OpenBSD manual page server

Manual Page Search Parameters

X509_CRL_GET0_BY_SERIAL(3) Library Functions Manual X509_CRL_GET0_BY_SERIAL(3)

X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_CRL_add0_revoked, X509_CRL_sortadd, sort, and retrieve CRL entries

#include <openssl/x509.h>

int
X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial);

int
X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);

STACK_OF(X509_REVOKED) *
X509_CRL_get_REVOKED(X509_CRL *crl);

int
X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);

int
X509_CRL_sort(X509_CRL *crl);

() attempts to find a revoked entry in crl for serial number serial. If it is successful, it sets *ret to the internal pointer of the matching entry. Consequently, *ret must not be freed up after the call.

() is similar to X509_CRL_get0_by_serial() except that it looks for a revoked entry using the serial number of certificate x.

If X509_CRL_set_default_method(3) was in effect at the time the crl object was created, () and X509_CRL_get0_by_cert() invoke the () callback function instead of performing the default action.

() returns an internal pointer to a stack of all revoked entries for crl.

() appends revoked entry rev to CRL crl. The pointer rev is used internally so it must not be freed up after the call: it is freed when the parent CRL is freed.

() sorts the revoked entries of crl into ascending serial number order.

Applications can determine the number of revoked entries returned by () using () and examine each one in turn using (), both defined in <openssl/safestack.h>.

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure or 1 for success, except if the revoked entry has the reason "removeFromCRL", in which case 2 is returned.

The X509_CRL_add0_revoked() function returns 1 if successful; otherwise 0 is returned and an error code can be retrieved with ERR_get_error(3).

X509_CRL_sort() returns 1 for success or 0 for failure. The current implementation cannot fail.

X509_CRL_get_REVOKED() returns a STACK of revoked entries.

d2i_X509_CRL(3), X509_CRL_get_ext(3), X509_CRL_get_issuer(3), X509_CRL_get_version(3), X509_CRL_METHOD_new(3), X509_CRL_new(3), X509_REVOKED_new(3), X509V3_get_d2i(3)

X509_CRL_get_REVOKED() first appeared in OpenSSL 0.9.2b and has been available since OpenBSD 2.6.

X509_CRL_add0_revoked() and X509_CRL_sort() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

October 30, 2021 OpenBSD-7.4