| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame^] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | X509_cmp, X509_NAME_cmp, |
| 6 | X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, |
| 7 | X509_CRL_cmp, X509_CRL_match |
| 8 | - compare X509 certificates and related values |
| 9 | |
| 10 | =head1 SYNOPSIS |
| 11 | |
| 12 | #include <openssl/x509.h> |
| 13 | |
| 14 | int X509_cmp(const X509 *a, const X509 *b); |
| 15 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); |
| 16 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); |
| 17 | int X509_issuer_name_cmp(const X509 *a, const X509 *b); |
| 18 | int X509_subject_name_cmp(const X509 *a, const X509 *b); |
| 19 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); |
| 20 | int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); |
| 21 | |
| 22 | =head1 DESCRIPTION |
| 23 | |
| 24 | This set of functions are used to compare X509 objects, including X509 |
| 25 | certificates, X509 CRL objects and various values in an X509 certificate. |
| 26 | |
| 27 | The X509_cmp() function compares two B<X509> objects indicated by parameters |
| 28 | B<a> and B<b>. The comparison is based on the B<memcmp> result of the hash |
| 29 | values of two B<X509> objects and the canonical (DER) encoding values. |
| 30 | |
| 31 | The X509_NAME_cmp() function compares two B<X509_NAME> objects indicated by |
| 32 | parameters B<a> and B<b>. The comparison is based on the B<memcmp> result of |
| 33 | the canonical (DER) encoding values of the two objects. L<i2d_X509_NAME(3)> |
| 34 | has a more detailed description of the DER encoding of the B<X509_NAME> structure. |
| 35 | |
| 36 | The X509_issuer_and_serial_cmp() function compares the serial number and issuer |
| 37 | values in the given B<X509> objects B<a> and B<b>. |
| 38 | |
| 39 | The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions |
| 40 | are effectively wrappers of the X509_NAME_cmp() function. These functions compare |
| 41 | issuer names and subject names of the X<509> objects, or issuers of B<X509_CRL> |
| 42 | objects, respectively. |
| 43 | |
| 44 | The X509_CRL_match() function compares two B<X509_CRL> objects. Unlike the |
| 45 | X509_CRL_cmp() function, this function compares the whole CRL content instead |
| 46 | of just the issuer name. |
| 47 | |
| 48 | =head1 RETURN VALUES |
| 49 | |
| 50 | Like common memory comparison functions, the B<X509> comparison functions return |
| 51 | an integer less than, equal to, or greater than zero if object B<a> is found to |
| 52 | be less than, to match, or be greater than object B<b>, respectively. |
| 53 | |
| 54 | X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), |
| 55 | X509_subject_name_cmp() and X509_CRL_cmp() may return B<-2> to indicate an error. |
| 56 | |
| 57 | =head1 NOTES |
| 58 | |
| 59 | These functions in fact utilize the underlying B<memcmp> of the C library to do |
| 60 | the comparison job. Data to be compared varies from DER encoding data, hash |
| 61 | value or B<ASN1_STRING>. The sign of the comparison can be used to order the |
| 62 | objects but it does not have a special meaning in some cases. |
| 63 | |
| 64 | X509_NAME_cmp() and wrappers utilize the value B<-2> to indicate errors in some |
| 65 | circumstances, which could cause confusion for the applications. |
| 66 | |
| 67 | =head1 SEE ALSO |
| 68 | |
| 69 | L<i2d_X509_NAME(3)>, L<i2d_X509(3)> |
| 70 | |
| 71 | =head1 COPYRIGHT |
| 72 | |
| 73 | Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. |
| 74 | |
| 75 | Licensed under the Apache License 2.0 (the "License"). You may not use |
| 76 | this file except in compliance with the License. You can obtain a copy |
| 77 | in the file LICENSE in the source distribution or at |
| 78 | L<https://www.openssl.org/source/license.html>. |
| 79 | |
| 80 | =cut |