Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
| X509_CRL_GET0_BY_SERIAL(3) | Library Functions Manual | X509_CRL_GET0_BY_SERIAL(3) |
NAME
X509_CRL_get0_by_serial,
X509_CRL_get0_by_cert,
X509_CRL_get_REVOKED,
X509_CRL_add0_revoked,
X509_CRL_sort —
add, sort, and retrieve CRL entries
SYNOPSIS
#include
<openssl/x509.h>
int
X509_CRL_get0_by_serial(X509_CRL
*crl, X509_REVOKED **ret,
ASN1_INTEGER *serial);
int
X509_CRL_get0_by_cert(X509_CRL
*crl, X509_REVOKED **ret,
X509 *x);
STACK_OF(X509_REVOKED) *
X509_CRL_get_REVOKED(X509_CRL
*crl);
int
X509_CRL_add0_revoked(X509_CRL
*crl, X509_REVOKED *rev);
int
X509_CRL_sort(X509_CRL
*crl);
DESCRIPTION
X509_CRL_get0_by_serial() attempts to find a
revoked entry in crl for serial number
serial. If it is successful, it sets
*ret to the internal pointer of the matching
entry. Consequently, *ret must not be freed
up after the call.
X509_CRL_get0_by_cert() is similar to
X509_CRL_get0_by_serial() except that it
looks for a revoked entry using the serial number of certificate
x.
If
X509_CRL_set_default_method(3)
was in effect at the time the crl object was
created, X509_CRL_get0_by_serial() and
X509_CRL_get0_by_cert() invoke the
crl_lookup() callback function instead of
performing the default action.
X509_CRL_get_REVOKED() returns an internal
pointer to a stack of all revoked entries for
crl.
X509_CRL_add0_revoked() appends revoked entry
rev to CRL
crl. The pointer
rev is used internally so it must not be
freed up after the call: it is freed when the parent CRL is freed.
X509_CRL_sort() sorts the revoked entries of
crl into ascending serial number order.
Applications can determine the number of revoked entries returned by
X509_CRL_get_revoked() using
sk_X509_REVOKED_num() and examine each one
in turn using sk_X509_REVOKED_value(), both
defined in
<openssl/safestack.h>.
RETURN VALUES
X509_CRL_get0_by_serial() and
X509_CRL_get0_by_cert() return 0 for
failure or 1 for success, except if the revoked entry has the reason
“removeFromCRL”, in which case 2 is returned.
The X509_CRL_add0_revoked() function returns
1 if successful; otherwise 0 is returned and an error code can be retrieved
with
ERR_get_error(3).
X509_CRL_sort() returns 1 for success or 0
for failure. The current implementation cannot fail.
X509_CRL_get_REVOKED() returns a STACK of
revoked entries.
SEE ALSO
d2i_X509_CRL(3), X509_CRL_get_ext(3), X509_CRL_get_issuer(3), X509_CRL_get_version(3), X509_CRL_METHOD_new(3), X509_CRL_new(3), X509_REVOKED_new(3), X509V3_get_d2i(3)HISTORY
X509_CRL_get_REVOKED() first appeared in
OpenSSL 0.9.2b and has been available since OpenBSD
2.6.
X509_CRL_add0_revoked() and
X509_CRL_sort() first appeared in OpenSSL
0.9.7 and have been available since OpenBSD 3.2.
X509_CRL_get0_by_serial() and
X509_CRL_get0_by_cert() first appeared in
OpenSSL 1.0.0 and have been available since OpenBSD
4.9.| October 30, 2021 | Debian |