.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "OSSL_CMP_ITAV_NEW_CACERTS 3ssl" .TH OSSL_CMP_ITAV_NEW_CACERTS 3ssl 2024-10-23 3.4.0 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME OSSL_CMP_ITAV_new_caCerts, OSSL_CMP_ITAV_get0_caCerts, OSSL_CMP_ITAV_new_rootCaCert, OSSL_CMP_ITAV_get0_rootCaCert, OSSL_CMP_ITAV_new_rootCaKeyUpdate, OSSL_CMP_ITAV_get0_rootCaKeyUpdate, OSSL_CMP_CRLSTATUS_new1, OSSL_CMP_CRLSTATUS_create, OSSL_CMP_CRLSTATUS_get0, OSSL_CMP_ITAV_new0_crlStatusList, OSSL_CMP_ITAV_get0_crlStatusList, OSSL_CMP_ITAV_new_crls, OSSL_CMP_ITAV_get0_crls, OSSL_CMP_ITAV_new0_certReqTemplate, OSSL_CMP_ITAV_get1_certReqTemplate \&\- CMP utility functions for handling specific genm and genp messages .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); \& int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); \& \& OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); \& int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); \& OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, \& const X509 *newWithOld, \& const X509 *oldWithNew); \& int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, \& X509 **newWithNew, \& X509 **newWithOld, \& X509 **oldWithNew); \& \& OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, \& const GENERAL_NAMES *issuer, \& const ASN1_TIME *thisUpdate); \& OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, \& const X509 *cert, int only_DN); \& int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, \& DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, \& ASN1_TIME **thisUpdate); \& OSSL_CMP_ITAV \& *OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); \& int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, \& STACK_OF(OSSL_CMP_CRLSTATUS) **out); \& OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crl); \& int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *itav, STACK_OF(X509_CRL) **out); \& OSSL_CMP_ITAV \& *OSSL_CMP_ITAV_new0_certReqTemplate(OSSL_CRMF_CERTTEMPLATE *certTemplate, \& OSSL_CMP_ATAVS *keySpec); \& int OSSL_CMP_ITAV_get1_certReqTemplate(const OSSL_CMP_ITAV *itav, \& OSSL_CRMF_CERTTEMPLATE **certTemplate, \& OSSL_CMP_ATAVS **keySpec); .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" ITAV is short for InfoTypeAndValue. .PP \&\fBOSSL_CMP_ITAV_new_caCerts()\fR creates an \fBOSSL_CMP_ITAV\fR structure of type \&\fBcaCerts\fR and fills it with a copy of the provided list of certificates. The \fIcaCerts\fR argument may be NULL or contain any number of certificates. .PP \&\fBOSSL_CMP_ITAV_get0_caCerts()\fR requires that \fIitav\fR has type \fBcaCerts\fR. It assigns NULL to \fI*out\fR if there are no CA certificates in \fIitav\fR, otherwise the internal pointer of type \fBSTACK_OF(X509)\fR with the certificates present. .PP \&\fBOSSL_CMP_ITAV_new_rootCaCert()\fR creates a new \fBOSSL_CMP_ITAV\fR structure of type \fBrootCaCert\fR that includes the optionally given certificate. .PP \&\fBOSSL_CMP_ITAV_get0_rootCaCert()\fR requires that \fIitav\fR has type \fBrootCaCert\fR. It assigns NULL to \fI*out\fR if no certificate is included in \fIitav\fR, otherwise the internal pointer to the certificate contained in the infoValue field. .PP \&\fBOSSL_CMP_ITAV_new_rootCaKeyUpdate()\fR creates a new \fBOSSL_CMP_ITAV\fR structure of type \fBrootCaKeyUpdate\fR that includes an RootCaKeyUpdateContent structure with the optional \fInewWithNew\fR, \fInewWithOld\fR, and \fIoldWithNew\fR certificates. An