diff options
author | Dr. David von Oheimb <dev@ddvo.net> | 2023-12-14 12:48:33 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2024-01-18 14:06:37 +0100 |
commit | 5df3f50caa15f860ed7bec560755ace73397df38 (patch) | |
tree | a25aee87c180f516cbdb0995ed20910a035a4aca | |
parent | 6220d0a7ac9309c1271a8a09d8551d95e7d5b857 (diff) |
X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
(cherry picked from commit 66adaf2b31bb51e00ffad784f60bdf195e5dd736)
-rw-r--r-- | doc/man3/X509_dup.pod | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 1c9e4b95bc..d7ff6ede9f 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -356,6 +356,15 @@ algorithms from providers. This created object can then be used when loading binary data using B<d2i_I<TYPE>>(). B<I<TYPE>_dup>() copies an existing object, leaving it untouched. +Note, however, that the internal representation of the object +may contain (besides the ASN.1 structure) further data, which is not copied. +For instance, an B<X509> object usually is augmented by cached information +on X.509v3 extensions, etc., and losing it can lead to wrong validation results. +To avoid such situations, better use B<I<TYPE>_up_ref>() if available. +For the case of B<X509> objects, an alternative to using L<X509_up_ref(3)> +may be to still call B<I<TYPE>_dup>(), e.g., I<copied_cert = X509_dup(cert)>, +followed by I<X509_check_purpose(copied_cert, -1, 0)>, +which re-builds the cached data. B<I<TYPE>_free>() releases the object and all pointers and sub-objects within it. @@ -373,6 +382,10 @@ the object or NULL on failure. B<I<TYPE>_print_ctx>() returns 1 on success or zero on failure. +=head1 SEE ALSO + +L<X509_up_ref(3)> + =head1 HISTORY The functions X509_REQ_new_ex(), X509_CRL_new_ex(), PKCS7_new_ex() and |