[openssl] OpenSSL_1_1_1-stable update

yang.yang at baishancloud.com yang.yang at baishancloud.com
Sat Jun 15 12:35:23 UTC 2019

The branch OpenSSL_1_1_1-stable has been updated
       via  ea5d4b89cc6f0273d5085f5902b68fc4aa32cb80 (commit)
      from  ed29a5f72e0d43526e9e5e7e9ff7de478ee99a50 (commit)

- Log -----------------------------------------------------------------
commit ea5d4b89cc6f0273d5085f5902b68fc4aa32cb80
Author: Paul Yang <yang.yang at baishancloud.com>
Date:   Thu Jun 6 11:42:02 2019 +0800

    Add documentation for X509_cmp and related APIs
    Fixes: #9088
    Functions documented in this commit: X509_cmp, X509_NAME_cmp,
    X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp,
    X509_CRL_cmp, X509_CRL_match
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9091)
    (cherry picked from commit 4bfe304ea85ed4b2b00dd0857ccf9bdeba4ce7b5)


Summary of changes:
 doc/man3/X509_cmp.pod | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 doc/man3/X509_cmp.pod

diff --git a/doc/man3/X509_cmp.pod b/doc/man3/X509_cmp.pod
new file mode 100644
index 0000000..3cb16b2
--- /dev/null
+++ b/doc/man3/X509_cmp.pod
@@ -0,0 +1,80 @@
+=head1 NAME
+X509_cmp, X509_NAME_cmp,
+X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp,
+X509_CRL_cmp, X509_CRL_match
+- compare X509 certificates and related values
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ int X509_cmp(const X509 *a, const X509 *b);
+ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+ int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+ int X509_subject_name_cmp(const X509 *a, const X509 *b);
+ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+This set of functions are used to compare X509 objects, including X509
+certificates, X509 CRL objects and various values in an X509 certificate.
+The X509_cmp() function compares two B<X509> objects indicated by parameters
+B<a> and B<b>. The comparison is based on the B<memcmp> result of the hash
+values of two B<X509> objects and the canonical (DER) encoding values.
+The X509_NAME_cmp() function compares two B<X509_NAME> objects indicated by
+parameters B<a> and B<b>. The comparison is based on the B<memcmp> result of
+the canonical (DER) encoding values of the two objects. L<i2d_X509_NAME(3)>
+has a more detailed description of the DER encoding of the B<X509_NAME> structure.
+The X509_issuer_and_serial_cmp() function compares the serial number and issuer
+values in the given B<X509> objects B<a> and B<b>.
+The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions
+are effectively wrappers of the X509_NAME_cmp() function. These functions compare
+issuer names and subject names of the X<509> objects, or issuers of B<X509_CRL>
+objects, respectively.
+The X509_CRL_match() function compares two B<X509_CRL> objects. Unlike the
+X509_CRL_cmp() function, this function compares the whole CRL content instead
+of just the issuer name.
+Like common memory comparison functions, the B<X509> comparison functions return
+an integer less than, equal to, or greater than zero if object B<a> is found to
+be less than, to match, or be greater than object B<b>, respectively.
+X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(),
+X509_subject_name_cmp() and X509_CRL_cmp() may return B<-2> to indicate an error.
+=head1 NOTES
+These functions in fact utilize the underlying B<memcmp> of the C library to do
+the comparison job. Data to be compared varies from DER encoding data, hash
+value or B<ASN1_STRING>. The sign of the comparison can be used to order the
+objects but it does not have a special meaning in some cases.
+X509_NAME_cmp() and wrappers utilize the value B<-2> to indicate errors in some
+circumstances, which could cause confusion for the applications.
+=head1 SEE ALSO
+L<i2d_X509_NAME(3)>, L<i2d_X509(3)>
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at

More information about the openssl-commits mailing list