1.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.20 2021/07/24 14:33:14 schwarze Exp $
2.\" full merge up to:
3.\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100
4.\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100
5.\"
6.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
7.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project.
8.\" All rights reserved.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\"
14.\" 1. Redistributions of source code must retain the above copyright
15.\"    notice, this list of conditions and the following disclaimer.
16.\"
17.\" 2. Redistributions in binary form must reproduce the above copyright
18.\"    notice, this list of conditions and the following disclaimer in
19.\"    the documentation and/or other materials provided with the
20.\"    distribution.
21.\"
22.\" 3. All advertising materials mentioning features or use of this
23.\"    software must display the following acknowledgment:
24.\"    "This product includes software developed by the OpenSSL Project
25.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
26.\"
27.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28.\"    endorse or promote products derived from this software without
29.\"    prior written permission. For written permission, please contact
30.\"    openssl-core@openssl.org.
31.\"
32.\" 5. Products derived from this software may not be called "OpenSSL"
33.\"    nor may "OpenSSL" appear in their names without prior written
34.\"    permission of the OpenSSL Project.
35.\"
36.\" 6. Redistributions of any form whatsoever must retain the following
37.\"    acknowledgment:
38.\"    "This product includes software developed by the OpenSSL Project
39.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
40.\"
41.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
45.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52.\" OF THE POSSIBILITY OF SUCH DAMAGE.
53.\"
54.Dd $Mdocdate: July 24 2021 $
55.Dt PEM_READ_BIO_PRIVATEKEY 3
56.Os
57.Sh NAME
58.Nm PEM_read_bio_PrivateKey ,
59.Nm PEM_read_PrivateKey ,
60.Nm PEM_write_bio_PrivateKey ,
61.Nm PEM_write_PrivateKey ,
62.Nm PEM_write_bio_PKCS8PrivateKey ,
63.Nm PEM_write_PKCS8PrivateKey ,
64.Nm PEM_write_bio_PKCS8PrivateKey_nid ,
65.Nm PEM_write_PKCS8PrivateKey_nid ,
66.Nm PEM_read_bio_PKCS8 ,
67.Nm PEM_read_PKCS8 ,
68.Nm PEM_write_bio_PKCS8 ,
69.Nm PEM_write_PKCS8 ,
70.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
71.Nm PEM_read_PKCS8_PRIV_KEY_INFO ,
72.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
73.Nm PEM_write_PKCS8_PRIV_KEY_INFO ,
74.Nm PEM_read_bio_PUBKEY ,
75.Nm PEM_read_PUBKEY ,
76.Nm PEM_write_bio_PUBKEY ,
77.Nm PEM_write_PUBKEY ,
78.Nm PEM_read_bio_RSAPrivateKey ,
79.Nm PEM_read_RSAPrivateKey ,
80.Nm PEM_write_bio_RSAPrivateKey ,
81.Nm PEM_write_RSAPrivateKey ,
82.Nm PEM_read_bio_RSAPublicKey ,
83.Nm PEM_read_RSAPublicKey ,
84.Nm PEM_write_bio_RSAPublicKey ,
85.Nm PEM_write_RSAPublicKey ,
86.Nm PEM_read_bio_RSA_PUBKEY ,
87.Nm PEM_read_RSA_PUBKEY ,
88.Nm PEM_write_bio_RSA_PUBKEY ,
89.Nm PEM_write_RSA_PUBKEY ,
90.Nm PEM_read_bio_DSAPrivateKey ,
91.Nm PEM_read_DSAPrivateKey ,
92.Nm PEM_write_bio_DSAPrivateKey ,
93.Nm PEM_write_DSAPrivateKey ,
94.Nm PEM_read_bio_DSA_PUBKEY ,
95.Nm PEM_read_DSA_PUBKEY ,
96.Nm PEM_write_bio_DSA_PUBKEY ,
97.Nm PEM_write_DSA_PUBKEY ,
98.Nm PEM_read_bio_DSAparams ,
99.Nm PEM_read_DSAparams ,
100.Nm PEM_write_bio_DSAparams ,
101.Nm PEM_write_DSAparams ,
102.Nm PEM_read_bio_DHparams ,
103.Nm PEM_read_DHparams ,
104.Nm PEM_write_bio_DHparams ,
105.Nm PEM_write_DHparams ,
106.Nm PEM_read_bio_ECPKParameters ,
