xref: /freebsd/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod (revision ac77b2621508c6a50ab01d07fe8d43795d908f05)
1=pod
2
3=head1 NAME
4
5X509_LOOKUP_METHOD,
6X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item,
7X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free,
8X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init,
9X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown,
10X509_LOOKUP_meth_get_shutdown,
11X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl,
12X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject,
13X509_LOOKUP_meth_get_get_by_subject,
14X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial,
15X509_LOOKUP_meth_get_get_by_issuer_serial,
16X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint,
17X509_LOOKUP_meth_get_get_by_fingerprint,
18X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias,
19X509_LOOKUP_meth_get_get_by_alias,
20X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL
21- Routines to build up X509_LOOKUP methods
22
23=head1 SYNOPSIS
24
25 #include <openssl/x509_vfy.h>
26
27 typedef x509_lookup_method_st X509_LOOKUP_METHOD;
28
29 X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
30 void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
31
32 int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
33                                   int (*new_item) (X509_LOOKUP *ctx));
34 int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
35     (X509_LOOKUP *ctx);
36
37 int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
38                               void (*free) (X509_LOOKUP *ctx));
39 void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
40     (X509_LOOKUP *ctx);
41
42 int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
43                               int (*init) (X509_LOOKUP *ctx));
44 int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
45     (X509_LOOKUP *ctx);
46
47 int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
48                                   int (*shutdown) (X509_LOOKUP *ctx));
49 int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
50     (X509_LOOKUP *ctx);
51
52 typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
53                                    long argl, char **ret);
54 int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
55     X509_LOOKUP_ctrl_fn ctrl_fn);
56 X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
57
58 typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
59                                              X509_LOOKUP_TYPE type,
60                                              const X509_NAME *name,
61                                              X509_OBJECT *ret);
62 int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
63     X509_LOOKUP_get_by_subject_fn fn);
64 X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
65     const X509_LOOKUP_METHOD *method);
66
67 typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
68                                                    X509_LOOKUP_TYPE type,
69                                                    const X509_NAME *name,
70                                                    const ASN1_INTEGER *serial,
71                                                    X509_OBJECT *ret);
72 int X509_LOOKUP_meth_set_get_by_issuer_serial(
73     X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
74 X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
75     const X509_LOOKUP_METHOD *method);
76
77 typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
78                                                  X509_LOOKUP_TYPE type,
79                                                  const unsigned char* bytes,
80                                                  int len,
81                                                  X509_OBJECT *ret);
82 int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
83     X509_LOOKUP_get_by_fingerprint_fn fn);
84 X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
85     const X509_LOOKUP_METHOD *method);
86
87 typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
88                                            X509_LOOKUP_TYPE type,
89                                            const char *str,
90                                            int len,
91                                            X509_OBJECT *ret);
92 int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
93     X509_LOOKUP_get_by_alias_fn fn);
94 X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
95     const X509_LOOKUP_METHOD *method);
96
97 int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
98 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
99
100=head1 DESCRIPTION
101
102The B<X509_LOOKUP_METHOD> type is a structure used for the implementation of new
103X509_LOOKUP types. It provides a set of functions used by OpenSSL for the
104implementation of various X509 and X509_CRL lookup capabilities. One instance
105of an X509_LOOKUP_METHOD can be associated to many instantiations of an
106B<X509_LOOKUP> structure.
107
108X509_LOOKUP_meth_new() creates a new B<X509_LOOKUP_METHOD> structure. It should
109be given a human-readable string containing a brief description of the lookup
110method.
111
112X509_LOOKUP_meth_free() destroys a B<X509_LOOKUP_METHOD> structure.
113If the argument is NULL, nothing is done.
114
115X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the
116function that is called when an B<X509_LOOKUP> object is created with
117X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP
118specific data, the supplied new_item function should allocate this data and
119invoke L<X509_LOOKUP_set_method_data(3)>.
120
121X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function
122that is used to free any method data that was allocated and set from within
123new_item function.
124
125X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the
126function that is used to initialize the method data that was set with
127L<X509_LOOKUP_set_method_data(3)> as part of the new_item routine.
128
129X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set
130the function that is used to shut down the method data whose state was
131previously initialized in the init function.
132
133X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a
134function to be used to handle arbitrary control commands issued by
135X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP
136B<ctx>, along with the arguments passed by X509_LOOKUP_ctrl. B<cmd> is
137an arbitrary integer that defines some operation. B<argc> is a pointer
138to an array of characters. B<argl> is an integer. B<ret>, if set,
139points to a location where any return data should be written to. How
140B<argc> and B<argl> are used depends entirely on the control function.
141
142
143X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(),
144X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set
145the functions used to retrieve an X509 or X509_CRL object by the object's
146subject, issuer, fingerprint, and alias respectively. These functions are given
147the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters
148related to the lookup, and an X509_OBJECT that will receive the requested
149object.
150
151Implementations must add objects they find to the B<X509_STORE> object
152using X509_STORE_add_cert() or X509_STORE_add_crl().  This increments
153its reference count.  However, the X509_STORE_CTX_get_by_subject()
154function also increases the reference count which leads to one too
155many references being held.  Therefore, applications should
156additionally call X509_free() or X509_CRL_free() to decrement the
157reference count again.
158
159Implementations should also use either X509_OBJECT_set1_X509() or
160X509_OBJECT_set1_X509_CRL() to set the result.  Note that this also
161increments the result's reference count.
162
163Any method data that was created as a result of the new_item function
164set by X509_LOOKUP_meth_set_new_item() can be accessed with
165L<X509_LOOKUP_get_method_data(3)>. The B<X509_STORE> object that owns the
166X509_LOOKUP may be accessed with L<X509_LOOKUP_get_store(3)>. Successful
167lookups should return 1, and unsuccessful lookups should return 0.
168
169X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(),
170X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve
171the function set by the corresponding setter.
172
173=head1 RETURN VALUES
174
175The B<X509_LOOKUP_meth_set> functions return 1 on success or 0 on error.
176
177The B<X509_LOOKUP_meth_get> functions return the corresponding function
178pointers.
179
180=head1 SEE ALSO
181
182L<X509_STORE_new(3)>, L<SSL_CTX_set_cert_store(3)>
183
184=head1 HISTORY
185
186The functions described here were added in OpenSSL 1.1.0i.
187
188=head1 COPYRIGHT
189
190Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
191
192Licensed under the Apache License 2.0 (the "License").  You may not use
193this file except in compliance with the License.  You can obtain a copy
194in the file LICENSE in the source distribution or at
195L<https://www.openssl.org/source/license.html>.
196
197=cut
198