1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_NEW 3ssl"
.TH X509_NEW 3ssl 2024-01-30 3.2.1 OpenSSL
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
X509_new, X509_new_ex,
X509_free, X509_up_ref,
X509_chain_up_ref,
OSSL_STACK_OF_X509_free
\&\- X509 certificate ASN1 allocation and deallocation functions
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509.h>
\&
\& X509 *X509_new(void);
\& X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
\& void X509_free(X509 *a);
\& int X509_up_ref(X509 *a);
\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
\& void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
The X509 ASN1 allocation routines, allocate and free an
X509 structure, which represents an X509 certificate.
.PP
\&\fBX509_new_ex()\fR allocates and initializes a X509 structure with a
library context of \fIlibctx\fR, property query of \fIpropq\fR and a reference
count of \fB1\fR. Many X509 functions such as \fBX509_check_purpose()\fR, and
\&\fBX509_verify()\fR use this library context to select which providers supply the
fetched algorithms (SHA1 is used internally). This created X509 object can then
be used when loading binary data using \fBd2i_X509()\fR.
.PP
\&\fBX509_new()\fR is similar to \fBX509_new_ex()\fR but sets the library context
and property query to NULL. This results in the default (NULL) library context
being used for any X509 operations requiring algorithm fetches.
.PP
\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and
frees it up if the reference count is zero. If \fBa\fR is NULL nothing is done.
.PP
\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR.
.PP
\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in
chain \fBx\fR and returns a copy of the stack, or an empty stack if \fBa\fR is NULL.
.PP
\&\fBOSSL_STACK_OF_X509_free()\fR deallocates the given list of pointers to
certificates after calling \fBX509_free()\fR on all its elements.
.SH NOTES
.IX Header "NOTES"
The function \fBX509_up_ref()\fR if useful if a certificate structure is being
used by several different operations each of which will free it up after
use: this avoids the need to duplicate the entire certificate structure.
.PP
The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of
each certificate. It also returns a copy of the stack, using \fBsk_X509_dup()\fR,
but it serves a similar purpose: the returned chain persists after the
original has been freed.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fBX509_new()\fR returns NULL and sets an error
code that can be obtained by \fBERR_get_error\fR\|(3).
Otherwise it returns a pointer to the newly allocated structure.
.PP
\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure.
.PP
\&\fBX509_chain_up_ref()\fR returns a copy of the stack or NULL if an error occurred.
.PP
\&\fBOSSL_STACK_OF_X509_free()\fR has no return value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBd2i_X509\fR\|(3),
\&\fBERR_get_error\fR\|(3),
\&\fBX509_CRL_get0_by_serial\fR\|(3),
\&\fBX509_get0_signature\fR\|(3),
\&\fBX509_get_ext_d2i\fR\|(3),
\&\fBX509_get_extension_flags\fR\|(3),
\&\fBX509_get_pubkey\fR\|(3),
\&\fBX509_get_subject_name\fR\|(3),
\&\fBX509_get_version\fR\|(3),
\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
\&\fBX509_NAME_get_index_by_NID\fR\|(3),
\&\fBX509_NAME_print_ex\fR\|(3),
\&\fBX509_sign\fR\|(3),
\&\fBX509V3_get_d2i\fR\|(3),
\&\fBX509_verify_cert\fR\|(3)
.SH HISTORY
.IX Header "HISTORY"
\&\fBX509_new_ex()\fR was added in OpenSSL 3.0.
.PP
\&\fBOSSL_STACK_OF_X509_free()\fR was added in OpenSSL 3.2.
.SH COPYRIGHT
.IX Header "COPYRIGHT"
Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
|