1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimCMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls 6e71b7053SJung-uk Kim- CMS certificate and CRL utility functions 7e71b7053SJung-uk Kim 8e71b7053SJung-uk Kim=head1 SYNOPSIS 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim #include <openssl/cms.h> 11e71b7053SJung-uk Kim 12e71b7053SJung-uk Kim int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); 13e71b7053SJung-uk Kim int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); 14e71b7053SJung-uk Kim STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); 15e71b7053SJung-uk Kim 16e71b7053SJung-uk Kim int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); 17e71b7053SJung-uk Kim int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); 18e71b7053SJung-uk Kim STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); 19e71b7053SJung-uk Kim 20e71b7053SJung-uk Kim=head1 DESCRIPTION 21e71b7053SJung-uk Kim 22cfc39718SJung-uk KimCMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>. 23*b077aed3SPierre ProncheryThis is used by L<CMS_sign_ex(3)> and L<CMS_sign(3)> and may be used before 24*b077aed3SPierre Proncherycalling L<CMS_verify(3)> to help chain building in certificate validation. 25cfc39718SJung-uk KimI<cms> must be of type signed data or (authenticated) enveloped data. 26cfc39718SJung-uk KimFor signed data, such a certificate can be used when signing or verifying 27cfc39718SJung-uk Kimto fill in the signer certificate or to provide an extra CA certificate 28cfc39718SJung-uk Kimthat may be needed for chain building in certificate validation. 29e71b7053SJung-uk Kim 30cfc39718SJung-uk KimCMS_get1_certs() returns all certificates in I<cms>. 31e71b7053SJung-uk Kim 32cfc39718SJung-uk KimCMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>. 33cfc39718SJung-uk KimI<cms> must be of type signed data or (authenticated) enveloped data. 34*b077aed3SPierre ProncheryFor signed data, such a CRL may be used in certificate validation 35*b077aed3SPierre Proncherywith L<CMS_verify(3)>. 36cfc39718SJung-uk KimIt may be given both for inclusion when signing a CMS message 37cfc39718SJung-uk Kimand when verifying a signed CMS message. 38cfc39718SJung-uk Kim 39cfc39718SJung-uk KimCMS_get1_crls() returns all CRLs in I<cms>. 40e71b7053SJung-uk Kim 41e71b7053SJung-uk Kim=head1 NOTES 42e71b7053SJung-uk Kim 43cfc39718SJung-uk KimThe CMS_ContentInfo structure I<cms> must be of type signed data or enveloped 44e71b7053SJung-uk Kimdata or an error will be returned. 45e71b7053SJung-uk Kim 46cfc39718SJung-uk KimFor signed data certificates and CRLs are added to the I<certificates> and 47cfc39718SJung-uk KimI<crls> fields of SignedData structure. For enveloped data they are added to 48e71b7053SJung-uk KimB<OriginatorInfo>. 49e71b7053SJung-uk Kim 50cfc39718SJung-uk KimAs the I<0> implies CMS_add0_cert() adds I<cert> internally to I<cms> and it 51cfc39718SJung-uk Kimmust not be freed up after the call as opposed to CMS_add1_cert() where I<cert> 52e71b7053SJung-uk Kimmust be freed up. 53e71b7053SJung-uk Kim 54*b077aed3SPierre ProncheryThe same certificate must not be added to the same cms structure more than once. 55e71b7053SJung-uk Kim 56e71b7053SJung-uk Kim=head1 RETURN VALUES 57e71b7053SJung-uk Kim 58e71b7053SJung-uk KimCMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return 59e71b7053SJung-uk Kim1 for success and 0 for failure. 60e71b7053SJung-uk Kim 61e71b7053SJung-uk KimCMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs 62e71b7053SJung-uk Kimor NULL if there are none or an error occurs. The only error which will occur 63cfc39718SJung-uk Kimin practice is if the I<cms> type is invalid. 64e71b7053SJung-uk Kim 65e71b7053SJung-uk Kim=head1 SEE ALSO 66e71b7053SJung-uk Kim 67e71b7053SJung-uk KimL<ERR_get_error(3)>, 68*b077aed3SPierre ProncheryL<CMS_sign(3)>, L<CMS_sign_ex(3)>, L<CMS_verify(3)>, 69e71b7053SJung-uk KimL<CMS_encrypt(3)> 70e71b7053SJung-uk Kim 71e71b7053SJung-uk Kim=head1 COPYRIGHT 72e71b7053SJung-uk Kim 73*b077aed3SPierre ProncheryCopyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. 74e71b7053SJung-uk Kim 75*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 76e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 77e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 78e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 79e71b7053SJung-uk Kim 80e71b7053SJung-uk Kim=cut 81