1. Manuals
  2. Tumbleweed
  3. libressl-devel-doc
  4. X509_issuer_name_cmp(3ssl)

Scroll to navigation

X509_CMP(3) Library Functions Manual X509_CMP(3)

NAME

X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_matchcompare X.509 certificates and related values

SYNOPSIS

#include <openssl/x509.h>

int
X509_cmp(const X509 *a, const X509 *b);

int
X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);

int
X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);

int
X509_issuer_name_cmp(const X509 *a, const X509 *b);

int
X509_subject_name_cmp(const X509 *a, const X509 *b);

int
X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);

int
X509_CRL_match(const X509_CRL *a, const X509_CRL *b);

DESCRIPTION

() compares two X.509 certificates using memcmp(3) on the hashes of their canonical (DER) representations as generated with X509_digest(3). The digest function is implementation-specific: LibreSSL uses SHA-512, other implementations use SHA-1.

() compares two X.501 Name objects using their canonical (DER) representations generated with i2d_X509_NAME(3).

() compares the issuer and serialNumber fields of two TBSCertificate structures, using X509_NAME_cmp() for the issuer fields.

() compares the issuer fields of two TBSCertificate structures using X509_NAME_cmp().

() compares the subject fields of two TBSCertificate structures using X509_NAME_cmp().

() is misnamed; it only compares the issuer fields of two TBSCertList structures using X509_NAME_cmp().

() compares two certificate revocation lists using memcmp(3) on the hashes of their canonical (DER) representations as generated with X509_CRL_digest(3). The digest function is implementation-specific: LibreSSL uses SHA-512, other implementations use SHA-1.

RETURN VALUES

All these functions return 0 to indicate a match or a non-zero value to indicate a mismatch.

X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

SEE ALSO

i2d_X509_NAME(3), X509_CRL_new(3), X509_digest(3), X509_NAME_new(3), X509_new(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

  • section 4.1: Basic Certificate Fields
  • section 5.1: CRL Fields

HISTORY

X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), and X509_subject_name_cmp() first appeared in SSLeay 0.5.1 and X509_NAME_cmp() and X509_CRL_cmp() in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4.

X509_cmp() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7.

X509_CRL_match() first appeared in OpenSSL 1.0.0 and has been available since OpenBSD 4.9.

BUGS

For X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp(), the return value -2 sometimes indicates a mismatch and sometimes an error.

June 7, 2024 Linux 6.4.0-150600.23.25-default