OpenBSD manual page server

Manual Page Search Parameters

D2I_X509(3) Library Functions Manual D2I_X509(3)

d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, i2d_X509_fp, d2i_X509_AUX, i2d_X509_AUX, d2i_X509_CERT_AUX, i2d_X509_CERT_AUX, d2i_X509_CINF, i2d_X509_CINF, d2i_X509_VAL, i2d_X509_VALdecode and encode X.509 certificates

#include <openssl/x509.h>

X509 *
d2i_X509(X509 **val_out, const unsigned char **der_in, long length);

int
i2d_X509(X509 *val_in, unsigned char **der_out);

X509 *
d2i_X509_bio(BIO *in_bio, X509 **val_out);

X509 *
d2i_X509_fp(FILE *in_fp, X509 **val_out);

int
i2d_X509_bio(BIO *out_bio, X509 *val_in);

int
i2d_X509_fp(FILE *out_fp, X509 *val_in);

X509 *
d2i_X509_AUX(X509 **val_out, const unsigned char **der_in, long length);

int
i2d_X509_AUX(X509 *val_in, unsigned char **der_out);

X509_CERT_AUX *
d2i_X509_CERT_AUX(X509_CERT_AUX **val_out, const unsigned char **der_in, long length);

int
i2d_X509_CERT_AUX(X509_CERT_AUX *val_in, unsigned char **der_out);

X509_CINF *
d2i_X509_CINF(X509_CINF **val_out, const unsigned char **der_in, long length);

int
i2d_X509_CINF(X509_CINF *val_in, unsigned char **der_out);

X509_VAL *
d2i_X509_VAL(X509_VAL **val_out, const unsigned char **der_in, long length);

int
i2d_X509_VAL(X509_VAL *val_in, unsigned char **der_out);

These functions decode and encode X.509 certificates and some of their substructures. For details about the semantics, examples, caveats, and bugs, see ASN1_item_d2i(3).

d2i_X509() and i2d_X509() decode and encode an ASN.1 Certificate structure defined in RFC 5280 section 4.1.

d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp() are similar except that they decode or encode using a BIO or FILE pointer.

d2i_X509_AUX() is similar to d2i_X509(), but the input is expected to consist of an X.509 certificate followed by auxiliary trust information. This is used by the PEM routines to read TRUSTED CERTIFICATE objects. This function should not be called on untrusted input.

i2d_X509_AUX() is similar to i2d_X509(), but the encoded output contains both the certificate and any auxiliary trust information. This is used by the PEM routines to write TRUSTED CERTIFICATE objects. Note that this is a non-standard OpenSSL-specific data format.

d2i_X509_CERT_AUX() and i2d_X509_CERT_AUX() decode and encode optional non-standard auxiliary data appended to a certificate, for example friendly alias names and trust data.

d2i_X509_CINF() and i2d_X509_CINF() decode and encode an ASN.1 TBSCertificate structure defined in RFC 5280 section 4.1.

d2i_X509_VAL() and i2d_X509_VAL() decode and encode an ASN.1 Validity structure defined in RFC 5280 section 4.1.

d2i_X509(), d2i_X509_bio(), d2i_X509_fp(), and d2i_X509_AUX() return a valid X509 structure or NULL if an error occurs.

d2i_X509_CERT_AUX(), d2i_X509_CINF(), and d2i_X509_VAL() return an X509_CERT_AUX, X509_CINF, or X509_VAL object, respectively, or NULL if an error occurs.

i2d_X509(), i2d_X509_AUX(), i2d_X509_CERT_AUX(), i2d_X509_CINF(), and i2d_X509_VAL() return the number of bytes successfully encoded or a negative value if an error occurs.

i2d_X509_bio() and i2d_X509_fp() return 1 for success or 0 if an error occurs.

For all functions, the error code can be obtained by ERR_get_error(3).

ASN1_item_d2i(3), X509_CINF_new(3), X509_new(3)

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

d2i_X509(), i2d_X509(), d2i_X509_fp(), i2d_X509_fp(), d2i_X509_CINF(), i2d_X509_CINF(), d2i_X509_VAL(), and i2d_X509_VAL() first appeared in SSLeay 0.5.1. d2i_X509_bio() and i2d_X509_bio() first appeared in SSLeay 0.6.0. These functions have been available since OpenBSD 2.4.

d2i_X509_AUX(), i2d_X509_AUX(), d2i_X509_CERT_AUX(), and i2d_X509_CERT_AUX() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

March 27, 2018 OpenBSD-current