1=pod 2 3=head1 NAME 4 5X509_LOOKUP_METHOD, 6X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, 7X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, 8X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, 9X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, 10X509_LOOKUP_meth_get_shutdown, 11X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, 12X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, 13X509_LOOKUP_meth_get_get_by_subject, 14X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, 15X509_LOOKUP_meth_get_get_by_issuer_serial, 16X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, 17X509_LOOKUP_meth_get_get_by_fingerprint, 18X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, 19X509_LOOKUP_meth_get_get_by_alias, 20X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL 21- Routines to build up X509_LOOKUP methods 22 23=head1 SYNOPSIS 24 25 #include <openssl/x509_vfy.h> 26 27 typedef x509_lookup_method_st X509_LOOKUP_METHOD; 28 29 X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); 30 void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); 31 32 int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, 33 int (*new_item) (X509_LOOKUP *ctx)); 34 int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) 35 (X509_LOOKUP *ctx); 36 37 int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, 38 void (*free) (X509_LOOKUP *ctx)); 39 void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) 40 (X509_LOOKUP *ctx); 41 42 int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, 43 int (*init) (X509_LOOKUP *ctx)); 44 int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) 45 (X509_LOOKUP *ctx); 46 47 int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, 48 int (*shutdown) (X509_LOOKUP *ctx)); 49 int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) 50 (X509_LOOKUP *ctx); 51 52 typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, 53 long argl, char **ret); 54 int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, 55 X509_LOOKUP_ctrl_fn ctrl_fn); 56 X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); 57 58 typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, 59 X509_LOOKUP_TYPE type, 60 X509_NAME *name, 61 X509_OBJECT *ret); 62 int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, 63 X509_LOOKUP_get_by_subject_fn fn); 64 X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( 65 const X509_LOOKUP_METHOD *method); 66 67 typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, 68 X509_LOOKUP_TYPE type, 69 X509_NAME *name, 70 ASN1_INTEGER *serial, 71 X509_OBJECT *ret); 72 int X509_LOOKUP_meth_set_get_by_issuer_serial( 73 X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); 74 X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( 75 const X509_LOOKUP_METHOD *method); 76 77 typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, 78 X509_LOOKUP_TYPE type, 79 const unsigned char* bytes, 80 int len, 81 X509_OBJECT *ret); 82 int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, 83 X509_LOOKUP_get_by_fingerprint_fn fn); 84 X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( 85 const X509_LOOKUP_METHOD *method); 86 87 typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, 88 X509_LOOKUP_TYPE type, 89 const char *str, 90 int len, 91 X509_OBJECT *ret); 92 int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, 93 X509_LOOKUP_get_by_alias_fn fn); 94 X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( 95 const X509_LOOKUP_METHOD *method); 96 97 int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); 98 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); 99 100=head1 DESCRIPTION 101 102The B<X509_LOOKUP_METHOD> type is a structure used for the implementation of new 103X509_LOOKUP types. It provides a set of functions used by OpenSSL for the 104implementation of various X509 and X509_CRL lookup capabilities. One instance 105of an X509_LOOKUP_METHOD can be associated to many instantiations of an 106B<X509_LOOKUP> structure. 107 108X509_LOOKUP_meth_new() creates a new B<X509_LOOKUP_METHOD> structure. It should 109be given a human-readable string containing a brief description of the lookup 110method. 111 112X509_LOOKUP_meth_free() destroys a B<X509_LOOKUP_METHOD> structure. 113 114X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the 115function that is called when an B<X509_LOOKUP> object is created with 116X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP 117specific data, the supplied new_item function should allocate this data and 118invoke L<X509_LOOKUP_set_method_data(3)>. 119 120X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function 121that is used to free any method data that was allocated and set from within 122new_item function. 123 124X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the 125function that is used to initialize the method data that was set with 126L<X509_LOOKUP_set_method_data(3)> as part of the new_item routine. 127 128X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set 129the function that is used to shut down the method data whose state was 130previously initialized in the init function. 131 132X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a 133function to be used to handle arbitrary control commands issued by 134X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP 135B<ctx>, along with the arguments passed by X509_LOOKUP_ctrl. B<cmd> is 136an arbitrary integer that defines some operation. B<argc> is a pointer 137to an array of characters. B<argl> is an integer. B<ret>, if set, 138points to a location where any return data should be written to. How 139B<argc> and B<argl> are used depends entirely on the control function. 140 141 142X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), 143X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set 144the functions used to retrieve an X509 or X509_CRL object by the object's 145subject, issuer, fingerprint, and alias respectively. These functions are given 146the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters 147related to the lookup, and an X509_OBJECT that will receive the requested 148object. 149 150Implementations must add objects they find to the B<X509_STORE> object 151using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments 152its reference count. However, the X509_STORE_CTX_get_by_subject() 153function also increases the reference count which leads to one too 154many references being held. Therefore applications should 155additionally call X509_free() or X509_CRL_free() to decrement the 156reference count again. 157 158Implementations should also use either X509_OBJECT_set1_X509() or 159X509_OBJECT_set1_X509_CRL() to set the result. Note that this also 160increments the result's reference count. 161 162Any method data that was created as a result of the new_item function 163set by X509_LOOKUP_meth_set_new_item() can be accessed with 164L<X509_LOOKUP_get_method_data(3)>. The B<X509_STORE> object that owns the 165X509_LOOKUP may be accessed with L<X509_LOOKUP_get_store(3)>. Successful 166lookups should return 1, and unsuccessful lookups should return 0. 167 168X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), 169X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve 170the function set by the corresponding setter. 171 172=head1 RETURN VALUES 173 174The B<X509_LOOKUP_meth_set> functions return 1 on success or 0 on error. 175 176The B<X509_LOOKUP_meth_get> functions return the corresponding function 177pointers. 178 179=head1 SEE ALSO 180 181L<X509_STORE_new(3)>, L<SSL_CTX_set_cert_store(3)> 182 183=head1 HISTORY 184 185The functions described here were added in OpenSSL 1.1.0i. 186 187=head1 COPYRIGHT 188 189Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. 190 191Licensed under the OpenSSL license (the "License"). You may not use 192this file except in compliance with the License. You can obtain a copy 193in the file LICENSE in the source distribution or at 194L<https://www.openssl.org/source/license.html>. 195 196=cut 197