|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| X509_PRINT_EX(3) | FreeBSD Library Functions Manual | X509_PRINT_EX(3) |
NAME
X509_print_ex,
X509_CERT_AUX_print,
X509_print_ex_fp,
X509_print, X509_print_fp
— pretty-print an X.509 certificate
SYNOPSIS
#include
<openssl/x509.h>
int
X509_print_ex(BIO *bio,
X509 *x, unsigned long
nameflags, unsigned long skipflags);
int
X509_CERT_AUX_print(BIO *bio,
X509_CERT_AUX *aux, int
indent);
int
X509_print_ex_fp(FILE *fp,
X509 *x, unsigned long
nameflags, unsigned long skipflags);
int
X509_print(BIO *bio,
X509 *x);
int
X509_print_fp(FILE *fp,
X509 *x);
DESCRIPTION
X509_print_ex()
prints information contained in x to
bio in human-readable form. Printing is aborted as
soon as any operation fails, with the exception that failures while
attempting to decode or print the public key, the X.509 version 3
extensions, or non-standard auxiliary data are not considered as errors.
By default, the following blocks of information are printed in the following order. Each block can be skipped by setting the corresponding bit in skipflags, provided in parentheses after each block description.
- A pair of lines reading "Certificate:" and "Data:"
containing no information.
(
X509_FLAG_NO_HEADER) - The certificate version number as defined by the standard, followed in
parentheses by the value contained in the version field in hexadecimal
notation. See
X509_get_version(3)
for details. (
X509_FLAG_NO_VERSION) - The serial number of the certificate as returned by
X509_get_serialNumber(3).
If it is not -1 and converting it to long succeeds,
it is printed in both decimal and hexadecimal format. If it is -1, too
wide to fit in long, or conversion fails, it is
printed byte-by-byte in hexadecimal notation.
(
X509_FLAG_NO_SERIAL) - The name of the signature algorithm is printed with
X509_signature_print(3).
(
X509_FLAG_NO_SIGNAME) - The issuer name returned by
X509_get_issuer_name(3)
is printed with
X509_NAME_print_ex(3).
(
X509_FLAG_NO_ISSUER) - The validity period from
X509_get_notBefore(3)
to
X509_get_notAfter(3)
is printed using
ASN1_TIME_print(3).
(
X509_FLAG_NO_VALIDITY) - The subject name returned from
X509_get_subject_name(3)
is printed with
X509_NAME_print_ex(3).
(
X509_FLAG_NO_SUBJECT) - The public key algorithm is printed with
i2a_ASN1_OBJECT(3),
and the public key returned from
X509_get_pubkey(3)
with
EVP_PKEY_print_public(3).
(
X509_FLAG_NO_PUBKEY) - All X.509 extensions contained in the certificate are printed with
X509V3_extensions_print(3).
(
X509_FLAG_NO_EXTENSIONS) - The signature is printed with
X509_signature_print(3).
(
X509_FLAG_NO_SIGDUMP) - Non-standard auxiliary data associated with the
certificate is printed using the function
X509_CERT_AUX_print() documented below. (X509_FLAG_NO_AUX)
The nameflags argument modifies the format
for printing X.501 Name objects contained in
x. It is passed through to
X509_NAME_print_ex(3).
If nameflags is
X509_FLAG_COMPAT, the indent
argument of
X509_NAME_print_ex(3)
is set to 16 spaces and the traditional SSLeay format is used. Otherwise, if
the only bit set in XN_FLAG_SEP_MASK is
XN_FLAG_SEP_MULTILINE, indent
is set to 12 spaces. Otherwise, indent is set to
zero.
X509_CERT_AUX_print()
prints information contained in aux to
bio in human-readable form with a left margin of
indent spaces. If aux is
NULL, it prints nothing.
Information is printed in the following order:
- Purposes the certificate is intended to be used for as set with X509_add1_trust_object(3), each printed with OBJ_obj2txt(3).
- Purposes the certificate is explicitly not intended to be used for as set with X509_add1_reject_object(3), again each printed with OBJ_obj2txt(3).
- If aux contains data set with X509_alias_set1(3), the raw bytes are printed in unencoded form.
- If aux contains data set with X509_keyid_set1(3), the bytes are printed in hexadecimal notation with colons in between.
X509_print_ex_fp()
is similar to X509_print_ex() except that it prints
to fp.
X509_print()
and
X509_print_fp()
are wrapper functions setting the nameflags to
XN_FLAG_COMPAT and the
skipflags to
X509_FLAG_COMPAT.
RETURN VALUES
X509_print_ex(),
X509_print_ex_fp(),
X509_print(), and
X509_print_fp() return 1 if all requested
information was successfully printed, even if failures occurred while
attempting to decode or print the public key or X.509 version 3 extensions,
or 0 if any other operation failed.
X509_CERT_AUX_print() always returns 1 and
silently ignores write errors.
SEE ALSO
BIO_new(3), X509_CERT_AUX_new(3), X509_CRL_print(3), X509_new(3), X509_REQ_print_ex(3)
HISTORY
X509_print() first appeared in SSLeay
0.5.1 and was changed to print to a BIO in SSLeay
0.6.0. X509_print_fp() first appeared in SSLeay
0.6.0. Both functions have been available since OpenBSD
2.4.
X509_CERT_AUX_print() first appeared in
OpenSSL 0.9.5 and has been available since OpenBSD
2.7.
X509_print_ex() and
X509_print_ex_fp() first appeared in OpenSSL 0.9.7
and have been available since OpenBSD 3.2.
BUGS
If arbitrary data was stored into x using X509_alias_set1(3), these functions may print binary data and even NUL bytes.
| March 9, 2025 | FreeBSD 14.3-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.