221 lines
9.1 KiB
HTML
Executable File
221 lines
9.1 KiB
HTML
Executable File
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>X509_LOOKUP</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<ul>
|
|
|
|
<li><a href="#control_commands">Control Commands</a></li>
|
|
</ul>
|
|
|
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>X509_LOOKUP, X509_LOOKUP_TYPE,
|
|
X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init,
|
|
X509_LOOKUP_shutdown,
|
|
X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data,
|
|
X509_LOOKUP_ctrl,
|
|
X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_add_store,
|
|
X509_LOOKUP_load_store,
|
|
X509_LOOKUP_get_store, X509_LOOKUP_by_subject,
|
|
X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint,
|
|
X509_LOOKUP_by_alias
|
|
- OpenSSL certificate lookup mechanisms</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<pre>
|
|
#include <openssl/x509_vfy.h></pre>
|
|
<pre>
|
|
typedef x509_lookup_st X509_LOOKUP;</pre>
|
|
<pre>
|
|
typedef enum X509_LOOKUP_TYPE;</pre>
|
|
<pre>
|
|
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
|
|
int X509_LOOKUP_init(X509_LOOKUP *ctx);
|
|
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
|
|
void X509_LOOKUP_free(X509_LOOKUP *ctx);</pre>
|
|
<pre>
|
|
int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
|
|
void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);</pre>
|
|
<pre>
|
|
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
|
|
long argl, char **ret);
|
|
int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
|
|
int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
|
|
int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri);
|
|
int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri);</pre>
|
|
<pre>
|
|
X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);</pre>
|
|
<pre>
|
|
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
|
|
X509_NAME *name, X509_OBJECT *ret);
|
|
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
|
|
X509_NAME *name, ASN1_INTEGER *serial,
|
|
X509_OBJECT *ret);
|
|
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
|
|
const unsigned char *bytes, int len,
|
|
X509_OBJECT *ret);
|
|
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
|
|
const char *str, int len, X509_OBJECT *ret);</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>The <strong>X509_LOOKUP</strong> structure holds the information needed to look up
|
|
certificates and CRLs according to an associated <em>X509_LOOKUP_METHOD(3)</em>.
|
|
Multiple <strong>X509_LOOKUP</strong> instances can be added to an <em>X509_STORE(3)</em>
|
|
to enable lookup in that store.</p>
|
|
<p>X509_LOOKUP_new() creates a new <strong>X509_LOOKUP</strong> using the given lookup
|
|
<em>method</em>.
|
|
It can also be created by calling <em>X509_STORE_add_lookup(3)</em>, which
|
|
will associate a <strong>X509_STORE</strong> with the lookup mechanism.</p>
|
|
<p>X509_LOOKUP_init() initializes the internal state and resources as
|
|
needed by the given <strong>X509_LOOKUP</strong> to do its work.</p>
|
|
<p>X509_LOOKUP_shutdown() tears down the internal state and resources of
|
|
the given <strong>X509_LOOKUP</strong>.</p>
|
|
<p>X509_LOOKUP_free() destructs the given <strong>X509_LOOKUP</strong>.</p>
|
|
<p>X509_LOOKUP_set_method_data() and X509_LOOKUP_get_method_data()
|
|
associates and retrieves a pointer to application data to and from the
|
|
given <strong>X509_LOOKUP</strong>, respectively.</p>
|
|
<p>X509_LOOKUP_ctrl() is used to set or get additional data to or from a
|
|
<strong>X509_LOOKUP</strong> structure or its associated <em>X509_LOOKUP_METHOD(3)</em>.
|
|
The arguments of the control command are passed via <em>argc</em> and <em>argl</em>,
|
|
its return value via <em>*ret</em>.
|
|
The meaning of the arguments depends on the <em>cmd</em> number of the
|
|
control command. In general, this function is not called directly, but
|
|
wrapped by a macro call, see below.
|
|
The control <em>cmd</em>s known to OpenSSL are discussed in more depth
|
|
in <a href="#control_commands">Control Commands</a>.</p>
|
|
<p>X509_LOOKUP_load_file() passes a filename to be loaded immediately
|
|
into the associated <strong>X509_STORE</strong>.
|
|
<em>type</em> indicates what type of object is expected.
