1da327cd2SJung-uk Kim=pod 2da327cd2SJung-uk Kim 3da327cd2SJung-uk Kim=head1 NAME 4da327cd2SJung-uk Kim 5da327cd2SJung-uk KimX509_cmp, X509_NAME_cmp, 6da327cd2SJung-uk KimX509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, 7da327cd2SJung-uk KimX509_CRL_cmp, X509_CRL_match 8da327cd2SJung-uk Kim- compare X509 certificates and related values 9da327cd2SJung-uk Kim 10da327cd2SJung-uk Kim=head1 SYNOPSIS 11da327cd2SJung-uk Kim 12da327cd2SJung-uk Kim #include <openssl/x509.h> 13da327cd2SJung-uk Kim 14da327cd2SJung-uk Kim int X509_cmp(const X509 *a, const X509 *b); 15da327cd2SJung-uk Kim int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); 16da327cd2SJung-uk Kim int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); 17da327cd2SJung-uk Kim int X509_issuer_name_cmp(const X509 *a, const X509 *b); 18da327cd2SJung-uk Kim int X509_subject_name_cmp(const X509 *a, const X509 *b); 19da327cd2SJung-uk Kim int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); 20da327cd2SJung-uk Kim int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); 21da327cd2SJung-uk Kim 22da327cd2SJung-uk Kim=head1 DESCRIPTION 23da327cd2SJung-uk Kim 24da327cd2SJung-uk KimThis set of functions are used to compare X509 objects, including X509 25da327cd2SJung-uk Kimcertificates, X509 CRL objects and various values in an X509 certificate. 26da327cd2SJung-uk Kim 27da327cd2SJung-uk KimThe X509_cmp() function compares two B<X509> objects indicated by parameters 28*b077aed3SPierre ProncheryI<a> and I<b>. The comparison is based on the B<memcmp> result of the hash 29da327cd2SJung-uk Kimvalues of two B<X509> objects and the canonical (DER) encoding values. 30da327cd2SJung-uk Kim 31da327cd2SJung-uk KimThe X509_NAME_cmp() function compares two B<X509_NAME> objects indicated by 32*b077aed3SPierre Proncheryparameters I<a> and I<b>. The comparison is based on the B<memcmp> result of the 33*b077aed3SPierre Proncherycanonical (DER) encoding values of the two objects using L<i2d_X509_NAME(3)>. 34*b077aed3SPierre ProncheryThis procedure adheres to the matching rules for Distinguished Names (DN) 35*b077aed3SPierre Proncherygiven in RFC 4517 section 4.2.15 and RFC 5280 section 7.1. 36*b077aed3SPierre ProncheryIn particular, the order of Relative Distinguished Names (RDNs) is relevant. 37*b077aed3SPierre ProncheryOn the other hand, if an RDN is multi-valued, i.e., it contains a set of 38*b077aed3SPierre ProncheryAttributeValueAssertions (AVAs), its members are effectively not ordered. 39da327cd2SJung-uk Kim 40da327cd2SJung-uk KimThe X509_issuer_and_serial_cmp() function compares the serial number and issuer 41*b077aed3SPierre Proncheryvalues in the given B<X509> objects I<a> and I<b>. 42da327cd2SJung-uk Kim 43da327cd2SJung-uk KimThe X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions 44da327cd2SJung-uk Kimare effectively wrappers of the X509_NAME_cmp() function. These functions compare 45da327cd2SJung-uk Kimissuer names and subject names of the X<509> objects, or issuers of B<X509_CRL> 46da327cd2SJung-uk Kimobjects, respectively. 47da327cd2SJung-uk Kim 48da327cd2SJung-uk KimThe X509_CRL_match() function compares two B<X509_CRL> objects. Unlike the 49da327cd2SJung-uk KimX509_CRL_cmp() function, this function compares the whole CRL content instead 50da327cd2SJung-uk Kimof just the issuer name. 51da327cd2SJung-uk Kim 52da327cd2SJung-uk Kim=head1 RETURN VALUES 53da327cd2SJung-uk Kim 54*b077aed3SPierre ProncheryThe B<X509> comparison functions return B<-1>, B<0>, or B<1> if object I<a> is 55*b077aed3SPierre Proncheryfound to be less than, to match, or be greater than object I<b>, respectively. 56da327cd2SJung-uk Kim 57da327cd2SJung-uk KimX509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), 58*b077aed3SPierre ProncheryX509_subject_name_cmp(), X509_CRL_cmp(), and X509_CRL_match() 59*b077aed3SPierre Proncherymay return B<-2> to indicate an error. 60da327cd2SJung-uk Kim 61da327cd2SJung-uk Kim=head1 NOTES 62da327cd2SJung-uk Kim 63da327cd2SJung-uk KimThese functions in fact utilize the underlying B<memcmp> of the C library to do 64da327cd2SJung-uk Kimthe comparison job. Data to be compared varies from DER encoding data, hash 65da327cd2SJung-uk Kimvalue or B<ASN1_STRING>. The sign of the comparison can be used to order the 66da327cd2SJung-uk Kimobjects but it does not have a special meaning in some cases. 67da327cd2SJung-uk Kim 68da327cd2SJung-uk KimX509_NAME_cmp() and wrappers utilize the value B<-2> to indicate errors in some 69da327cd2SJung-uk Kimcircumstances, which could cause confusion for the applications. 70da327cd2SJung-uk Kim 71da327cd2SJung-uk Kim=head1 SEE ALSO 72da327cd2SJung-uk Kim 73da327cd2SJung-uk KimL<i2d_X509_NAME(3)>, L<i2d_X509(3)> 74da327cd2SJung-uk Kim 75da327cd2SJung-uk Kim=head1 COPYRIGHT 76da327cd2SJung-uk Kim 77*b077aed3SPierre ProncheryCopyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 78da327cd2SJung-uk Kim 79da327cd2SJung-uk KimLicensed under the Apache License 2.0 (the "License"). You may not use 80da327cd2SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 81da327cd2SJung-uk Kimin the file LICENSE in the source distribution or at 82da327cd2SJung-uk KimL<https://www.openssl.org/source/license.html>. 83da327cd2SJung-uk Kim 84da327cd2SJung-uk Kim=cut 85