DragonFly On-Line Manual Pages
X509_CMP(3) OpenSSL X509_CMP(3)
X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp,
X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp,
X509_CRL_match - compare X509 certificates and related values
int X509_cmp(const X509 *a, const X509 *b);
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
int X509_issuer_name_cmp(const X509 *a, const X509 *b);
int X509_subject_name_cmp(const X509 *a, const X509 *b);
int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
This set of functions are used to compare X509 objects, including X509
certificates, X509 CRL objects and various values in an X509
The X509_cmp() function compares two X509 objects indicated by
parameters a and b. The comparison is based on the memcmp result of the
hash values of two X509 objects and the canonical (DER) encoding
The X509_NAME_cmp() function compares two X509_NAME objects indicated
by parameters a and b. The comparison is based on the memcmp result of
the canonical (DER) encoding values of the two objects.
i2d_X509_NAME(3) has a more detailed description of the DER encoding of
the X509_NAME structure.
The X509_issuer_and_serial_cmp() function compares the serial number
and issuer values in the given X509 objects a and b.
The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp()
functions are effectively wrappers of the X509_NAME_cmp() function.
These functions compare issuer names and subject names of the objects,
or issuers of X509_CRL objects, respectively.
The X509_CRL_match() function compares two X509_CRL objects. Unlike the
X509_CRL_cmp() function, this function compares the whole CRL content
instead of just the issuer name.
Like common memory comparison functions, the X509 comparison functions
return an integer less than, equal to, or greater than zero if object a
is found to be less than, to match, or be greater than object b,
X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(),
X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an
These functions in fact utilize the underlying memcmp of the C library
to do the comparison job. Data to be compared varies from DER encoding
data, hash value or ASN1_STRING. The sign of the comparison can be used
to order the objects but it does not have a special meaning in some
X509_NAME_cmp() and wrappers utilize the value -2 to indicate errors in
some circumstances, which could cause confusion for the applications.
Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
1.1.1v 2023-08-01 X509_CMP(3)