OpenSSL

Cryptography and SSL/TLS Toolkit

OSSL_CMP_ITAV_new_rootCaCert

NAME

OSSL_CMP_ITAV_new_caCerts, OSSL_CMP_ITAV_get0_caCerts, OSSL_CMP_ITAV_new_rootCaCert, OSSL_CMP_ITAV_get0_rootCaCert, OSSL_CMP_ITAV_new_rootCaKeyUpdate, OSSL_CMP_ITAV_get0_rootCaKeyUpdate - CMP utility functions for handling specific genm and genp messages

SYNOPSIS

#include <openssl/cmp.h>

OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);

OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
                                                 const X509 *newWithOld,
                                                 const X509 *oldWithNew);
int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
                                       X509 **newWithNew,
                                       X509 **newWithOld,
                                       X509 **oldWithNew);

DESCRIPTION

ITAV is short for InfoTypeAndValue.

OSSL_CMP_ITAV_new_caCerts() creates an OSSL_CMP_ITAV structure of type caCerts and fills it with a copy of the provided list of certificates. The caCerts argument may be NULL or contain any number of certificates.

OSSL_CMP_ITAV_get0_caCerts() requires that itav has type caCerts. It assigns NULL to *out if there are no CA certificates in itav, otherwise the internal pointer of type STACK_OF(X509) with the certificates present.

OSSL_CMP_ITAV_new_rootCaCert() creates a new OSSL_CMP_ITAV structure of type rootCaCert that includes the optionally given certificate.

OSSL_CMP_ITAV_get0_rootCaCert() requires that itav has type rootCaCert. It assigns NULL to *out if no certificate is included in itav, otherwise the internal pointer to the certificate contained in the infoValue field.

OSSL_CMP_ITAV_new_rootCaKeyUpdate() creates a new OSSL_CMP_ITAV structure of type rootCaKeyUpdate that includes an RootCaKeyUpdateContent structure with the optional newWithNew, newWithOld, and oldWithNew certificates.

OSSL_CMP_ITAV_get0_rootCaKeyUpdate() requires that itav has infoType rootCaKeyUpdate. If an update of a root CA certificate is included, it assigns to *newWithNew the internal pointer to the certificate contained in the newWithNew infoValue sub-field of itav. If newWithOld is not NULL, it assigns to *newWithOld the internal pointer to the certificate contained in the newWithOld infoValue sub-field of itav. If oldWithNew is not NULL, it assigns to *oldWithNew the internal pointer to the certificate contained in the oldWithNew infoValue sub-field of itav. Each of these pointers will be NULL if the respective sub-field is not set.

NOTES

CMP is defined in RFC 4210.

RETURN VALUES

OSSL_CMP_ITAV_new_caCerts(), OSSL_CMP_ITAV_new_rootCaCert(), and OSSL_CMP_ITAV_new_rootCaKeyUpdate() return a pointer to the new ITAV structure on success, or NULL on error.

OSSL_CMP_ITAV_get0_caCerts(), OSSL_CMP_ITAV_get0_rootCaCert(), and OSSL_CMP_ITAV_get0_rootCaKeyUpdate() return 1 on success, 0 on error.

SEE ALSO

OSSL_CMP_ITAV_create(3) and OSSL_CMP_ITAV_get0_type(3)

HISTORY

OSSL_CMP_ITAV_new_caCerts(), OSSL_CMP_ITAV_get0_caCerts(), OSSL_CMP_ITAV_new_rootCaCert(), OSSL_CMP_ITAV_get0_rootCaCert(), OSSL_CMP_ITAV_new_rootCaKeyUpdate(), and OSSL_CMP_ITAV_get0_rootCaKeyUpdate() were added in OpenSSL 3.2.

Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.