GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
X509_CMP(3) FreeBSD Library Functions Manual X509_CMP(3)

X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_matchcompare X.509 certificates and related values

#include <openssl/x509.h>

int
X509_cmp(const X509 *a, const X509 *b);

int
X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);

int
X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);

int
X509_issuer_name_cmp(const X509 *a, const X509 *b);

int
X509_subject_name_cmp(const X509 *a, const X509 *b);

int
X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);

int
X509_CRL_match(const X509_CRL *a, const X509_CRL *b);

() compares two X.509 certificates using memcmp(3) on the hashes of their canonical (DER) representations as generated with X509_digest(3). The digest function is implementation-specific: LibreSSL uses SHA-512, other implementations use SHA-1.

() compares two X.501 Name objects using their canonical (DER) representations generated with i2d_X509_NAME(3).

() compares the issuer and serialNumber fields of two TBSCertificate structures, using X509_NAME_cmp() for the issuer fields.

() compares the issuer fields of two TBSCertificate structures using X509_NAME_cmp().

() compares the subject fields of two TBSCertificate structures using X509_NAME_cmp().

() is misnamed; it only compares the issuer fields of two TBSCertList structures using X509_NAME_cmp().

() compares two certificate revocation lists using memcmp(3) on the hashes of their canonical (DER) representations as generated with X509_CRL_digest(3). The digest function is implementation-specific: LibreSSL uses SHA-512, other implementations use SHA-1.

All these functions return 0 to indicate a match or a non-zero value to indicate a mismatch.

X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

i2d_X509_NAME(3), X509_CRL_new(3), X509_digest(3), X509_NAME_new(3), X509_new(3)

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

  • section 4.1: Basic Certificate Fields
  • section 5.1: CRL Fields

X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), and X509_subject_name_cmp() first appeared in SSLeay 0.5.1 and X509_NAME_cmp() and X509_CRL_cmp() in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4.

X509_cmp() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7.

X509_CRL_match() first appeared in OpenSSL 1.0.0 and has been available since OpenBSD 4.9.

For X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp(), the return value -2 sometimes indicates a mismatch and sometimes an error.

June 7, 2024 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.