current nightly

Sortix nightly manual

This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.

NAME

X509_print_ex, X509_CERT_AUX_print, X509_print_ex_fp, X509_print, X509_print_fp — pretty-print an X.509 certificate

SYNOPSIS

#include <openssl/x509.h>

int
X509_print_ex(BIO *bio, X509 *x, unsigned long nameflags, unsigned long skipflags);

int
X509_CERT_AUX_print(BIO *bio, X509_CERT_AUX *aux, int indent);

int
X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nameflags, unsigned long skipflags);

int
X509_print(BIO *bio, X509 *x);

int
X509_print_fp(FILE *fp, X509 *x);

DESCRIPTION

X509_print_ex() prints information contained in x to bio in human-readable form. Printing is aborted as soon as any operation fails, with the exception that failures while attempting to decode or print the public key, the X.509 version 3 extensions, or non-standard auxiliary data are not considered as errors.

By default, the following blocks of information are printed in the following order. Each block can be skipped by setting the corresponding bit in skipflags, provided in parentheses after each block description.

A pair of lines reading “Certificate:” and “Data:” containing no information. (X509_FLAG_NO_HEADER)
The certificate version number as defined by the standard, followed in parentheses by the value contained in the version field in hexadecimal notation. See X509_get_version(3) for details. (X509_FLAG_NO_VERSION)
The serial number of the certificate as returned by X509_get_serialNumber(3). If it is not -1 and converting it to long succeeds, it is printed in both decimal and hexadecimal format. If it is -1, too wide to fit in long, or conversion fails, it is printed byte-by-byte in hexadecimal notation. (X509_FLAG_NO_SERIAL)
The name of the signature algorithm is printed with X509_signature_print(3). (X509_FLAG_NO_SIGNAME)
The issuer name returned by X509_get_issuer_name(3) is printed with X509_NAME_print_ex(3). (X509_FLAG_NO_ISSUER)
The validity period from X509_get_notBefore(3) to X509_get_notAfter(3) is printed using ASN1_TIME_print(3). (X509_FLAG_NO_VALIDITY)
The subject name returned from X509_get_subject_name(3) is printed with X509_NAME_print_ex(3). (X509_FLAG_NO_SUBJECT)
The public key algorithm is printed with i2a_ASN1_OBJECT(3), and the public key returned from X509_get_pubkey(3) with EVP_PKEY_print_public(3). (X509_FLAG_NO_PUBKEY)
All X.509 extensions contained in the certificate are printed with X509V3_extensions_print(3). (X509_FLAG_NO_EXTENSIONS)
The signature is printed with X509_signature_print(3). (X509_FLAG_NO_SIGDUMP)
Non-standard auxiliary data associated with the certificate is printed using the function X509_CERT_AUX_print() documented below. (X509_FLAG_NO_AUX)

The nameflags argument modifies the format for printing X.501 Name objects contained in x. It is passed through to X509_NAME_print_ex(3). If nameflags is X509_FLAG_COMPAT, the indent argument of X509_NAME_print_ex(3) is set to 16 spaces and the traditional SSLeay format generated by X509_NAME_print(3) is used. Otherwise, if the only bit set in XN_FLAG_SEP_MASK is XN_FLAG_SEP_MULTILINE, indent is set to 12 spaces. Otherwise, indent is set to zero.

X509_CERT_AUX_print() prints information contained in aux to bio in human-readable form with a left margin of indent spaces. If aux is NULL, it prints nothing.

Information is printed in the following order:

Purposes the certificate is intended to be used for as set with X509_add1_trust_object(3), each printed with OBJ_obj2txt(3).
Purposes the certificate is explicitly not intended to be used for as set with X509_add1_reject_object(3), again each printed with OBJ_obj2txt(3).
If aux contains data set with X509_alias_set1(3), the raw bytes are printed in unencoded form.
If aux contains data set with X509_keyid_set1(3), the bytes are printed in hexadecimal notation with colons in between.

X509_print_ex_fp() is similar to X509_print_ex() except that it prints to fp.

X509_print() and X509_print_fp() are wrapper functions setting the nameflags to XN_FLAG_COMPAT and the skipflags to X509_FLAG_COMPAT.

RETURN VALUES

X509_print_ex(), X509_print_ex_fp(), X509_print(), and X509_print_fp() return 1 if all requested information was successfully printed, even if failures occurred while attempting to decode or print the public key or X.509 version 3 extensions, or 0 if any other operation failed.

X509_CERT_AUX_print() always returns 1 and silently ignores write errors.

HISTORY

X509_print() first appeared in SSLeay 0.5.1 and was changed to print to a BIO in SSLeay 0.6.0. X509_print_fp() first appeared in SSLeay 0.6.0. Both functions have been available since OpenBSD 2.4.

X509_CERT_AUX_print() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7.

X509_print_ex() and X509_print_ex_fp() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

BUGS

If arbitrary data was stored into x using X509_alias_set1(3), these functions may print binary data and even NUL bytes.