NAME
X509_CRL_print,
X509_CRL_print_fp —
pretty-print a certificate revocation
list
SYNOPSIS
#include
<openssl/x509.h>
int
X509_CRL_print(BIO *bio,
X509_CRL *crl);
int
X509_CRL_print_fp(FILE *fp,
X509_CRL *crl);
DESCRIPTION
X509_CRL_print()
prints information contained in crl to
bio in human-readable form, in the following
order:
- The certificate revocation list version number as defined by the standard, followed in parentheses by the value contained in the version field in hexadecimal notation. See X509_CRL_get_version(3) for details.
- The name of the signature algorithm is printed with X509_signature_print(3).
- The issuer name as returned by X509_CRL_get_issuer(3).
- The times of the last and next updates as returned by X509_CRL_get0_lastUpdate(3) and X509_CRL_get0_nextUpdate(3) are printed with ASN1_TIME_print(3).
- All X.509 extensions directly contained in the certificate revocation list object crl are printed with X509V3_extensions_print(3).
- Information about revoked certificates is retrieved with
X509_CRL_get_REVOKED(3), and for each revoked certificate,
the following is printed:
- The serial number of the certificate is printed with i2a_ASN1_INTEGER(3).
- The revocation date is printed with ASN1_TIME_print(3).
- All X.509 extensions contained in the revocation entry are printed with X509V3_extensions_print(3).
- The signature of crl is printed with X509_signature_print(3).
X509_CRL_print_fp()
is similar to X509_CRL_print() except that it prints
to fp.
RETURN VALUES
These functions are intended to return 1 for success and 0 for error.
SEE ALSO
BIO_new(3), X509_CRL_new(3), X509_print_ex(3), X509_REVOKED_new(3)
HISTORY
These functions first appeared in OpenSSL 0.9.2 and have been available since OpenBSD 2.6.
BUGS
Most I/O errors are silently ignored. Even if the information printed is incomplete, these functions may return 1 anyway.
If the version number is invalid, no information from the CRL is printed and the functions fail.