doc/man3/X509_LOOKUP_meth_new.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item,
   6 X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free,
   7 X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init,
   8 X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown,
   9 X509_LOOKUP_meth_get_shutdown,
  10 X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl,
  11 X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject,
  12 X509_LOOKUP_meth_get_get_by_subject,
  13 X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial,
  14 X509_LOOKUP_meth_get_get_by_issuer_serial,
  15 X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint,
  16 X509_LOOKUP_meth_get_get_by_fingerprint,
  17 X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias,
  18 X509_LOOKUP_meth_get_get_by_alias,
  19 X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data,
  20 X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL
  21 - Routines to build up X509_LOOKUP methods
  22
  23 =head1 SYNOPSIS
  24
  25  #include <openssl/x509_vfy.h>
  26
  27  X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
  28  void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
  29
  30  int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
  31                                    int (*new_item) (X509_LOOKUP *ctx));
  32  int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
  33      (X509_LOOKUP *ctx);
  34
  35  int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
  36                                void (*free) (X509_LOOKUP *ctx));
  37  void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
  38      (X509_LOOKUP *ctx);
  39
  40  int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
  41                                int (*init) (X509_LOOKUP *ctx));
  42  int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
  43      (X509_LOOKUP *ctx);
  44
  45  int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
  46                                    int (*shutdown) (X509_LOOKUP *ctx));
  47  int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
  48      (X509_LOOKUP *ctx);
  49
  50  typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
  51                                     long argl, char **ret);
  52  int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
  53      X509_LOOKUP_ctrl_fn ctrl_fn);
  54  X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
  55
  56  typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
  57                                               X509_LOOKUP_TYPE type,
  58                                               X509_NAME *name,
  59                                               X509_OBJECT *ret);
  60  int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
  61      X509_LOOKUP_get_by_subject_fn fn);
  62  X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
  63      const X509_LOOKUP_METHOD *method);
  64
  65  typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
  66                                                     X509_LOOKUP_TYPE type,
  67                                                     X509_NAME *name,
  68                                                     ASN1_INTEGER *serial,
  69                                                     X509_OBJECT *ret);
  70  int X509_LOOKUP_meth_set_get_by_issuer_serial(
  71      X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
  72  X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
  73      const X509_LOOKUP_METHOD *method);
  74
  75  typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
  76                                                   X509_LOOKUP_TYPE type,
  77                                                   const unsigned char* bytes,
  78                                                   int len,
  79                                                   X509_OBJECT *ret);
  80  int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
  81      X509_LOOKUP_get_by_fingerprint_fn fn);
  82  X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
  83      const X509_LOOKUP_METHOD *method);
  84
  85  typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
  86                                             X509_LOOKUP_TYPE type,
  87                                             const char *str,
  88                                             int len,
  89                                             X509_OBJECT *ret);
  90  int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
  91      X509_LOOKUP_get_by_alias_fn fn);
  92  X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
  93      const X509_LOOKUP_METHOD *method);
  94
  95  int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
  96  void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
  97
  98  X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
  99
 100  int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
 101  int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 102
 103 =head1 DESCRIPTION
 104
 105 The B<X509_LOOKUP_METHOD> type is a structure used for the implementation of new
 106 X509_LOOKUP types. It provides a set of functions used by OpenSSL for the
 107 implementation of various X509 and X509_CRL lookup capabilities. One instance
 108 of an X509_LOOKUP_METHOD can be associated to many instantiations of an
 109 B<X509_LOOKUP> structure.
 110
 111 X509_LOOKUP_meth_new() creates a new B<X509_LOOKUP_METHOD> structure. It should
 112 be given a human-readable string containing a brief description of the lookup
 113 method.
 114
 115 X509_LOOKUP_meth_free() destroys a B<X509_LOOKUP_METHOD> structure.
 116
 117 X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the
 118 function that is called when an B<X509_LOOKUP> object is created with
 119 X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP
 120 specific data, the supplied new_item function should allocate this data and
 121 invoke X509_LOOKUP_set_method_data().
 122
 123 X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function
 124 that is used to free any method data that was allocated and set from within
 125 new_item function.
 126
 127 X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the
 128 function that is used to initialize the method data that was set with
 129 X509_LOOKUP_set_method_data() as part of the new_item routine.
 130
 131 X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set
 132 the function that is used to shut down the method data whose state was
 133 previously initialized in the init function.
 134
 135 X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a
 136 function to be used to handle arbitrary control commands issued by
 137 X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP
 138 B<ctx>, along with the arguments passed by X509_LOOKUP_ctrl. B<cmd> is
 139 an arbitrary integer that defines some operation. B<argc> is a pointer
 140 to an array of characters. B<argl> is an integer. B<ret>, if set,
 141 points to a location where any return data should be written to. How
 142 B<argc> and B<argl> are used depends entirely on the control function.
 143
 144
 145 X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(),
 146 X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set
 147 the functions used to retrieve an X509 or X509_CRL object by the object's
 148 subject, issuer, fingerprint, and alias respectively. These functions are given
 149 the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters
 150 related to the lookup, and an X509_OBJECT that will receive the requested
 151 object.
 152
 153 Implementations must add objects they find to the B<X509_STORE> object
 154 using X509_STORE_add_cert() or X509_STORE_add_crl().  This increments
 155 its reference count.  However, the X509_STORE_CTX_get_by_subject()
 156 function also increases the reference count which leads to one too
 157 many references being held.  Therefore applications should
 158 additionally call X509_free() or X509_CRL_free() to decrement the
 159 reference count again.
 160
 161 Implementations should also use either X509_OBJECT_set1_X509() or
 162 X509_OBJECT_set1_X509_CRL() to set the result.  Note that this also
 163 increments the result's reference count.
 164
 165 Any method data that was created as a result of the new_item function
 166 set by X509_LOOKUP_meth_set_new_item() can be accessed with
 167 X509_LOOKUP_get_method_data(). The B<X509_STORE> object that owns the
 168 X509_LOOKUP may be accessed with X509_LOOKUP_get_store(). Successful lookups
 169 should return 1, and unsuccessful lookups should return 0.
 170
 171 X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(),
 172 X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve
 173 the function set by the corresponding setter.
 174
 175 =head1 RETURN VALUES
 176
 177 The B<X509_LOOKUP_meth_set> functions return 1 on success or 0 on error.
 178
 179 The B<X509_LOOKUP_meth_get> functions return the corresponding function
 180 pointers.
 181
 182 =head1 SEE ALSO
 183
 184 L<X509_STORE_new(3)>, L<SSL_CTX_set_cert_store(3)>
 185
 186 =head1 HISTORY
 187
 188 The functions described here were added in OpenSSL 1.1.0i.
 189
 190 =head1 COPYRIGHT
 191
 192 Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
 193
 194 Licensed under the Apache License 2.0 (the "License").  You may not use
 195 this file except in compliance with the License.  You can obtain a copy
 196 in the file LICENSE in the source distribution or at
 197 L<https://www.openssl.org/source/license.html>.
 198
 199 =cut