1.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $ 2.\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100 3.\" 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 5.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in 16.\" the documentation and/or other materials provided with the 17.\" distribution. 18.\" 19.\" 3. All advertising materials mentioning features or use of this 20.\" software must display the following acknowledgment: 21.\" "This product includes software developed by the OpenSSL Project 22.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 23.\" 24.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25.\" endorse or promote products derived from this software without 26.\" prior written permission. For written permission, please contact 27.\" openssl-core@openssl.org. 28.\" 29.\" 5. Products derived from this software may not be called "OpenSSL" 30.\" nor may "OpenSSL" appear in their names without prior written 31.\" permission of the OpenSSL Project. 32.\" 33.\" 6. Redistributions of any form whatsoever must retain the following 34.\" acknowledgment: 35.\" "This product includes software developed by the OpenSSL Project 36.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 37.\" 38.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49.\" OF THE POSSIBILITY OF SUCH DAMAGE. 50.\" 51.Dd $Mdocdate: March 6 2024 $ 52.Dt X509_CRL_GET0_BY_SERIAL 3 53.Os 54.Sh NAME 55.Nm X509_CRL_get0_by_serial , 56.Nm X509_CRL_get0_by_cert , 57.Nm X509_CRL_get_REVOKED , 58.Nm X509_CRL_add0_revoked , 59.Nm X509_CRL_sort 60.Nd add, sort, and retrieve CRL entries 61.Sh SYNOPSIS 62.In openssl/x509.h 63.Ft int 64.Fo X509_CRL_get0_by_serial 65.Fa "X509_CRL *crl" 66.Fa "X509_REVOKED **ret" 67.Fa "ASN1_INTEGER *serial" 68.Fc 69.Ft int 70.Fo X509_CRL_get0_by_cert 71.Fa "X509_CRL *crl" 72.Fa "X509_REVOKED **ret" 73.Fa "X509 *x" 74.Fc 75.Ft STACK_OF(X509_REVOKED) * 76.Fo X509_CRL_get_REVOKED 77.Fa "X509_CRL *crl" 78.Fc 79.Ft int 80.Fo X509_CRL_add0_revoked 81.Fa "X509_CRL *crl" 82.Fa "X509_REVOKED *rev" 83.Fc 84.Ft int 85.Fo X509_CRL_sort 86.Fa "X509_CRL *crl" 87.Fc 88.Sh DESCRIPTION 89.Fn X509_CRL_get0_by_serial 90attempts to find a revoked entry in 91.Fa crl 92for serial number 93.Fa serial . 94If it is successful, it sets 95.Pf * Fa ret 96to the internal pointer of the matching entry. 97Consequently, 98.Pf * Fa ret 99must not be freed up after the call. 100.Pp 101.Fn X509_CRL_get0_by_cert 102is similar to 103.Fn X509_CRL_get0_by_serial 104except that it looks for a revoked entry using the serial number 105of certificate 106.Fa x . 107.Pp 108.Fn X509_CRL_get_REVOKED 109returns an internal pointer to a stack of all revoked entries for 110.Fa crl . 111.Pp 112.Fn X509_CRL_add0_revoked 113appends revoked entry 114.Fa rev 115to CRL 116.Fa crl . 117The pointer 118.Fa rev 119is used internally so it must not be freed up after the call: it is 120freed when the parent CRL is freed. 121.Pp 122.Fn X509_CRL_sort 123sorts the revoked entries of 124.Fa crl 125into ascending serial number order. 126.Pp 127Applications can determine the number of revoked entries returned by 128.Fn X509_CRL_get_revoked 129using 130.Fn sk_X509_REVOKED_num 131and examine each one in turn using 132.Fn sk_X509_REVOKED_value , 133both defined in 134.In openssl/safestack.h . 135.Sh RETURN VALUES 136.Fn X509_CRL_get0_by_serial 137and 138.Fn X509_CRL_get0_by_cert 139return 0 for failure or 1 for success, except if the revoked entry 140has the reason 141.Qq removeFromCRL , 142in which case 2 is returned. 143.Pp 144The 145.Fn X509_CRL_add0_revoked 146function returns 1 if successful; 147otherwise 0 is returned and an error code can be retrieved with 148.Xr ERR_get_error 3 . 149.Pp 150.Fn X509_CRL_sort 151returns 1 for success or 0 for failure. 152The current implementation cannot fail. 153.Pp 154.Fn X509_CRL_get_REVOKED 155returns a STACK of revoked entries. 156.Sh SEE ALSO 157.Xr d2i_X509_CRL 3 , 158.Xr X509_CRL_get_ext 3 , 159.Xr X509_CRL_get_issuer 3 , 160.Xr X509_CRL_get_version 3 , 161.Xr X509_CRL_new 3 , 162.Xr X509_REVOKED_new 3 , 163.Xr X509V3_get_d2i 3 164.Sh HISTORY 165.Fn X509_CRL_get_REVOKED 166first appeared in OpenSSL 0.9.2b and has been available since 167.Ox 2.6 . 168.Pp 169.Fn X509_CRL_add0_revoked 170and 171.Fn X509_CRL_sort 172first appeared in OpenSSL 0.9.7 and have been available since 173.Ox 3.2 . 174.Pp 175.Fn X509_CRL_get0_by_serial 176and 177.Fn X509_CRL_get0_by_cert 178first appeared in OpenSSL 1.0.0 and have been available since 179.Ox 4.9 . 180