1X509_LOOKUP_METH_NEW(3ossl) OpenSSL X509_LOOKUP_METH_NEW(3ossl)
2
3
4
6 X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free,
7 X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item,
8 X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free,
9 X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init,
10 X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown,
11 X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl,
12 X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn,
13 X509_LOOKUP_meth_set_get_by_subject,
14 X509_LOOKUP_meth_get_get_by_subject,
15 X509_LOOKUP_get_by_issuer_serial_fn,
16 X509_LOOKUP_meth_set_get_by_issuer_serial,
17 X509_LOOKUP_meth_get_get_by_issuer_serial,
18 X509_LOOKUP_get_by_fingerprint_fn,
19 X509_LOOKUP_meth_set_get_by_fingerprint,
20 X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn,
21 X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias,
22 X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL - Routines to build up
23 X509_LOOKUP methods
24
26 #include <openssl/x509_vfy.h>
27
28 typedef x509_lookup_method_st X509_LOOKUP_METHOD;
29
30 X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
31 void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
32
33 int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
34 int (*new_item) (X509_LOOKUP *ctx));
35 int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
36 (X509_LOOKUP *ctx);
37
38 int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
39 void (*free) (X509_LOOKUP *ctx));
40 void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
41 (X509_LOOKUP *ctx);
42
43 int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
44 int (*init) (X509_LOOKUP *ctx));
45 int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
46 (X509_LOOKUP *ctx);
47
48 int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
49 int (*shutdown) (X509_LOOKUP *ctx));
50 int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
51 (X509_LOOKUP *ctx);
52
53 typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
54 long argl, char **ret);
55 int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
56 X509_LOOKUP_ctrl_fn ctrl_fn);
57 X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
58
59 typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
60 X509_LOOKUP_TYPE type,
61 const X509_NAME *name,
62 X509_OBJECT *ret);
63 int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
64 X509_LOOKUP_get_by_subject_fn fn);
65 X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
66 const X509_LOOKUP_METHOD *method);
67
68 typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
69 X509_LOOKUP_TYPE type,
70 const X509_NAME *name,
71 const ASN1_INTEGER *serial,
72 X509_OBJECT *ret);
73 int X509_LOOKUP_meth_set_get_by_issuer_serial(
74 X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
75 X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
76 const X509_LOOKUP_METHOD *method);
77
78 typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
79 X509_LOOKUP_TYPE type,
80 const unsigned char* bytes,
81 int len,
82 X509_OBJECT *ret);
83 int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
84 X509_LOOKUP_get_by_fingerprint_fn fn);
85 X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
86 const X509_LOOKUP_METHOD *method);
87
88 typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
89 X509_LOOKUP_TYPE type,
90 const char *str,
91 int len,
92 X509_OBJECT *ret);
93 int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
94 X509_LOOKUP_get_by_alias_fn fn);
95 X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
96 const X509_LOOKUP_METHOD *method);
97
98 int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
99 int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
100
102 The X509_LOOKUP_METHOD type is a structure used for the implementation
103 of new X509_LOOKUP types. It provides a set of functions used by
104 OpenSSL for the implementation of various X509 and X509_CRL lookup
105 capabilities. One instance of an X509_LOOKUP_METHOD can be associated
106 to many instantiations of an X509_LOOKUP structure.
107
108 X509_LOOKUP_meth_new() creates a new X509_LOOKUP_METHOD structure. It
109 should be given a human-readable string containing a brief description
110 of the lookup method.
111
112 X509_LOOKUP_meth_free() destroys a X509_LOOKUP_METHOD structure.
113
114 X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set
115 the function that is called when an X509_LOOKUP object is created with
116 X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any
117 per-X509_LOOKUP specific data, the supplied new_item function should
118 allocate this data and invoke X509_LOOKUP_set_method_data(3).
119
120 X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the
121 function that is used to free any method data that was allocated and
122 set from within new_item function.
123
124 X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set
125 the function that is used to initialize the method data that was set
126 with X509_LOOKUP_set_method_data(3) as part of the new_item routine.
127
128 X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get
129 and set the function that is used to shut down the method data whose
130 state was previously initialized in the init function.
131
132 X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set
133 a function to be used to handle arbitrary control commands issued by
134 X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP ctx,
135 along with the arguments passed by X509_LOOKUP_ctrl. cmd is an
136 arbitrary integer that defines some operation. argc is a pointer to an
137 array of characters. argl is an integer. ret, if set, points to a
138 location where any return data should be written to. How argc and argl
139 are used depends entirely on the control function.
140
141 X509_LOOKUP_set_get_by_subject(),
142 X509_LOOKUP_set_get_by_issuer_serial(),
143 X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias()
144 set the functions used to retrieve an X509 or X509_CRL object by the
145 object's subject, issuer, fingerprint, and alias respectively. These
146 functions are given the X509_LOOKUP context, the type of the
147 X509_OBJECT being requested, parameters related to the lookup, and an
148 X509_OBJECT that will receive the requested object.
149
150 Implementations must add objects they find to the X509_STORE object
151 using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments
152 its reference count. However, the X509_STORE_CTX_get_by_subject()
153 function also increases the reference count which leads to one too many
154 references being held. Therefore, applications should additionally
155 call X509_free() or X509_CRL_free() to decrement the reference count
156 again.
157
158 Implementations should also use either X509_OBJECT_set1_X509() or
159 X509_OBJECT_set1_X509_CRL() to set the result. Note that this also
160 increments the result's reference count.
161
162 Any method data that was created as a result of the new_item function
163 set by X509_LOOKUP_meth_set_new_item() can be accessed with
164 X509_LOOKUP_get_method_data(3). The X509_STORE object that owns the
165 X509_LOOKUP may be accessed with X509_LOOKUP_get_store(3). Successful
166 lookups should return 1, and unsuccessful lookups should return 0.
167
168 X509_LOOKUP_get_get_by_subject(),
169 X509_LOOKUP_get_get_by_issuer_serial(),
170 X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias()
171 retrieve the function set by the corresponding setter.
172
174 The X509_LOOKUP_meth_set functions return 1 on success or 0 on error.
175
176 The X509_LOOKUP_meth_get functions return the corresponding function
177 pointers.
178
180 X509_STORE_new(3), SSL_CTX_set_cert_store(3)
181
183 The functions described here were added in OpenSSL 1.1.0i.
184
186 Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
187
188 Licensed under the Apache License 2.0 (the "License"). You may not use
189 this file except in compliance with the License. You can obtain a copy
190 in the file LICENSE in the source distribution or at
191 <https://www.openssl.org/source/license.html>.
192
193
194
1953.0.5 2022-07-05 X509_LOOKUP_METH_NEW(3ossl)