1=pod 2 3=head1 NAME 4 5d2i_X509_AUX, i2d_X509_AUX, 6i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs 7- X509 encode and decode functions 8 9=head1 SYNOPSIS 10 11 #include <openssl/x509.h> 12 13 X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); 14 int i2d_X509_AUX(const X509 *x, unsigned char **out); 15 int i2d_re_X509_tbs(X509 *x, unsigned char **out); 16 int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); 17 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); 18 19=head1 DESCRIPTION 20 21The X509 encode and decode routines encode and parse an 22B<X509> structure, which represents an X509 certificate. 23 24d2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to 25consist of an X509 certificate followed by auxiliary trust information. 26This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. 27This function should not be called on untrusted input. 28 29i2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output 30contains both the certificate and any auxiliary trust information. 31This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. 32Note that this is a non-standard OpenSSL-specific data format. 33 34i2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only 35the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() 36and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, 37respectively. The "re" in B<i2d_re_X509_tbs> stands for "re-encode", 38and ensures that a fresh encoding is generated in case the object has been 39modified after creation (see the BUGS section). 40 41The encoding of the TBSCertificate portion of a certificate is cached 42in the B<X509> structure internally to improve encoding performance 43and to ensure certificate signatures are verified correctly in some 44certificates with broken (non-DER) encodings. 45 46If, after modification, the B<X509> object is re-signed with X509_sign(), 47the encoding is automatically renewed. Otherwise, the encoding of the 48TBSCertificate portion of the B<X509> can be manually renewed by calling 49i2d_re_X509_tbs(). 50 51=head1 RETURN VALUES 52 53d2i_X509_AUX() returns a valid B<X509> structure or NULL if an error occurred. 54 55i2d_X509_AUX() returns the length of encoded data or -1 on error. 56 57i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the 58length of encoded data or <=0 on error. 59 60=head1 SEE ALSO 61 62L<ERR_get_error(3)> 63L<X509_CRL_get0_by_serial(3)>, 64L<X509_get0_signature(3)>, 65L<X509_get_ext_d2i(3)>, 66L<X509_get_extension_flags(3)>, 67L<X509_get_pubkey(3)>, 68L<X509_get_subject_name(3)>, 69L<X509_get_version(3)>, 70L<X509_NAME_add_entry_by_txt(3)>, 71L<X509_NAME_ENTRY_get_object(3)>, 72L<X509_NAME_get_index_by_NID(3)>, 73L<X509_NAME_print_ex(3)>, 74L<X509_new(3)>, 75L<X509_sign(3)>, 76L<X509V3_get_d2i(3)>, 77L<X509_verify_cert(3)> 78 79=head1 COPYRIGHT 80 81Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 82 83Licensed under the Apache License 2.0 (the "License"). You may not use 84this file except in compliance with the License. You can obtain a copy 85in the file LICENSE in the source distribution or at 86L<https://www.openssl.org/source/license.html>. 87 88=cut 89