| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls
|
|---|
| 6 | - CMS certificate and CRL utility functions
|
|---|
| 7 |
|
|---|
| 8 | =head1 SYNOPSIS
|
|---|
| 9 |
|
|---|
| 10 | #include <openssl/cms.h>
|
|---|
| 11 |
|
|---|
| 12 | int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
|
|---|
| 13 | int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
|
|---|
| 14 | STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
|
|---|
| 15 |
|
|---|
| 16 | int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
|
|---|
| 17 | int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
|
|---|
| 18 | STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
|
|---|
| 19 |
|
|---|
| 20 | =head1 DESCRIPTION
|
|---|
| 21 |
|
|---|
| 22 | CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>.
|
|---|
| 23 | This is used by L<CMS_sign_ex(3)> and L<CMS_sign(3)> and may be used before
|
|---|
| 24 | calling L<CMS_verify(3)> to help chain building in certificate validation.
|
|---|
| 25 | I<cms> must be of type signed data or (authenticated) enveloped data.
|
|---|
| 26 | For signed data, such a certificate can be used when signing or verifying
|
|---|
| 27 | to fill in the signer certificate or to provide an extra CA certificate
|
|---|
| 28 | that may be needed for chain building in certificate validation.
|
|---|
| 29 |
|
|---|
| 30 | CMS_get1_certs() returns all certificates in I<cms>.
|
|---|
| 31 |
|
|---|
| 32 | CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
|
|---|
| 33 | I<cms> must be of type signed data or (authenticated) enveloped data.
|
|---|
| 34 | For signed data, such a CRL may be used in certificate validation
|
|---|
| 35 | with L<CMS_verify(3)>.
|
|---|
| 36 | It may be given both for inclusion when signing a CMS message
|
|---|
| 37 | and when verifying a signed CMS message.
|
|---|
| 38 |
|
|---|
| 39 | CMS_get1_crls() returns all CRLs in I<cms>.
|
|---|
| 40 |
|
|---|
| 41 | =head1 NOTES
|
|---|
| 42 |
|
|---|
| 43 | The CMS_ContentInfo structure I<cms> must be of type signed data or enveloped
|
|---|
| 44 | data or an error will be returned.
|
|---|
| 45 |
|
|---|
| 46 | For signed data certificates and CRLs are added to the I<certificates> and
|
|---|
| 47 | I<crls> fields of SignedData structure. For enveloped data they are added to
|
|---|
| 48 | B<OriginatorInfo>.
|
|---|
| 49 |
|
|---|
| 50 | As the I<0> implies CMS_add0_cert() adds I<cert> internally to I<cms> and it
|
|---|
| 51 | must not be freed up after the call as opposed to CMS_add1_cert() where I<cert>
|
|---|
| 52 | must be freed up.
|
|---|
| 53 |
|
|---|
| 54 | The same certificate must not be added to the same cms structure more than once.
|
|---|
| 55 |
|
|---|
| 56 | =head1 RETURN VALUES
|
|---|
| 57 |
|
|---|
| 58 | CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
|
|---|
| 59 | 1 for success and 0 for failure.
|
|---|
| 60 |
|
|---|
| 61 | CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
|
|---|
| 62 | or NULL if there are none or an error occurs. The only error which will occur
|
|---|
| 63 | in practice is if the I<cms> type is invalid.
|
|---|
| 64 |
|
|---|
| 65 | =head1 SEE ALSO
|
|---|
| 66 |
|
|---|
| 67 | L<ERR_get_error(3)>,
|
|---|
| 68 | L<CMS_sign(3)>, L<CMS_sign_ex(3)>, L<CMS_verify(3)>,
|
|---|
| 69 | L<CMS_encrypt(3)>
|
|---|
| 70 |
|
|---|
| 71 | =head1 COPYRIGHT
|
|---|
| 72 |
|
|---|
| 73 | Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 74 |
|
|---|
| 75 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 76 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 77 | in the file LICENSE in the source distribution or at
|
|---|
| 78 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 79 |
|
|---|
| 80 | =cut
|
|---|
