1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncheryX509_new, X509_new_ex, 6b077aed3SPierre ProncheryX509_free, X509_up_ref, 7b077aed3SPierre ProncheryX509_chain_up_ref - X509 certificate ASN1 allocation functions 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/x509.h> 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim X509 *X509_new(void); 14b077aed3SPierre Pronchery X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 15e71b7053SJung-uk Kim void X509_free(X509 *a); 16e71b7053SJung-uk Kim int X509_up_ref(X509 *a); 17e71b7053SJung-uk Kim STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); 18e71b7053SJung-uk Kim 19e71b7053SJung-uk Kim=head1 DESCRIPTION 20e71b7053SJung-uk Kim 21*a7148ab3SEnji CooperThe X509 ASN1 allocation routines allocate and free an 22e71b7053SJung-uk KimX509 structure, which represents an X509 certificate. 23e71b7053SJung-uk Kim 24b077aed3SPierre ProncheryX509_new_ex() allocates and initializes a X509 structure with a 25b077aed3SPierre Proncherylibrary context of I<libctx>, property query of I<propq> and a reference 26b077aed3SPierre Proncherycount of B<1>. Many X509 functions such as X509_check_purpose(), and 27b077aed3SPierre ProncheryX509_verify() use this library context to select which providers supply the 28b077aed3SPierre Proncheryfetched algorithms (SHA1 is used internally). This created X509 object can then 29b077aed3SPierre Proncherybe used when loading binary data using d2i_X509(). 30b077aed3SPierre Pronchery 31b077aed3SPierre ProncheryX509_new() is similar to X509_new_ex() but sets the library context 32b077aed3SPierre Proncheryand property query to NULL. This results in the default (NULL) library context 33b077aed3SPierre Proncherybeing used for any X509 operations requiring algorithm fetches. 34e71b7053SJung-uk Kim 35e71b7053SJung-uk KimX509_free() decrements the reference count of B<X509> structure B<a> and 36*a7148ab3SEnji Cooperfrees it up if the reference count is zero. If the argument is NULL, 37*a7148ab3SEnji Coopernothing is done. 38e71b7053SJung-uk Kim 39e71b7053SJung-uk KimX509_up_ref() increments the reference count of B<a>. 40e71b7053SJung-uk Kim 41e71b7053SJung-uk KimX509_chain_up_ref() increases the reference count of all certificates in 42b077aed3SPierre Proncherychain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL. 43e71b7053SJung-uk Kim 44e71b7053SJung-uk Kim=head1 NOTES 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimThe function X509_up_ref() if useful if a certificate structure is being 47e71b7053SJung-uk Kimused by several different operations each of which will free it up after 48e71b7053SJung-uk Kimuse: this avoids the need to duplicate the entire certificate structure. 49e71b7053SJung-uk Kim 50e71b7053SJung-uk KimThe function X509_chain_up_ref() doesn't just up the reference count of 51b077aed3SPierre Proncheryeach certificate. It also returns a copy of the stack, using sk_X509_dup(), 52e71b7053SJung-uk Kimbut it serves a similar purpose: the returned chain persists after the 53e71b7053SJung-uk Kimoriginal has been freed. 54e71b7053SJung-uk Kim 55e71b7053SJung-uk Kim=head1 RETURN VALUES 56e71b7053SJung-uk Kim 57b077aed3SPierre ProncheryIf the allocation fails, X509_new() returns NULL and sets an error 58e71b7053SJung-uk Kimcode that can be obtained by L<ERR_get_error(3)>. 59e71b7053SJung-uk KimOtherwise it returns a pointer to the newly allocated structure. 60e71b7053SJung-uk Kim 61e71b7053SJung-uk KimX509_up_ref() returns 1 for success and 0 for failure. 62e71b7053SJung-uk Kim 63b077aed3SPierre ProncheryX509_chain_up_ref() returns a copy of the stack or NULL if an error occurred. 64e71b7053SJung-uk Kim 65e71b7053SJung-uk Kim=head1 SEE ALSO 66e71b7053SJung-uk Kim 67e71b7053SJung-uk KimL<d2i_X509(3)>, 68e71b7053SJung-uk KimL<ERR_get_error(3)>, 69e71b7053SJung-uk KimL<X509_CRL_get0_by_serial(3)>, 70e71b7053SJung-uk KimL<X509_get0_signature(3)>, 71e71b7053SJung-uk KimL<X509_get_ext_d2i(3)>, 72e71b7053SJung-uk KimL<X509_get_extension_flags(3)>, 73e71b7053SJung-uk KimL<X509_get_pubkey(3)>, 74e71b7053SJung-uk KimL<X509_get_subject_name(3)>, 75e71b7053SJung-uk KimL<X509_get_version(3)>, 76e71b7053SJung-uk KimL<X509_NAME_add_entry_by_txt(3)>, 77e71b7053SJung-uk KimL<X509_NAME_ENTRY_get_object(3)>, 78e71b7053SJung-uk KimL<X509_NAME_get_index_by_NID(3)>, 79e71b7053SJung-uk KimL<X509_NAME_print_ex(3)>, 80e71b7053SJung-uk KimL<X509_sign(3)>, 81e71b7053SJung-uk KimL<X509V3_get_d2i(3)>, 82e71b7053SJung-uk KimL<X509_verify_cert(3)> 83e71b7053SJung-uk Kim 84b077aed3SPierre Pronchery=head1 HISTORY 85b077aed3SPierre Pronchery 86b077aed3SPierre ProncheryThe function X509_new_ex() was added in OpenSSL 3.0. 87b077aed3SPierre Pronchery 88e71b7053SJung-uk Kim=head1 COPYRIGHT 89e71b7053SJung-uk Kim 90*a7148ab3SEnji CooperCopyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. 91e71b7053SJung-uk Kim 92b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 93e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 94e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 95e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 96e71b7053SJung-uk Kim 97e71b7053SJung-uk Kim=cut 98