NAME

SYNOPSIS

int
X509_print_ex(BIO *bio, X509 *x, unsigned long nameflags, unsigned long skipflags);

int
X509_CERT_AUX_print(BIO *bio, X509_CERT_AUX *aux, int indent);

int
X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nameflags, unsigned long skipflags);

int
X509_print(BIO *bio, X509 *x);

int
X509_print_fp(FILE *fp, X509 *x);

DESCRIPTION

By default, the following blocks of information are printed in the following order. Each block can be skipped by setting the corresponding bit in skipflags, provided in parentheses after each block description.

• A pair of lines reading “Certificate:” and “Data:” containing no information. (X509_FLAG_NO_HEADER)
• The certificate version number as defined by the standard, followed in parentheses by the value contained in the version field in hexadecimal notation. See X509_get_version(3) for details. (X509_FLAG_NO_VERSION)
• The serial number of the certificate as returned by X509_get_serialNumber(3). If it is not -1 and converting it to long succeeds, it is printed in both decimal and hexadecimal format. If it is -1, too wide to fit in long, or conversion fails, it is printed byte-by-byte in hexadecimal notation. (X509_FLAG_NO_SERIAL)
• The name of the signature algorithm is printed with X509_signature_print(3). (X509_FLAG_NO_SIGNAME)
• The issuer name returned by X509_get_issuer_name(3) is printed with X509_NAME_print_ex(3). (X509_FLAG_NO_ISSUER)
• The validity period from X509_get_notBefore(3) to X509_get_notAfter(3) is printed using ASN1_TIME_print(3). (X509_FLAG_NO_VALIDITY)
• The subject name returned from X509_get_subject_name(3) is printed with X509_NAME_print_ex(3). (X509_FLAG_NO_SUBJECT)
• The public key algorithm is printed with i2a_ASN1_OBJECT(3), and the public key returned from X509_get_pubkey(3) with EVP_PKEY_print_public(3). (X509_FLAG_NO_PUBKEY)
• All X.509 extensions contained in the certificate are printed with X509V3_extensions_print(3). (X509_FLAG_NO_EXTENSIONS)
• The signature is printed with X509_signature_print(3). (X509_FLAG_NO_SIGDUMP)
• Non-standard auxiliary data associated with the certificate is printed using the function X509_CERT_AUX_print() documented below. (X509_FLAG_NO_AUX)

The nameflags argument modifies the format for printing X.501 Name objects contained in x. It is passed through to X509_NAME_print_ex(3). If nameflags is X509_FLAG_COMPAT, the indent argument of X509_NAME_print_ex(3) is set to 16 spaces and the traditional SSLeay format generated by X509_NAME_print(3) is used. Otherwise, if the only bit set in XN_FLAG_SEP_MASK is XN_FLAG_SEP_MULTILINE, indent is set to 12 spaces. Otherwise, indent is set to zero.

X509_CERT_AUX_print() prints information contained in aux to bio in human-readable form with a left margin of indent spaces. If aux is NULL, it prints nothing.

Information is printed in the following order:

• Purposes the certificate is intended to be used for as set with X509_add1_trust_object(3), each printed with OBJ_obj2txt(3).
• Purposes the certificate is explicitly not intended to be used for as set with X509_add1_reject_object(3), again each printed with OBJ_obj2txt(3).
• If aux contains data set with X509_alias_set1(3), the raw bytes are printed in unencoded form.
• If aux contains data set with X509_keyid_set1(3), the bytes are printed in hexadecimal notation with colons in between.

X509_print_ex_fp() is similar to X509_print_ex() except that it prints to fp.

X509_print() and X509_print_fp() are wrapper functions setting the nameflags to XN_FLAG_COMPAT and the skipflags to X509_FLAG_COMPAT.

RETURN VALUES

X509_CERT_AUX_print() always returns 1 and silently ignores write errors.

SEE ALSO

HISTORY

X509_CERT_AUX_print() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7.

X509_print_ex() and X509_print_ex_fp() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

BUGS