NAME¶

X509_OBJECT_get_type, X509_OBJECT_new, X509_OBJECT_up_ref_count, X509_OBJECT_free_contents, X509_OBJECT_free, X509_OBJECT_get0_X509, X509_OBJECT_get0_X509_CRL, X509_OBJECT_idx_by_subject, X509_OBJECT_retrieve_by_subject, X509_OBJECT_retrieve_match — certificate, CRL, private key, and string wrapper for certificate stores

SYNOPSIS¶

#include <openssl/x509_vfy.h>

X509_LOOKUP_TYPE
X509_OBJECT_get_type(const X509_OBJECT *obj);

X509_OBJECT *
X509_OBJECT_new(void);

int
X509_OBJECT_up_ref_count(X509_OBJECT *obj);

void
X509_OBJECT_free_contents(X509_OBJECT *obj);

void
X509_OBJECT_free(X509_OBJECT *obj);

X509 *
X509_OBJECT_get0_X509(const X509_OBJECT *obj);

X509_CRL *
X509_OBJECT_get0_X509_CRL(X509_OBJECT *obj);

int
X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *stack, X509_LOOKUP_TYPE type, X509_NAME *name);

X509_OBJECT *
X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *stack, X509_LOOKUP_TYPE type, X509_NAME *name);

X509_OBJECT *
X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *stack, X509_OBJECT *obj);

DESCRIPTION¶

The X509_OBJECT structure is a shallow wrapper around one X509 certificate object or one X509_CRL certificate revocation list object. The type of object stored at any given time can be inspected with X509_OBJECT_get_type().

Each X509_STORE object uses one stack of X509_OBJECT structures as its main storage area.

X509_OBJECT_new() allocates a new X509_OBJECT structure. It sets the object type to X509_LU_NONE and the pointer to the certificate or CRL to NULL.

If obj contains an X509 certificate or an X509_CRL certificate revocation list, X509_OBJECT_up_ref_count() increments the reference count of that inner object by 1. Otherwise, no action occurs.

If obj contains an X509 certificate, X509_OBJECT_free_contents() calls X509_free(3) on that inner object. If obj contains an X509_CRL certificate revocation list, it calls X509_CRL_free(3) on that inner list. Otherwise, no action occurs. X509_OBJECT_free_contents() does not free obj itself.

X509_OBJECT_free() calls X509_OBJECT_free_contents() and then frees the storage used for the obj itself.

If type is X509_LU_X509, X509_OBJECT_idx_by_subject() and X509_OBJECT_retrieve_by_subject() search the given stack for a certificate with the subject name. If type is X509_LU_CRL, they search for a certificate revocation list with the issuer name instead.

If obj contains a certificate, X509_OBJECT_retrieve_match() searches the given stack for a certificate with a matching subject name; if it contains a certificate revocation list, it searches for a certificate revocation list with a matching issuer name instead; otherwise, it searches for an X509_OBJECT with a matching type.

RETURN VALUES¶

X509_OBJECT_get_type() returns X509_LU_X509 if obj contains a certificate, X509_LU_CRL if it contains a certificate revocation list, or X509_LU_NONE if it contains neither.

X509_OBJECT_up_ref_count() returns 1 on success and 0 on failure.

X509_OBJECT_new() returns the new object or NULL if memory allocation fails.

X509_OBJECT_get0_X509() returns an internal pointer to the certificate contained in obj or NULL if obj is NULL or contains no certificate.

X509_OBJECT_get0_X509_CRL() returns an internal pointer to the certificate revocation list contained in obj or NULL if obj is NULL or contains no certificate revocation list.

X509_OBJECT_idx_by_subject() returns the zero-based index of the first matching certificate or revocation list in the stack or -1 if type is neither X509_LU_X509 nor X509_LU_CRL or if no match is found.

X509_OBJECT_retrieve_by_subject() returns the first matching certificate or revocation list in the stack or NULL if type is neither X509_LU_X509 nor X509_LU_CRL or if no match is found.

X509_OBJECT_retrieve_match() returns the first matching X509_OBJECT or NULL if stack or obj is NULL or no match is found.

SEE ALSO¶

STACK_OF(3), X509_CRL_new(3), X509_LOOKUP_new(3), X509_NAME_new(3), X509_new(3), X509_STORE_get0_objects(3), X509_STORE_get_by_subject(3), X509_STORE_load_locations(3), X509_STORE_new(3)

HISTORY¶

X509_OBJECT_up_ref_count() and X509_OBJECT_free_contents() first appeared in SSLeay 0.8.0 and have been available since OpenBSD 2.4.

X509_OBJECT_idx_by_subject(), X509_OBJECT_retrieve_by_subject(), and X509_OBJECT_retrieve_match() first appeared in OpenSSL 0.9.6 and have been available since OpenBSD 2.9.

X509_OBJECT_get_type(), X509_OBJECT_get0_X509(), and X509_OBJECT_get0_X509_CRL() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.

X509_OBJECT_new() and X509_OBJECT_free() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.1.