If the return value is negative an error occurred, otherwise it
returns the length of the encoded data.
-For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
+If B<*out> is B<NULL> memory will be
allocated for a buffer and the encoded data written to it. In this
case B<*out> is not incremented and it points to the start of the
data just written.
errors.
The reason for the auto increment behaviour is to reflect a typical
-usage of ASN1 functions: after one structure is encoded or decoded if (a != NULL)
- (*a) = ret;
+usage of ASN1 functions: after one structure is encoded or decoded
another will processed after it.
=head1 EXAMPLES
Allocate and encode the DER encoding of an X509 structure:
- int len;
- unsigned char *buf, *p;
-
- len = i2d_X509(x, NULL);
-
- buf = OPENSSL_malloc(len);
-
- if (buf == NULL)
- /* error */
-
- p = buf;
-
- i2d_X509(x, &p);
-
-If you are using OpenSSL 0.9.7 or later then this can be
-simplified to:
-
-
int len;
unsigned char *buf;
buf = NULL;
-
len = i2d_X509(x, &buf);
-
if (len < 0)
/* error */
Attempt to decode a buffer:
X509 *x;
-
unsigned char *buf, *p;
-
int len;
/* Something to setup buf and len */
-
p = buf;
-
x = d2i_X509(NULL, &p, len);
if (x == NULL)
Alternative technique:
X509 *x;
-
unsigned char *buf, *p;
-
int len;
/* Something to setup buf and len */
-
p = buf;
-
x = NULL;
- if(!d2i_X509(&x, &p, len))
+ if (!d2i_X509(&x, &p, len))
/* Some error */
unsigned char *buf;
len = i2d_X509(x, NULL);
-
buf = OPENSSL_malloc(len);
-
if (buf == NULL)
/* error */
i2d_X509(x, &buf);
-
/* Other stuff ... */
-
OPENSSL_free(buf);
This code will result in B<buf> apparently containing garbage because
Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
and the subsequent call to B<OPENSSL_free()> may well crash.
-The auto allocation feature (setting buf to NULL) only works on OpenSSL
-0.9.7 and later. Attempts to use it on earlier versions will typically
-cause a segmentation violation.
-
Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
X509 *x;
i2d_X509() will not return an error in many versions of OpenSSL,
if mandatory fields are not initialized due to a programming error
-then the encoded structure may contain invalid data or omit the if (a != NULL)
- (*a) = ret;
+then the encoded structure may contain invalid data or omit the
fields entirely and will not be parsed by d2i_X509(). This may be
fixed in future so code should not assume that i2d_X509() will
always succeed.
d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
+L<ERR_get_error(3)>. If the "reuse" capability has been used
with a valid X509 structure being passed in via B<px> then the object is not
freed in the event of error but may be in a potentially invalid or inconsistent
state.
i2d_X509() returns the number of bytes successfully encoded or a negative
value if an error occurs. The error code can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
+L<ERR_get_error(3)>.
i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
-occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+occurs The error code can be obtained by L<ERR_get_error(3)>.
=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
-are available in all versions of SSLeay and OpenSSL.
+L<ERR_get_error(3)>
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
=cut