GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
X509_CRL_METHOD_NEW(3) FreeBSD Library Functions Manual X509_CRL_METHOD_NEW(3)

X509_CRL_METHOD_new, X509_CRL_METHOD_free, X509_CRL_set_default_method, X509_CRL_set_meth_data, X509_CRL_get_meth_data
customize CRL handling

#include <openssl/x509.h>

X509_CRL_METHOD *
X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl), int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *ser, X509_NAME *issuer), int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));

void
X509_CRL_METHOD_free(X509_CRL_METHOD *method);

void
X509_CRL_set_default_method(const X509_CRL_METHOD *method);

void
X509_CRL_set_meth_data(X509_CRL *crl, void *data);

void *
X509_CRL_get_meth_data(X509_CRL *crl);

These functions customize BER decoding and signature verification of X.509 certificate revocation lists, as well as retrieval of revoked entries from such lists.

X509_CRL_METHOD_new() allocates and initializes a new X509_CRL_METHOD object, storing the four pointers to callback functions in it that are provided as arguments.

X509_CRL_METHOD_free() frees the given method object. If method is a NULL pointer or points to the static object built into the library, no action occurs.

X509_CRL_set_default_method() designates the given method to be used for objects that will be created with X509_CRL_new(3) in the future. It has no effect on X509_CRL objects that already exist. If method is NULL, any previously installed method will no longer be used for new X509_CRL objects created in the future, and those future objects will adhere to the default behaviour instead.

The optional function crl_init() will be called at the end of d2i_X509_CRL(3), the optional function crl_free() near the end of X509_CRL_free(3), immediately before freeing crl itself. The function crl_lookup() will be called by X509_CRL_get0_by_serial(3), setting issuer to NULL, and by X509_CRL_get0_by_cert(3), both instead of performing the default action. The function crl_verify() will be called by X509_CRL_verify(3) instead of performing the default action.

X509_CRL_set_meth_data() stores the pointer to the auxiliary data inside the crl object. The pointer is expected to remain valid during the whole lifetime of the crl object but is not automatically freed when the crl object is freed.

X509_CRL_get_meth_data() retrieves the data from crl the was added with X509_CRL_set_meth_data(). This may for example be useful inside the four callback methods installed with X509_CRL_METHOD_new().

X509_CRL_METHOD_new() returns a pointer to the new object or NULL if memory allocation fails.

X509_CRL_get_meth_data() returns the pointer previously installed with X509_CRL_set_meth_data() or NULL if X509_CRL_set_meth_data() was not called on crl.

The callback functions crl_init() and crl_free() are supposed to return 1 for success or 0 for failure.

The callback function crl_lookup() is supposed to return 0 for failure or 1 for success, except if the revoked entry has the reason “removeFromCRL”, in which case it is supposed to return 2.

The callback function crl_verify() is supposed to return 1 if the signature is valid or 0 if the signature check fails. If the signature could not be checked at all because it was invalid or some other error occurred, -1 may be returned.

ASN1_INTEGER_new(3), d2i_X509_CRL(3), EVP_PKEY_new(3), X509_CRL_get0_by_serial(3), X509_CRL_new(3), X509_CRL_verify(3), X509_NAME_new(3), X509_REVOKED_new(3)

These functions first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.
October 30, 2021 FreeBSD 13.1-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.