RootCaKeyUpdateContent structure is included only if \fInewWithNew\fR is not NULL. .PP \&\fBOSSL_CMP_ITAV_get0_rootCaKeyUpdate()\fR requires that \fIitav\fR has infoType \&\fBrootCaKeyUpdate\fR. If an update of a root CA certificate is included, it assigns to \fI*newWithNew\fR the internal pointer to the certificate contained in the newWithNew infoValue sub-field of \fIitav\fR. If \fInewWithOld\fR is not NULL, it assigns to \fI*newWithOld\fR the internal pointer to the certificate contained in the newWithOld infoValue sub-field of \fIitav\fR. If \fIoldWithNew\fR is not NULL, it assigns to \fI*oldWithNew\fR the internal pointer to the certificate contained in the oldWithNew infoValue sub-field of \fIitav\fR. Each of these pointers will be set to NULL if no root CA certificate update is present or the respective sub-field is not included. .PP \&\fBOSSL_CMP_CRLSTATUS_new1()\fR allocates a new \fBOSSL_CMP_CRLSTATUS\fR structure that contains either a copy of the distribution point name \fIdpn\fR or a copy of the certificate issuer \fIissuer\fR, while giving both is an error. If given, a copy of the CRL issuance time \fIthisUpdate\fR is also included. .PP \&\fBOSSL_CMP_CRLSTATUS_create()\fR is a high-level variant of \fBOSSL_CMP_CRLSTATUS_new1()\fR. It fills the thisUpdate field with a copy of the thisUpdate field of \fIcrl\fR if present. It fills the CRLSource field with a copy of the first data item found using the \fIcrl\fR and/or \fIcert\fR parameters as follows. Any available distribution point name is preferred over issuer names. Data from \fIcert\fR, if present, is preferred over data from \fIcrl\fR. If no distribution point names are available, candidate issuer names are taken from following sources, as far as present: .PP \&\fBOSSL_CMP_ITAV_new0_certReqTemplate()\fR creates an \fBOSSL_CMP_ITAV\fR structure of type \fBcertReqTemplate\fR. If \fIcertTemplate\fR is NULL then also \fIkeySpec\fR must be NULL, and the resulting ITAV can be used in a \fBgenm\fR message to obtain the requirements a PKI has on the certificate template used to request certificates, or in a \fBgenp\fR message stating that there are no such requirements. Otherwise the resulting ITAV includes a CertReqTemplateValue structure with \fIcertTemplate\fR of type \fBOSSL_CRMF_CERTTEMPLATE\fR and an optional list of key specifications \fIkeySpec\fR, each being of type \fBOSSL_CMP_ATAV\fR, and the resulting ATAV can be used in a \fBgenp\fR message to provide requirements. .PP \&\fBOSSL_CMP_ITAV_get1_certReqTemplate()\fR requires that \fIitav\fR has type \fBcertReqTemplate\fR. If assigns NULL to \fI*certTemplate\fR if no \fBOSSL_CRMF_CERTTEMPLATE\fR structure with a certificate template value is in \fIitav\fR, otherwise a copy of the certTemplate field value. If \fIkeySpec\fR is not NULL, it is assigned NULL if the structure is not present in \fIitav\fR or the keySpec field is absent. Otherwise, the function checks that all elements of keySpec field are of type \&\fBalgId\fR or \fBrsaKeyLen\fR and assigns to \fI*keySpec\fR a copy of the keySpec field. .IP "the list of distribution points in the first cRLDistributionPoints extension of \fIcert\fR," 4 .IX Item "the list of distribution points in the first cRLDistributionPoints extension of cert," .PD 0 .IP "the issuer field of the authority key identifier of \fIcert\fR," 4 .IX Item "the issuer field of the authority key identifier of cert," .IP "the issuer DN of \fIcert\fR," 4 .IX Item "the issuer DN of cert," .IP "the issuer field of the authority key identifier of \fIcrl\fR, and" 4 .IX Item "the issuer field of the authority key identifier of crl, and" .IP "the issuer DN of \fIcrl\fR." 4 .IX Item "the issuer DN of crl." .PD .PP If is set, a candidate issuer name of type \fBGENERAL_NAMES\fR is accepted only if it contains exactly one general name of type directoryName. .PP \&\fBOSSL_CMP_CRLSTATUS_get0()\fR reads the fields of \fIcrlstatus\fR and assigns them to \fI*dpn\fR, \fI*issuer\fR, and \fI*thisUpdate\fR. \&\fI*thisUpdate\fR is assigned only if the \fIthisUpdate\fR argument is not NULL. Depending on the choice present, either \fI*dpn\fR or \fI*issuer\fR will be NULL. \&\fI*thisUpdate\fR can also be NULL if the field is not present. .PP \&\fBOSSL_CMP_ITAV_new0_crlStatusList()\fR creates a new \fBOSSL_CMP_ITAV\fR structure of type \fBcrlStatusList\fR that includes the optionally given list of CRL status data, each of which is of type \fBOSSL_CMP_CRLSTATUS\fR. .PP \&\fBOSSL_CMP_ITAV_get0_crlStatusList()\fR on success assigns to \fI*out\fR an internal pointer to the list of CRL status data in the infoValue field of \fIitav\fR. The pointer may be NULL if no CRL status data is included. It is an error if the infoType of \fIitav\fR is not \fBcrlStatusList\fR. .PP \&\fBOSSL_CMP_ITAV_new_crls()\fR creates a new \fBOSSL_CMP_ITAV\fR structure of type \fBcrls\fR including an empty list of CRLs if the \fIcrl\fR argument is NULL or including a singleton list a with copy of the provided CRL otherwise. .PP \&\fBOSSL_CMP_ITAV_get0_crls()\fR on success assigns to \fI*out\fR an internal pointer to the list of CRLs contained in the infoValue field of \fIitav\fR. The pointer may be NULL if no CRL is included. It is an error if the infoType of \fIitav\fR is not \fBcrls\fR. .SH NOTES .IX Header "NOTES" CMP is defined in RFC 4210. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_ITAV_new_caCerts()\fR, \fBOSSL_CMP_ITAV_new_rootCaCert()\fR, \&\fBOSSL_CMP_ITAV_new_rootCaKeyUpdate()\fR, \fBOSSL_CMP_CRLSTATUS_new1()\fR, \&\fBOSSL_CMP_CRLSTATUS_create()\fR, \fBOSSL_CMP_ITAV_new0_crlStatusList()\fR, \&\fBOSSL_CMP_ITAV_new_crls()\fR and \fBOSSL_CMP_ITAV_new0_certReqTemplate()\fR return a pointer to the new ITAV structure on success, or NULL on error. .PP \&\fBOSSL_CMP_ITAV_get0_caCerts()\fR, \fBOSSL_CMP_ITAV_get0_rootCaCert()\fR, \&\fBOSSL_CMP_ITAV_get0_rootCaKeyUpdate()\fR, \fBOSSL_CMP_CRLSTATUS_get0()\fR, \&\fBOSSL_CMP_ITAV_get0_crlStatusList()\fR, \fBOSSL_CMP_ITAV_get0_crls()\fR and \fBOSSL_CMP_ITAV_get1_certReqTemplate()\fR return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_CMP_ITAV_create\fR\|(3) and \fBOSSL_CMP_ITAV_get0_type\fR\|(3) .SH HISTORY .IX Header "HISTORY" \&\fBOSSL_CMP_ITAV_new_caCerts()\fR, \fBOSSL_CMP_ITAV_get0_caCerts()\fR, \&\fBOSSL_CMP_ITAV_new_rootCaCert()\fR, \fBOSSL_CMP_ITAV_get0_rootCaCert()\fR, \&\fBOSSL_CMP_ITAV_new_rootCaKeyUpdate()\fR, and \fBOSSL_CMP_ITAV_get0_rootCaKeyUpdate()\fR were added in OpenSSL 3.2. .PP \&\fBOSSL_CMP_CRLSTATUS_new1()\fR, \fBOSSL_CMP_CRLSTATUS_create()\fR, \&\fBOSSL_CMP_CRLSTATUS_get0()\fR, \fBOSSL_CMP_ITAV_new0_crlStatusList()\fR, \&\fBOSSL_CMP_ITAV_get0_crlStatusList()\fR, \fBOSSL_CMP_ITAV_new_crls()\fR, \&\fBOSSL_CMP_ITAV_get0_crls()\fR, \fBOSSL_CMP_ITAV_new0_certReqTemplate()\fR and \fBOSSL_CMP_ITAV_get1_certReqTemplate()\fR were added in OpenSSL 3.4. .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at .