ALGOR *X509_get0_tbs_sigalg(X509 *x);
void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509_REQ *crl);
@@ -28,6 +29,9 @@ X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
to the signature algorithm of B<x>. The values returned are internal
pointers which B<MUST NOT> be freed up after the call.
+X509_get0_tbs_sigalg() returns the signature algorithm in the signed
+portion of B<x>.
+
X509_get_signature_nid() returns the NID corresponding to the signature
algorithm of B<x>.
diff --git a/doc/crypto/X509_get0_uids.pod b/doc/crypto/X509_get0_uids.pod
new file mode 100644
index 0000000..a61c267
--- /dev/null
+++ b/doc/crypto/X509_get0_uids.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+X509_get0_uids - get certificate unique identifiers
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x);
+
+=head1 DESCRIPTION
+
+X509_get0_uids() sets B<*piuid> and B<*psuid> to the issuer and subject unique
+identifiers of certificate B<x> or NULL if the fields are not present.
+
+=head1 NOTES
+
+The issuer and subject unique identifier fields are very rarely encountered in
+practice outside test cases.
+
+=head1 RETURN VALUES
+
+X509_get0_uids() does not return a value.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=cut
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 32bec25..8ba055f 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -627,6 +627,7 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x);
int X509_get_signature_nid(const X509 *x);
+int X509_trusted(const X509 *x);
int X509_alias_set1(X509 *x, unsigned char *name, int len);
int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char *X509_alias_get0(X509 *x, int *len);
@@ -639,6 +640,9 @@ int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
+
DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
DECLARE_ASN1_FUNCTIONS(X509_CRL)
@@ -702,6 +706,9 @@ int X509_get_signature_type(const X509 *x);
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
*/
X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x);
+X509_ALGOR *X509_get0_tbs_sigalg(X509 *x);
EVP_PKEY *X509_get_pubkey(X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
@@ -803,6 +810,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
unsigned long cflag);
int X509_print_fp(FILE *bp, X509 *x);
+int X509_aux_print(BIO *out, X509 *x, int indent);
int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
@@ -816,7 +824,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
unsigned long cflag);
int X509_print(BIO *bp, X509 *x);
int X509_ocspid_print(BIO *bp, X509 *x);
-int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp, X509_CRL *x);
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
unsigned long cflag);
More information about the openssl-commits
mailing list