1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk Kimd2i_X509_AUX, i2d_X509_AUX, 6e71b7053SJung-uk Kimi2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs 7e71b7053SJung-uk Kim- X509 encode and decode functions 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/x509.h> 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); 14*b077aed3SPierre Pronchery int i2d_X509_AUX(const X509 *x, unsigned char **out); 15e71b7053SJung-uk Kim int i2d_re_X509_tbs(X509 *x, unsigned char **out); 16e71b7053SJung-uk Kim int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); 17e71b7053SJung-uk Kim int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); 18e71b7053SJung-uk Kim 19e71b7053SJung-uk Kim=head1 DESCRIPTION 20e71b7053SJung-uk Kim 21e71b7053SJung-uk KimThe X509 encode and decode routines encode and parse an 22e71b7053SJung-uk KimB<X509> structure, which represents an X509 certificate. 23e71b7053SJung-uk Kim 24e71b7053SJung-uk Kimd2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to 25e71b7053SJung-uk Kimconsist of an X509 certificate followed by auxiliary trust information. 26e71b7053SJung-uk KimThis is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. 27e71b7053SJung-uk KimThis function should not be called on untrusted input. 28e71b7053SJung-uk Kim 29e71b7053SJung-uk Kimi2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output 30e71b7053SJung-uk Kimcontains both the certificate and any auxiliary trust information. 31e71b7053SJung-uk KimThis is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. 32e71b7053SJung-uk KimNote that this is a non-standard OpenSSL-specific data format. 33e71b7053SJung-uk Kim 34e71b7053SJung-uk Kimi2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only 35e71b7053SJung-uk Kimthe TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() 36e71b7053SJung-uk Kimand i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, 37e71b7053SJung-uk Kimrespectively. The "re" in B<i2d_re_X509_tbs> stands for "re-encode", 38e71b7053SJung-uk Kimand ensures that a fresh encoding is generated in case the object has been 39e71b7053SJung-uk Kimmodified after creation (see the BUGS section). 40e71b7053SJung-uk Kim 41e71b7053SJung-uk KimThe encoding of the TBSCertificate portion of a certificate is cached 42e71b7053SJung-uk Kimin the B<X509> structure internally to improve encoding performance 43e71b7053SJung-uk Kimand to ensure certificate signatures are verified correctly in some 44e71b7053SJung-uk Kimcertificates with broken (non-DER) encodings. 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimIf, after modification, the B<X509> object is re-signed with X509_sign(), 47e71b7053SJung-uk Kimthe encoding is automatically renewed. Otherwise, the encoding of the 48e71b7053SJung-uk KimTBSCertificate portion of the B<X509> can be manually renewed by calling 49e71b7053SJung-uk Kimi2d_re_X509_tbs(). 50e71b7053SJung-uk Kim 51e71b7053SJung-uk Kim=head1 RETURN VALUES 52e71b7053SJung-uk Kim 53e71b7053SJung-uk Kimd2i_X509_AUX() returns a valid B<X509> structure or NULL if an error occurred. 54e71b7053SJung-uk Kim 55e71b7053SJung-uk Kimi2d_X509_AUX() returns the length of encoded data or -1 on error. 56e71b7053SJung-uk Kim 57e71b7053SJung-uk Kimi2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the 58*b077aed3SPierre Proncherylength of encoded data or <=0 on error. 59e71b7053SJung-uk Kim 60e71b7053SJung-uk Kim=head1 SEE ALSO 61e71b7053SJung-uk Kim 62e71b7053SJung-uk KimL<ERR_get_error(3)> 63e71b7053SJung-uk KimL<X509_CRL_get0_by_serial(3)>, 64e71b7053SJung-uk KimL<X509_get0_signature(3)>, 65e71b7053SJung-uk KimL<X509_get_ext_d2i(3)>, 66e71b7053SJung-uk KimL<X509_get_extension_flags(3)>, 67e71b7053SJung-uk KimL<X509_get_pubkey(3)>, 68e71b7053SJung-uk KimL<X509_get_subject_name(3)>, 69e71b7053SJung-uk KimL<X509_get_version(3)>, 70e71b7053SJung-uk KimL<X509_NAME_add_entry_by_txt(3)>, 71e71b7053SJung-uk KimL<X509_NAME_ENTRY_get_object(3)>, 72e71b7053SJung-uk KimL<X509_NAME_get_index_by_NID(3)>, 73e71b7053SJung-uk KimL<X509_NAME_print_ex(3)>, 74e71b7053SJung-uk KimL<X509_new(3)>, 75e71b7053SJung-uk KimL<X509_sign(3)>, 76e71b7053SJung-uk KimL<X509V3_get_d2i(3)>, 77e71b7053SJung-uk KimL<X509_verify_cert(3)> 78e71b7053SJung-uk Kim 79e71b7053SJung-uk Kim=head1 COPYRIGHT 80e71b7053SJung-uk Kim 81*b077aed3SPierre ProncheryCopyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 82e71b7053SJung-uk Kim 83*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 84e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 85e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 86e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 87e71b7053SJung-uk Kim 88e71b7053SJung-uk Kim=cut 89