OpenBSD manual page server

NAME

X509_CRL_new, X509_CRL_dup, X509_CRL_up_ref, X509_CRL_free, X509_CRL_INFO_new, X509_CRL_INFO_free — X.509 certificate revocation lists

SYNOPSIS

#include <openssl/x509.h>

X509_CRL *
X509_CRL_new(void);

X509_CRL *
X509_CRL_dup(X509_CRL *crl);

int
X509_CRL_up_ref(X509_CRL *crl);

void
X509_CRL_free(X509_CRL *crl);

X509_CRL_INFO *
X509_CRL_INFO_new(void);

void
X509_CRL_INFO_free(X509_CRL_INFO *crl_info);

DESCRIPTION

X509_CRL_new() allocates and initializes an empty X509_CRL object, representing an ASN.1 CertificateList structure defined in RFC 5280 section 5.1. It can hold a pointer to an X509_CRL_INFO object discussed below together with a cryptographic signature and information about the signature algorithm used. The reference count is set to 1.

X509_CRL_dup() creates a deep copy of crl.

X509_CRL_up_ref() increments the reference count of crl by 1.

X509_CRL_free() decrements the reference count of crl by 1. If the reference count reaches 0, it frees crl. If X509_CRL_set_default_method(3) was in effect at the time crl was created and the crl_free() callback is not NULL, that callback is invoked near the end of X509_CRL_free(), right before freeing crl itself.

X509_CRL_INFO_new() allocates and initializes an empty X509_CRL_INFO object, representing an ASN.1 TBSCertList structure defined in RFC 5280 section 5.1. It is used inside the X509_CRL object and can hold a list of revoked certificates, an issuer name, the time the list was issued, the time when the next update of the list is due, and optional extensions. X509_CRL_INFO_free() frees crl_info.

RETURN VALUES

X509_CRL_new(), X509_CRL_dup(), and X509_CRL_INFO_new() return the new X509_CRL or X509_CRL_INFO object, respectively, or NULL if an error occurs.

X509_CRL_up_ref() returns 1 on success or 0 on error.

SEE ALSO

ACCESS_DESCRIPTION_new(3), AUTHORITY_KEYID_new(3), d2i_X509_CRL(3), DIST_POINT_new(3), PEM_read_X509_CRL(3), X509_CRL_digest(3), X509_CRL_get0_by_serial(3), X509_CRL_get0_lastUpdate(3), X509_CRL_get0_signature(3), X509_CRL_get_ext(3), X509_CRL_get_ext_d2i(3), X509_CRL_get_issuer(3), X509_CRL_get_version(3), X509_CRL_match(3), X509_CRL_METHOD_new(3), X509_CRL_print(3), X509_CRL_sign(3), X509_EXTENSION_new(3), X509_INFO_new(3), X509_load_crl_file(3), X509_new(3), X509_OBJECT_get0_X509_CRL(3), X509_REVOKED_new(3), X509_STORE_CTX_set0_crls(3), X509_STORE_get1_crls(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 5: CRL and CRL Extensions Profile

HISTORY

X509_CRL_new(), X509_CRL_free(), X509_CRL_INFO_new(), and X509_CRL_INFO_free() first appeared in SSLeay 0.4.4. X509_CRL_dup() first appeared in SSLeay 0.5.1. These functions have been available since OpenBSD 2.4.

X509_CRL_up_ref() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.3.