From c9aad1ae6227c434d480d1d3aa8eae3c3c910c18 Mon Sep 17 00:00:00 2001 From: marha Date: Sun, 22 Feb 2015 14:43:31 +0100 Subject: Upgraded to openssl-1.0.2 --- openssl/doc/crypto/d2i_X509.pod | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'openssl/doc/crypto/d2i_X509.pod') diff --git a/openssl/doc/crypto/d2i_X509.pod b/openssl/doc/crypto/d2i_X509.pod index 298ec54a4..fea6e868e 100644 --- a/openssl/doc/crypto/d2i_X509.pod +++ b/openssl/doc/crypto/d2i_X509.pod @@ -18,6 +18,8 @@ i2d_X509_fp - X509 encode and decode functions int i2d_X509_bio(BIO *bp, X509 *x); int i2d_X509_fp(FILE *fp, X509 *x); + int i2d_re_X509_tbs(X509 *x, unsigned char **out); + =head1 DESCRIPTION The X509 encode and decode routines encode and parse an @@ -57,11 +59,17 @@ i2d_X509_fp() is similar to i2d_X509() except it writes the encoding of the structure B to BIO B and it returns 1 for success and 0 for failure. +i2d_re_X509_tbs() is similar to i2d_X509() except it encodes +only the TBSCertificate portion of the certificate. + =head1 NOTES The letters B and B in for example B stand for -"internal" (that is an internal C structure) and "DER". So that -B converts from internal to DER. +"internal" (that is an internal C structure) and "DER". So +B converts from internal to DER. The "re" in +B stands for "re-encode", and ensures that a fresh +encoding is generated in case the object has been modified after +creation (see the BUGS section). The functions can also understand B forms. @@ -206,6 +214,21 @@ fields entirely and will not be parsed by d2i_X509(). This may be fixed in future so code should not assume that i2d_X509() will always succeed. +The encoding of the TBSCertificate portion of a certificate is cached +in the B structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. + +Any function which encodes an X509 structure such as i2d_X509(), +i2d_X509_fp() or i2d_X509_bio() may return a stale encoding if the +B structure has been modified after deserialization or previous +serialization. + +If, after modification, the B object is re-signed with X509_sign(), +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the B can be manually renewed by calling +i2d_re_X509_tbs(). + =head1 RETURN VALUES d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure -- cgit v1.2.3