Manual Page Search Parameters

X509_NEW(3) Library Functions Manual X509_NEW(3)

X509_new, X509_free, X509_up_ref, X509_chain_up_ref
X.509 certificate object

#include <openssl/x509.h>
X509 *
X509_free(X509 *a);
X509_up_ref(X509 *a);
STACK_OF(X509) *
X509_chain_up_ref(STACK_OF(X509) *chain);

X509_new() allocates and initializes an empty X509 object with reference count 1. It represents an ASN.1 Certificate structure defined in RFC 5280 section 4.1. It can hold a public key together with information about the person, organization, device, or function the associated private key belongs to.
X509_free() decrements the reference count of the X509 structure a and frees it up if the reference count reaches 0. If a is a NULL pointer, no action occurs.
X509_up_ref() increments the reference count of a by 1. This function is useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure.
X509_chain_up_ref() performs a shallow copy of the given chain using sk_X509_dup() and increments the reference count of each contained certificate by 1. Its purpose is similar to X509_up_ref(): The returned chain persists after the original is freed.
The object X509_INFO, which can hold a certificate, the corresponding private key, and a certificate revocation list, is not yet documented.

If the allocation fails, X509_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.
X509_up_ref() returns 1 for success or 0 for failure.
X509_chain_up_ref() returns the copy of the chain or NULL if an error occurs.

AUTHORITY_KEYID_new(3), BASIC_CONSTRAINTS_new(3), crypto(3), d2i_X509(3), ERR_get_error(3), X509_ALGOR_new(3), X509_CRL_new(3), X509_EXTENSION_new(3), X509_NAME_new(3), X509_REQ_new(3), X509_SIG_new(3)

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

X509_new() and X509_free() appeared in SSLeay 0.4 or earlier and have been available since OpenBSD 2.4.
X509_up_ref() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.1.
X509_chain_up_ref() first appeared in OpenSSL 1.0.2 and has been available since OpenBSD 6.3.

The X.509 public key infrastructure and its data types contain too many design bugs to list them. For lots of examples, see the classic X.509 Style Guide that Peter Gutmann published in 2000.
March 27, 2018 OpenBSD-current