Sortix volatile manual
This manual documents Sortix volatile, a development build that has not been officially released. You can instead view this document in the latest official manual.
| X509_CMP(3) | Library Functions Manual | X509_CMP(3) |
NAME
X509_cmp,
X509_NAME_cmp,
X509_issuer_and_serial_cmp,
X509_issuer_name_cmp,
X509_subject_name_cmp,
X509_CRL_cmp, X509_CRL_match
— compare X.509 certificates and related
values
SYNOPSIS
#include
<openssl/x509.h>
int
X509_cmp(const X509 *a,
const X509 *b);
int
X509_NAME_cmp(const X509_NAME
*a, const X509_NAME *b);
int
X509_issuer_and_serial_cmp(const X509
*a, const X509 *b);
int
X509_issuer_name_cmp(const X509
*a, const X509 *b);
int
X509_subject_name_cmp(const X509
*a, const X509 *b);
int
X509_CRL_cmp(const X509_CRL *a,
const X509_CRL *b);
int
X509_CRL_match(const X509_CRL
*a, const X509_CRL *b);
DESCRIPTION
X509_cmp()
compares two X.509 certificates using
memcmp(3) on the hashes of
their canonical (DER) representations as generated with
X509_digest(3). The
digest function is implementation-specific: LibreSSL uses SHA-512, other
implementations use SHA-1.
X509_NAME_cmp()
compares two X.501 Name objects using their canonical
(DER) representations generated with
i2d_X509_NAME(3).
X509_issuer_and_serial_cmp()
compares the issuer and
serialNumber fields of two
TBSCertificate structures, using
X509_NAME_cmp() for the issuer
fields.
X509_issuer_name_cmp()
compares the issuer fields of two
TBSCertificate structures using
X509_NAME_cmp().
X509_subject_name_cmp()
compares the subject fields of two
TBSCertificate structures using
X509_NAME_cmp().
X509_CRL_cmp()
is misnamed; it only compares the issuer fields of two
TBSCertList structures using
X509_NAME_cmp().
X509_CRL_match()
compares two certificate revocation lists using
memcmp(3) on the hashes of
their canonical (DER) representations as generated with
X509_CRL_digest(3).
The digest function is implementation-specific: LibreSSL uses SHA-512, other
implementations use SHA-1.
RETURN VALUES
All these functions return 0 to indicate a match or a non-zero value to indicate a mismatch.
X509_NAME_cmp(),
X509_issuer_and_serial_cmp(),
X509_issuer_name_cmp(),
X509_subject_name_cmp() and
X509_CRL_cmp() may return -2 to indicate an
error.
SEE ALSO
i2d_X509_NAME(3), X509_CRL_new(3), X509_digest(3), X509_NAME_new(3), X509_new(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- section 4.1: Basic Certificate Fields
- section 5.1: CRL Fields
HISTORY
X509_issuer_and_serial_cmp(),
X509_issuer_name_cmp(), and
X509_subject_name_cmp() first appeared in SSLeay
0.5.1 and X509_NAME_cmp() and
X509_CRL_cmp() in SSLeay 0.8.0. These functions have
been available since OpenBSD 2.4.
X509_cmp() first appeared in OpenSSL 0.9.5
and has been available since OpenBSD 2.7.
X509_CRL_match() first appeared in OpenSSL
1.0.0 and has been available since OpenBSD 4.9.
BUGS
For X509_NAME_cmp(),
X509_issuer_and_serial_cmp(),
X509_issuer_name_cmp(),
X509_subject_name_cmp() and
X509_CRL_cmp(), the return value -2 sometimes
indicates a mismatch and sometimes an error.
| June 7, 2024 | Sortix 1.1.0-dev |