diff options
Diffstat (limited to 'secure/lib/libcrypto/man/d2i_X509.3')
-rw-r--r-- | secure/lib/libcrypto/man/d2i_X509.3 | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index fc2a852..fa12c9f 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_X509 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,6 +154,8 @@ i2d_X509_fp \- X509 encode and decode functions \& \& int i2d_X509_bio(BIO *bp, X509 *x); \& int i2d_X509_fp(FILE *fp, X509 *x); +\& +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -196,11 +198,17 @@ returns 1 for success and 0 for failure. \&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it returns 1 for success and 0 for failure. +.PP +\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509()\fR except it encodes +only the TBSCertificate portion of the certificate. .SH "NOTES" .IX Header "NOTES" The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for -\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that -\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0 +\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So +\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0 The \*(L"re\*(R" in +\&\fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", and ensures that a fresh +encoding is generated in case the object has been modified after +creation (see the \s-1BUGS\s0 section). .PP The functions can also understand \fB\s-1BER\s0\fR forms. .PP @@ -351,6 +359,21 @@ then the encoded structure may contain invalid data or omit the fields entirely and will not be parsed by \fId2i_X509()\fR. This may be fixed in future so code should not assume that \fIi2d_X509()\fR will always succeed. +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +Any function which encodes an X509 structure such as \fIi2d_X509()\fR, +\&\fIi2d_X509_fp()\fR or \fIi2d_X509_bio()\fR may return a stale encoding if the +\&\fBX509\fR structure has been modified after deserialization or previous +serialization. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fIi2d_re_X509_tbs()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure |