| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| Richard Levitte | 4e46a7a | 2020-01-31 15:35:46 +0100 | [diff] [blame] | 5 | X509_LOOKUP_METHOD, |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 6 | X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, |
| 7 | X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, |
| 8 | X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, |
| 9 | X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, |
| 10 | X509_LOOKUP_meth_get_shutdown, |
| 11 | X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, |
| 12 | X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, |
| 13 | X509_LOOKUP_meth_get_get_by_subject, |
| 14 | X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, |
| 15 | X509_LOOKUP_meth_get_get_by_issuer_serial, |
| 16 | X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, |
| 17 | X509_LOOKUP_meth_get_get_by_fingerprint, |
| 18 | X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, |
| 19 | X509_LOOKUP_meth_get_get_by_alias, |
| Richard Levitte | 4e46a7a | 2020-01-31 15:35:46 +0100 | [diff] [blame] | 20 | X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 21 | - Routines to build up X509_LOOKUP methods |
| 22 | |
| 23 | =head1 SYNOPSIS |
| 24 | |
| 25 | #include <openssl/x509_vfy.h> |
| 26 | |
| Richard Levitte | 4e46a7a | 2020-01-31 15:35:46 +0100 | [diff] [blame] | 27 | typedef x509_lookup_method_st X509_LOOKUP_METHOD; |
| 28 | |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 29 | X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); |
| 30 | void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); |
| 31 | |
| 32 | int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, |
| 33 | int (*new_item) (X509_LOOKUP *ctx)); |
| 34 | int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) |
| 35 | (X509_LOOKUP *ctx); |
| 36 | |
| 37 | int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, |
| 38 | void (*free) (X509_LOOKUP *ctx)); |
| 39 | void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) |
| 40 | (X509_LOOKUP *ctx); |
| 41 | |
| 42 | int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, |
| 43 | int (*init) (X509_LOOKUP *ctx)); |
| 44 | int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) |
| 45 | (X509_LOOKUP *ctx); |
| 46 | |
| 47 | int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, |
| 48 | int (*shutdown) (X509_LOOKUP *ctx)); |
| 49 | int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) |
| 50 | (X509_LOOKUP *ctx); |
| 51 | |
| 52 | typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, |
| 53 | long argl, char **ret); |
| 54 | int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, |
| 55 | X509_LOOKUP_ctrl_fn ctrl_fn); |
| 56 | X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); |
| 57 | |
| 58 | typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, |
| 59 | X509_LOOKUP_TYPE type, |
| Dr. David von Oheimb | 8cc86b8 | 2020-03-23 08:30:37 +0100 | [diff] [blame] | 60 | const X509_NAME *name, |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 61 | X509_OBJECT *ret); |
| 62 | int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, |
| 63 | X509_LOOKUP_get_by_subject_fn fn); |
| 64 | X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( |
| 65 | const X509_LOOKUP_METHOD *method); |
| 66 | |
| 67 | typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, |
| 68 | X509_LOOKUP_TYPE type, |
| Dr. David von Oheimb | 8cc86b8 | 2020-03-23 08:30:37 +0100 | [diff] [blame] | 69 | const X509_NAME *name, |
| 70 | const ASN1_INTEGER *serial, |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 71 | X509_OBJECT *ret); |
| 72 | int X509_LOOKUP_meth_set_get_by_issuer_serial( |
| 73 | X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); |
| 74 | X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( |
| 75 | const X509_LOOKUP_METHOD *method); |
| 76 | |
| 77 | typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, |
| 78 | X509_LOOKUP_TYPE type, |
| 79 | const unsigned char* bytes, |
| 80 | int len, |
| 81 | X509_OBJECT *ret); |
| 82 | int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, |
| 83 | X509_LOOKUP_get_by_fingerprint_fn fn); |
| 84 | X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( |
| 85 | const X509_LOOKUP_METHOD *method); |
| 86 | |
| 87 | typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, |
| 88 | X509_LOOKUP_TYPE type, |
| 89 | const char *str, |
| 90 | int len, |
| 91 | X509_OBJECT *ret); |
| 92 | int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, |
| 93 | X509_LOOKUP_get_by_alias_fn fn); |
| 94 | X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( |
| 95 | const X509_LOOKUP_METHOD *method); |
| 96 | |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 97 | int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); |
| 98 | int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); |
| 99 | |
| 100 | =head1 DESCRIPTION |
| 101 | |
| 102 | The B<X509_LOOKUP_METHOD> type is a structure used for the implementation of new |
| 103 | X509_LOOKUP types. It provides a set of functions used by OpenSSL for the |
| 104 | implementation of various X509 and X509_CRL lookup capabilities. One instance |
| 105 | of an X509_LOOKUP_METHOD can be associated to many instantiations of an |
| 106 | B<X509_LOOKUP> structure. |
| 107 | |
| 108 | X509_LOOKUP_meth_new() creates a new B<X509_LOOKUP_METHOD> structure. It should |
| 109 | be given a human-readable string containing a brief description of the lookup |
| 110 | method. |
| 111 | |
| 112 | X509_LOOKUP_meth_free() destroys a B<X509_LOOKUP_METHOD> structure. |
| 113 | |
| 114 | X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the |
| 115 | function that is called when an B<X509_LOOKUP> object is created with |
| 116 | X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP |
| 117 | specific data, the supplied new_item function should allocate this data and |
| Richard Levitte | 4e46a7a | 2020-01-31 15:35:46 +0100 | [diff] [blame] | 118 | invoke L<X509_LOOKUP_set_method_data(3)>. |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 119 | |
| 120 | X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function |
| 121 | that is used to free any method data that was allocated and set from within |
| 122 | new_item function. |
| 123 | |
| 124 | X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the |
| 125 | function that is used to initialize the method data that was set with |
| Richard Levitte | 4e46a7a | 2020-01-31 15:35:46 +0100 | [diff] [blame] | 126 | L<X509_LOOKUP_set_method_data(3)> as part of the new_item routine. |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 127 | |
| 128 | X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set |
| 129 | the function that is used to shut down the method data whose state was |
| 130 | previously initialized in the init function. |
| 131 | |
| 132 | X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a |
| 133 | function to be used to handle arbitrary control commands issued by |
| 134 | X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP |
| 135 | B<ctx>, along with the arguments passed by X509_LOOKUP_ctrl. B<cmd> is |
| 136 | an arbitrary integer that defines some operation. B<argc> is a pointer |
| 137 | to an array of characters. B<argl> is an integer. B<ret>, if set, |
| 138 | points to a location where any return data should be written to. How |
| 139 | B<argc> and B<argl> are used depends entirely on the control function. |
| 140 | |
| 141 | |
| 142 | X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), |
| 143 | X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set |
| 144 | the functions used to retrieve an X509 or X509_CRL object by the object's |
| 145 | subject, issuer, fingerprint, and alias respectively. These functions are given |
| 146 | the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters |
| 147 | related to the lookup, and an X509_OBJECT that will receive the requested |
| 148 | object. |
| 149 | |
| Richard Levitte | 19f43f0 | 2019-04-15 17:30:11 +0200 | [diff] [blame] | 150 | Implementations must add objects they find to the B<X509_STORE> object |
| 151 | using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments |
| 152 | its reference count. However, the X509_STORE_CTX_get_by_subject() |
| 153 | function also increases the reference count which leads to one too |
| Gustaf Neumann | 8c1cbc7 | 2020-06-29 21:13:07 +0200 | [diff] [blame] | 154 | many references being held. Therefore, applications should |
| Richard Levitte | 19f43f0 | 2019-04-15 17:30:11 +0200 | [diff] [blame] | 155 | additionally call X509_free() or X509_CRL_free() to decrement the |
| 156 | reference count again. |
| 157 | |
| 158 | Implementations should also use either X509_OBJECT_set1_X509() or |
| 159 | X509_OBJECT_set1_X509_CRL() to set the result. Note that this also |
| 160 | increments the result's reference count. |
| 161 | |
| 162 | Any method data that was created as a result of the new_item function |
| 163 | set by X509_LOOKUP_meth_set_new_item() can be accessed with |
| Richard Levitte | 4e46a7a | 2020-01-31 15:35:46 +0100 | [diff] [blame] | 164 | L<X509_LOOKUP_get_method_data(3)>. The B<X509_STORE> object that owns the |
| 165 | X509_LOOKUP may be accessed with L<X509_LOOKUP_get_store(3)>. Successful |
| 166 | lookups should return 1, and unsuccessful lookups should return 0. |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 167 | |
| 168 | X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), |
| 169 | X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve |
| 170 | the function set by the corresponding setter. |
| 171 | |
| 172 | =head1 RETURN VALUES |
| 173 | |
| 174 | The B<X509_LOOKUP_meth_set> functions return 1 on success or 0 on error. |
| 175 | |
| 176 | The B<X509_LOOKUP_meth_get> functions return the corresponding function |
| 177 | pointers. |
| 178 | |
| 179 | =head1 SEE ALSO |
| 180 | |
| 181 | L<X509_STORE_new(3)>, L<SSL_CTX_set_cert_store(3)> |
| 182 | |
| 183 | =head1 HISTORY |
| 184 | |
| 185 | The functions described here were added in OpenSSL 1.1.0i. |
| 186 | |
| 187 | =head1 COPYRIGHT |
| 188 | |
| Matt Caswell | 33388b4 | 2020-04-23 13:55:52 +0100 | [diff] [blame] | 189 | Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 190 | |
| Richard Levitte | 4746f25 | 2018-12-06 14:04:44 +0100 | [diff] [blame] | 191 | Licensed under the Apache License 2.0 (the "License"). You may not use |
| Mingtao Yang | 0124f32 | 2018-02-09 10:23:18 -0800 | [diff] [blame] | 192 | this file except in compliance with the License. You can obtain a copy |
| 193 | in the file LICENSE in the source distribution or at |
| 194 | L<https://www.openssl.org/source/license.html>. |
| 195 | |
| 196 | =cut |
