OpenBSD manual page server

Manual Page Search Parameters


X509_get_pubkey_parameterscopy public key parameters from a chain

#include <openssl/x509.h>

X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);

() copies public key parameters from the first appropriate certificate in the chain.

If pkey is not NULL and already contains complete public key parameters or uses an algorithm that does not use any parameters, no action occurs and the function indicates success without inspecting the existing parameters, without inspecting the chain, and without comparing any parameters.

Otherwise, all public key parameters are copied from the first certificate in the chain that contains complete public key parameters to each certificate preceding it in the chain. Unless pkey is a NULL pointer, the same parameters are also copied to pkey.

X509_get_pubkey_parameters() returns 1 for success or 0 for failure.

The following diagnostics can be retrieved with ERR_get_error(3), ERR_GET_REASON(3), and ERR_reason_error_string(3):

"unable to get certs public key"
Retrieving the public key from a certificate in the chain failed before a certificate containing complete public key parameters could be found.
"unable to find parameters in chain"
None of the certificates in the chain contain complete public key parameters.

EVP_PKEY_copy_parameters(3), EVP_PKEY_new(3), X509_get_pubkey(3), X509_new(3)

X509_get_pubkey_parameters() first appeared in SSLeay 0.8.0 and has been available since OpenBSD 2.4.

If X509_get_pubkey_parameters() fails and returns 0, a part of the parameters may or may not have been copied before the failure was detected, whereas other parts of pkey and chain may remain unchanged. So in case of failure, the state of the arguments may change and possibly become inconsistent.

November 26, 2021 OpenBSD-current