1 .\" $OpenBSD: d2i_X509.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $
2 .\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000
4 .\" This file is a derived work.
5 .\" The changes are covered by the following Copyright and license:
7 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
9 .\" Permission to use, copy, modify, and distribute this software for any
10 .\" purpose with or without fee is hereby granted, provided that the above
11 .\" copyright notice and this permission notice appear in all copies.
13 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 .\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
22 .\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project.
23 .\" All rights reserved.
25 .\" Redistribution and use in source and binary forms, with or without
26 .\" modification, are permitted provided that the following conditions
29 .\" 1. Redistributions of source code must retain the above copyright
30 .\" notice, this list of conditions and the following disclaimer.
32 .\" 2. Redistributions in binary form must reproduce the above copyright
33 .\" notice, this list of conditions and the following disclaimer in
34 .\" the documentation and/or other materials provided with the
37 .\" 3. All advertising materials mentioning features or use of this
38 .\" software must display the following acknowledgment:
39 .\" "This product includes software developed by the OpenSSL Project
40 .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
42 .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43 .\" endorse or promote products derived from this software without
44 .\" prior written permission. For written permission, please contact
45 .\" openssl-core@openssl.org.
47 .\" 5. Products derived from this software may not be called "OpenSSL"
48 .\" nor may "OpenSSL" appear in their names without prior written
49 .\" permission of the OpenSSL Project.
51 .\" 6. Redistributions of any form whatsoever must retain the following
53 .\" "This product includes software developed by the OpenSSL Project
54 .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
56 .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57 .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59 .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
60 .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61 .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65 .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
69 .Dd $Mdocdate: March 27 2018 $
81 .Nm d2i_X509_CERT_AUX ,
82 .Nm i2d_X509_CERT_AUX ,
87 .Nd decode and encode X.509 certificates
93 .Fa "const unsigned char **der_in"
99 .Fa "unsigned char **der_out"
124 .Fa "const unsigned char **der_in"
130 .Fa "unsigned char **der_out"
133 .Fo d2i_X509_CERT_AUX
134 .Fa "X509_CERT_AUX **val_out"
135 .Fa "const unsigned char **der_in"
139 .Fo i2d_X509_CERT_AUX
140 .Fa "X509_CERT_AUX *val_in"
141 .Fa "unsigned char **der_out"
145 .Fa "X509_CINF **val_out"
146 .Fa "const unsigned char **der_in"
151 .Fa "X509_CINF *val_in"
152 .Fa "unsigned char **der_out"
156 .Fa "X509_VAL **val_out"
157 .Fa "const unsigned char **der_in"
162 .Fa "X509_VAL *val_in"
163 .Fa "unsigned char **der_out"
166 These functions decode and encode X.509 certificates
167 and some of their substructures.
168 For details about the semantics, examples, caveats, and bugs, see
169 .Xr ASN1_item_d2i 3 .
174 decode and encode an ASN.1
176 structure defined in RFC 5280 section 4.1.
183 are similar except that they decode or encode using a
192 but the input is expected to consist of an X.509 certificate followed
193 by auxiliary trust information.
194 This is used by the PEM routines to read TRUSTED CERTIFICATE objects.
195 This function should not be called on untrusted input.
200 but the encoded output contains both the certificate and any auxiliary
202 This is used by the PEM routines to write TRUSTED CERTIFICATE objects.
203 Note that this is a non-standard OpenSSL-specific data format.
205 .Fn d2i_X509_CERT_AUX
207 .Fn i2d_X509_CERT_AUX
208 decode and encode optional non-standard auxiliary data appended to
209 a certificate, for example friendly alias names and trust data.
214 decode and encode an ASN.1
216 structure defined in RFC 5280 section 4.1.
221 decode and encode an ASN.1
223 structure defined in RFC 5280 section 4.1.
236 .Fn d2i_X509_CERT_AUX ,
245 object, respectively, or
251 .Fn i2d_X509_CERT_AUX ,
255 return the number of bytes successfully encoded or a negative value
261 return 1 for success or 0 if an error occurs.
263 For all functions, the error code can be obtained by
264 .Xr ERR_get_error 3 .
266 .Xr ASN1_item_d2i 3 ,
267 .Xr X509_CINF_new 3 ,
270 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
271 Certificate Revocation List (CRL) Profile
282 first appeared in SSLeay 0.5.1.
286 first appeared in SSLeay 0.6.0.
287 These functions have been available since
292 .Fn d2i_X509_CERT_AUX ,
294 .Fn i2d_X509_CERT_AUX
295 first appeared in OpenSSL 0.9.5 and have been available since