DragonFly On-Line Manual Pages

Search: Section:  


X509_CMP(3)           DragonFly Library Functions Manual           X509_CMP(3)

NAME

X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match - compare X.509 certificates and related values

SYNOPSIS

#include <openssl/x509.h> int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); int X509_issuer_name_cmp(const X509 *a, const X509 *b); int X509_subject_name_cmp(const X509 *a, const X509 *b); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);

DESCRIPTION

X509_cmp() compares two X.509 certificates using memcmp(3) on the SHA1 hashes of their canonical (DER) representations as generated with X509_digest(3). X509_NAME_cmp() compares two X.501 Name objects using their canonical (DER) representations generated with i2d_X509_NAME(3). X509_issuer_and_serial_cmp() compares the issuer and serialNumber fields of two TBSCertificate structures, using X509_NAME_cmp() for the issuer fields. X509_issuer_name_cmp() compares the issuer fields of two TBSCertificate structures using X509_NAME_cmp(). X509_subject_name_cmp() compares the subject fields of two TBSCertificate structures using X509_NAME_cmp(). X509_CRL_cmp() is misnamed; it only compares the issuer fields of two TBSCertList structures using X509_NAME_cmp(). X509_CRL_match() compares two certificate revocation lists using memcmp(3) on the SHA1 hashes of their canonical (DER) representations as generated with X509_CRL_digest(3).

RETURN VALUES

All these functions return 0 to indicate a match or a non-zero value to indicate a mismatch. X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

SEE ALSO

i2d_X509_NAME(3), X509_CRL_new(3), X509_digest(3), X509_NAME_new(3), X509_new(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - section 4.1: Basic Certificate Fields - section 5.1: CRL Fields

HISTORY

X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), and X509_subject_name_cmp() first appeared in SSLeay 0.5.1 and X509_NAME_cmp() and X509_CRL_cmp() in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4. X509_cmp() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7. X509_CRL_match() first appeared in OpenSSL 1.0.0 and has been available since OpenBSD 4.9.

BUGS

For X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp(), the return value -2 sometimes indicates a mismatch and sometimes an error. DragonFly 5.9-DEVELOPMENT August 20, 2019 DragonFly 5.9-DEVELOPMENT

Search: Section: