diff options
author | Paul Yang <yang.yang@baishancloud.com> | 2019-06-06 11:42:02 +0800 |
---|---|---|
committer | Paul Yang <yang.yang@baishancloud.com> | 2019-06-15 20:34:37 +0800 |
commit | ea5d4b89cc6f0273d5085f5902b68fc4aa32cb80 (patch) | |
tree | 483f45ef12d5a1868b65501000b325cce2db9835 | |
parent | ed29a5f72e0d43526e9e5e7e9ff7de478ee99a50 (diff) |
Add documentation for X509_cmp and related APIs
Fixes: #9088
Functions documented in this commit: X509_cmp, X509_NAME_cmp,
X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp,
X509_CRL_cmp, X509_CRL_match
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9091)
(cherry picked from commit 4bfe304ea85ed4b2b00dd0857ccf9bdeba4ce7b5)
-rw-r--r-- | doc/man3/X509_cmp.pod | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/doc/man3/X509_cmp.pod b/doc/man3/X509_cmp.pod new file mode 100644 index 0000000000..3cb16b2a81 --- /dev/null +++ b/doc/man3/X509_cmp.pod @@ -0,0 +1,80 @@ +=pod + +=head1 NAME + +X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +- compare X509 certificates and related values + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_cmp(const X509 *a, const X509 *b); + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); + int X509_issuer_name_cmp(const X509 *a, const X509 *b); + int X509_subject_name_cmp(const X509 *a, const X509 *b); + int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); + int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); + +=head1 DESCRIPTION + +This set of functions are used to compare X509 objects, including X509 +certificates, X509 CRL objects and various values in an X509 certificate. + +The X509_cmp() function compares two B<X509> objects indicated by parameters +B<a> and B<b>. The comparison is based on the B<memcmp> result of the hash +values of two B<X509> objects and the canonical (DER) encoding values. + +The X509_NAME_cmp() function compares two B<X509_NAME> objects indicated by +parameters B<a> and B<b>. The comparison is based on the B<memcmp> result of +the canonical (DER) encoding values of the two objects. L<i2d_X509_NAME(3)> +has a more detailed description of the DER encoding of the B<X509_NAME> structure. + +The X509_issuer_and_serial_cmp() function compares the serial number and issuer +values in the given B<X509> objects B<a> and B<b>. + +The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions +are effectively wrappers of the X509_NAME_cmp() function. These functions compare +issuer names and subject names of the X<509> objects, or issuers of B<X509_CRL> +objects, respectively. + +The X509_CRL_match() function compares two B<X509_CRL> objects. Unlike the +X509_CRL_cmp() function, this function compares the whole CRL content instead +of just the issuer name. + +=head1 RETURN VALUES + +Like common memory comparison functions, the B<X509> comparison functions return +an integer less than, equal to, or greater than zero if object B<a> is found to +be less than, to match, or be greater than object B<b>, respectively. + +X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), +X509_subject_name_cmp() and X509_CRL_cmp() may return B<-2> to indicate an error. + +=head1 NOTES + +These functions in fact utilize the underlying B<memcmp> of the C library to do +the comparison job. Data to be compared varies from DER encoding data, hash +value or B<ASN1_STRING>. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases. + +X509_NAME_cmp() and wrappers utilize the value B<-2> to indicate errors in some +circumstances, which could cause confusion for the applications. + +=head1 SEE ALSO + +L<i2d_X509_NAME(3)>, L<i2d_X509(3)> + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut |