NAME

X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_get0_pubkey_bitstr, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_extract_key, X509_REQ_extract_key —

SYNOPSIS

#include <openssl/x509.h> EVP_PKEY *
X509_get_pubkey(X509 *x); EVP_PKEY *
X509_get0_pubkey(const X509 *x); int
X509_set_pubkey(X509 *x, EVP_PKEY *pkey); X509_PUBKEY *
X509_get_X509_PUBKEY(const X509 *x); ASN1_BIT_STRING *
X509_get0_pubkey_bitstr(const X509 *x); EVP_PKEY *
X509_REQ_get_pubkey(X509_REQ *req); EVP_PKEY *
X509_REQ_get0_pubkey(X509_REQ *req); int
X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *
X509_extract_key(X509 *x); EVP_PKEY *
X509_REQ_extract_key(X509_REQ *req);

DESCRIPTION

X509_get_pubkey() attempts to decode the public key for certificate x. If successful, it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use. X509_get0_pubkey() is similar except that it does not increment the reference count of the returned EVP_PKEY, so it must not be freed up after use. X509_get_X509_PUBKEY() returns an internal pointer to the SubjectPublicKeyInfo structure contained in x. The returned value must not be freed up after use. X509_get0_pubkey_bitstr() returns an internal pointer to just the public key contained in this SubjectPublicKeyInfo structure, without the information about the algorithm used. X509_set_pubkey() attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use. X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), and X509_REQ_set_pubkey() are similar but operate on certificate request req. The first time a public key is decoded, the EVP_PKEY structure is cached in the certificate or certificate request itself. Subsequent calls return the cached structure with its reference count incremented to improve performance. X509_extract_key() and X509_REQ_extract_key() are deprecated aliases for X509_get_pubkey() and X509_REQ_get_pubkey(), respectively, implemented as macros.

RETURN VALUES

X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), X509_get0_pubkey_bitstr(), X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_extract_key(), and X509_REQ_extract_key() return a public key or NULL if an error occurred. X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success or 0 for failure. In some cases of failure of X509_get0_pubkey(), X509_set_pubkey(), X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), and X509_REQ_set_pubkey(), the reason can be determined with ERR_get_error(3).

ERRORS

X509_get_pubkey(), X509_get0_pubkey(), X509_REQ_get_pubkey(), X509_extract_key(), and X509_REQ_extract_key() provide diagnostics as documented for X509_PUBKEY_get(3). If x or req is NULL or contains no certificate information, they fail without pushing an error onto the stack. X509_get_X509_PUBKEY() provides no diagnostics and crashes by accessing a NULL pointer if x is NULL or contains no certificate information, X509_get0_pubkey_bitstr() provides no diagnostics and fails without pushing an error onto the stack if x is NULL, but it crashes by accessing a NULL pointer if x contains no certificate information.

SEE ALSO

d2i_X509(3), X509_CRL_get0_by_serial(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_PUBKEY_new(3), X509_REQ_new(3), X509_sign(3), X509_verify_cert(3), X509V3_get_d2i(3)

STANDARDS

RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 4.1 Basic Certificate Fields RFC 2986: PKCS #10: Certification Request Syntax Specification, section 4.1 CertificationRequestInfo

HISTORY

X509_extract_key() and X509_REQ_extract_key() first appeared in SSLeay 0.5.1 but returned a pointer to an RSA object before SSLeay 0.6.0. X509_get_pubkey(), X509_set_pubkey(), X509_REQ_get_pubkey(), and X509_REQ_set_pubkey() first appeared in SSLeay 0.6.5. X509_get_X509_PUBKEY() first appeared in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4. X509_get0_pubkey_bitstr() first appeared in OpenSSL 0.9.7 and has been available since OpenBSD 3.4. X509_get0_pubkey() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.3. X509_REQ_get0_pubkey() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 7.1.