|
|
This can only be used with a lookup using the implementation
|
|
<em>X509_LOOKUP_file(3)</em>.</p>
|
|
<p>X509_LOOKUP_add_dir() passes a directory specification from which
|
|
certificates and CRLs are loaded on demand into the associated
|
|
<strong>X509_STORE</strong>.
|
|
<em>type</em> indicates what type of object is expected.
|
|
This can only be used with a lookup using the implementation
|
|
<em>X509_LOOKUP_hash_dir(3)</em>.</p>
|
|
<p>X509_LOOKUP_add_store() passes a URI for a directory-like structure
|
|
from which containers with certificates and CRLs are loaded on demand
|
|
into the associated <strong>X509_STORE</strong>.
|
|
X509_LOOKUP_load_store() passes a URI for a single container from
|
|
which certificates and CRLs are immediately loaded into the associated
|
|
<strong>X509_STORE</strong>.
|
|
These functions can only be used with a lookup using the
|
|
implementation <em>X509_LOOKUP_store(3)</em>.</p>
|
|
<p>X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(),
|
|
X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented
|
|
as macros that use X509_LOOKUP_ctrl().</p>
|
|
<p>X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(),
|
|
X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up
|
|
certificates and CRLs in the <em>X509_STORE(3)</em> associated with the
|
|
<strong>X509_LOOKUP</strong> using different criteria, where the looked up object is
|
|
stored in <em>ret</em>.
|
|
Some of the underlying <strong>X509_LOOKUP_METHOD</strong>s will also cache objects
|
|
matching the criteria in the associated <strong>X509_STORE</strong>, which makes it
|
|
possible to handle cases where the criteria have more than one hit.</p>
|
|
<p>
|
|
</p>
|
|
<h2><a name="control_commands">Control Commands</a></h2>
|
|
<p>The <strong>X509_LOOKUP_METHOD</strong>s built into OpenSSL recognise the following
|
|
X509_LOOKUP_ctrl() <em>cmd</em>s:</p>
|
|
<dl>
|
|
<dt><strong><a name="x509_l_file_load" class="item"><strong>X509_L_FILE_LOAD</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the command that X509_LOOKUP_load_file() uses.
|
|
The filename is passed in <em>argc</em>, and the type in <em>argl</em>.</p>
|
|
</dd>
|
|
<dt><strong><a name="x509_l_add_dir" class="item"><strong>X509_L_ADD_DIR</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the command that X509_LOOKUP_add_dir() uses.
|
|
The directory specification is passed in <em>argc</em>, and the type in
|
|
<em>argl</em>.</p>
|
|
</dd>
|
|
<dt><strong><a name="x509_l_add_store" class="item"><strong>X509_L_ADD_STORE</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the command that X509_LOOKUP_add_store() uses.
|
|
The URI is passed in <em>argc</em>.</p>
|
|
</dd>
|
|
<dt><strong><a name="x509_l_load_store" class="item"><strong>X509_L_LOAD_STORE</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the command that X509_LOOKUP_load_store() uses.
|
|
The URI is passed in <em>argc</em>.</p>
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
|
<p>X509_LOOKUP_new() returns a <strong>X509_LOOKUP</strong> pointer when successful,
|
|
or NULL on error.</p>
|
|
<p>X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or
|
|
0 on error.</p>
|
|
<p>X509_LOOKUP_ctrl() returns -1 if the <strong>X509_LOOKUP</strong> doesn't have an
|
|
associated <strong>X509_LOOKUP_METHOD</strong>, or 1 if the
|
|
doesn't have a control function.
|
|
Otherwise, it returns what the control function in the
|
|
<strong>X509_LOOKUP_METHOD</strong> returns, which is usually 1 on success and 0 in
|
|
error.</p>
|
|
<p>X509_LOOKUP_get_store() returns a <strong>X509_STORE</strong> pointer if there is
|
|
one, otherwise NULL.</p>
|
|
<p>X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(),
|
|
X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0
|
|
if there is no <strong>X509_LOOKUP_METHOD</strong> or that method doesn't implement
|
|
the corresponding function.
|
|
Otherwise, it returns what the corresponding function in the
|
|
<strong>X509_LOOKUP_METHOD</strong> returns, which is usually 1 on success and 0 in
|
|
error.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>X509_LOOKUP_METHOD(3)</em>, <em>X509_STORE(3)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|