OpenBSD manual page server

Manual Page Search Parameters

X509_CRL_GET0_BY_SERIAL(3) Library Functions Manual X509_CRL_GET0_BY_SERIAL(3)

X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_CRL_add0_revoked, X509_CRL_sortadd, sort, and retrieve CRL entries

#include <openssl/x509.h>

int
X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial);

int
X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);

STACK_OF(X509_REVOKED) *
X509_CRL_get_REVOKED(X509_CRL *crl);

int
X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);

int
X509_CRL_sort(X509_CRL *crl);

() attempts to find a revoked entry in crl for serial number serial. If it is successful, it sets *ret to the internal pointer of the matching entry. Consequently, *ret must not be freed up after the call.

() is similar to X509_CRL_get0_by_serial() except that it looks for a revoked entry using the serial number of certificate x.

() returns an internal pointer to a stack of all revoked entries for crl. It is implemented as a macro.

() appends revoked entry rev to CRL crl. The pointer rev is used internally so it must not be freed up after the call: it is freed when the parent CRL is freed.

() sorts the revoked entries of crl into ascending serial number order.

Applications can determine the number of revoked entries returned by () using () and examine each one in turn using (), both defined in <openssl/safestack.h>.

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure or 1 for success, except if the revoked entry has the reason "removeFromCRL", in which case 2 is returned.

The X509_CRL_add0_revoked() function returns 1 if successful; otherwise 0 is returned and an error code can be retrieved with ERR_get_error(3).

X509_CRL_sort() returns 1 for success or 0 for failure. The current implementation cannot fail.

X509_CRL_get_REVOKED() returns a STACK of revoked entries.

d2i_X509_CRL(3), X509_CRL_get_ext(3), X509_CRL_get_issuer(3), X509_CRL_get_version(3), X509_CRL_new(3), X509_REVOKED_new(3), X509V3_get_d2i(3)

X509_CRL_get_REVOKED() first appeared in OpenSSL 0.9.2b and has been available since OpenBSD 2.6.

X509_CRL_add0_revoked() and X509_CRL_sort() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

June 14, 2019 OpenBSD-current