107.Nm PEM_read_ECPKParameters ,
108.Nm PEM_write_bio_ECPKParameters ,
109.Nm PEM_write_ECPKParameters ,
110.Nm PEM_read_bio_ECPrivateKey ,
111.Nm PEM_read_ECPrivateKey ,
112.Nm PEM_write_bio_ECPrivateKey ,
113.Nm PEM_write_ECPrivateKey ,
114.Nm PEM_read_bio_EC_PUBKEY ,
115.Nm PEM_read_EC_PUBKEY ,
116.Nm PEM_write_bio_EC_PUBKEY ,
117.Nm PEM_write_EC_PUBKEY ,
118.Nm PEM_read_bio_X509 ,
119.Nm PEM_read_X509 ,
120.Nm PEM_write_bio_X509 ,
121.Nm PEM_write_X509 ,
122.Nm PEM_read_bio_X509_AUX ,
123.Nm PEM_read_X509_AUX ,
124.Nm PEM_write_bio_X509_AUX ,
125.Nm PEM_write_X509_AUX ,
126.Nm PEM_read_bio_X509_REQ ,
127.Nm PEM_read_X509_REQ ,
128.Nm PEM_write_bio_X509_REQ ,
129.Nm PEM_write_X509_REQ ,
130.Nm PEM_write_bio_X509_REQ_NEW ,
131.Nm PEM_write_X509_REQ_NEW ,
132.Nm PEM_read_bio_X509_CRL ,
133.Nm PEM_read_X509_CRL ,
134.Nm PEM_write_bio_X509_CRL ,
135.Nm PEM_write_X509_CRL ,
136.Nm PEM_read_bio_PKCS7 ,
137.Nm PEM_read_PKCS7 ,
138.Nm PEM_write_bio_PKCS7 ,
139.Nm PEM_write_PKCS7 ,
140.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
141.Nm PEM_read_NETSCAPE_CERT_SEQUENCE ,
142.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
143.Nm PEM_write_NETSCAPE_CERT_SEQUENCE ,
144.Nm PEM_read_CMS ,
145.Nm PEM_read_bio_CMS ,
146.Nm PEM_write_CMS ,
147.Nm PEM_write_bio_CMS
148.Nd PEM routines
149.Sh SYNOPSIS
150.In openssl/pem.h
151.Ft EVP_PKEY *
152.Fo PEM_read_bio_PrivateKey
153.Fa "BIO *bp"
154.Fa "EVP_PKEY **x"
155.Fa "pem_password_cb *cb"
156.Fa "void *u"
157.Fc
158.Ft EVP_PKEY *
159.Fo PEM_read_PrivateKey
160.Fa "FILE *fp"
161.Fa "EVP_PKEY **x"
162.Fa "pem_password_cb *cb"
163.Fa "void *u"
164.Fc
165.Ft int
166.Fo PEM_write_bio_PrivateKey
167.Fa "BIO *bp"
168.Fa "EVP_PKEY *x"
169.Fa "const EVP_CIPHER *enc"
170.Fa "unsigned char *kstr"
171.Fa "int klen"
172.Fa "pem_password_cb *cb"
173.Fa "void *u"
174.Fc
175.Ft int
176.Fo PEM_write_PrivateKey
177.Fa "FILE *fp"
178.Fa "EVP_PKEY *x"
179.Fa "const EVP_CIPHER *enc"
180.Fa "unsigned char *kstr"
181.Fa "int klen"
182.Fa "pem_password_cb *cb"
183.Fa "void *u"
184.Fc
185.Ft int
186.Fo PEM_write_bio_PKCS8PrivateKey
187.Fa "BIO *bp"
188.Fa "EVP_PKEY *x"
189.Fa "const EVP_CIPHER *enc"
190.Fa "char *kstr"
191.Fa "int klen"
192.Fa "pem_password_cb *cb"
193.Fa "void *u"
194.Fc
195.Ft int
196.Fo PEM_write_PKCS8PrivateKey
197.Fa "FILE *fp"
198.Fa "EVP_PKEY *x"
199.Fa "const EVP_CIPHER *enc"
200.Fa "char *kstr"
201.Fa "int klen"
202.Fa "pem_password_cb *cb"
203.Fa "void *u"
204.Fc
205.Ft int
206.Fo PEM_write_bio_PKCS8PrivateKey_nid
207.Fa "BIO *bp"
208.Fa "EVP_PKEY *x"
209.Fa "int nid"
210.Fa "char *kstr"
211.Fa "int klen"
212.Fa "pem_password_cb *cb"
213.Fa "void *u"
214.Fc
215.Ft int
216.Fo PEM_write_PKCS8PrivateKey_nid
217.Fa "FILE *fp"
218.Fa "EVP_PKEY *x"
219.Fa "int nid"
220.Fa "char *kstr"
221.Fa "int klen"
222.Fa "pem_password_cb *cb"
223.Fa "void *u"
224.Fc
225.Ft X509_SIG *
226.Fo PEM_read_bio_PKCS8
227.Fa "BIO *bp"
228.Fa "X509_SIG **x"
229.Fa "pem_password_cb *cb"
230.Fa "void *u"
231.Fc
232.Ft X509_SIG *
233.Fo PEM_read_PKCS8
234.Fa "FILE *fp"
235.Fa "X509_SIG **x"
236.Fa "pem_password_cb *cb"
237.Fa "void *u"
238.Fc
239.Ft int
240.Fo PEM_write_bio_PKCS8
241.Fa "BIO *bp"
242.Fa "X509_SIG *x"
243.Fc
244.Ft int
245.Fo PEM_write_PKCS8
246.Fa "FILE *fp"
247.Fa "X509_SIG *x"
248.Fc
249.Ft PKCS8_PRIV_KEY_INFO *
250.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO
251.Fa "BIO *bp"
252.Fa "PKCS8_PRIV_KEY_INFO **x"
253.Fa "pem_password_cb *cb"
254.Fa "void *u"
255.Fc
256.Ft PKCS8_PRIV_KEY_INFO *
257.Fo PEM_read_PKCS8_PRIV_KEY_INFO
258.Fa "FILE *fp"
259.Fa "PKCS8_PRIV_KEY_INFO **x"
260.Fa "pem_password_cb *cb"
261.Fa "void *u"
262.Fc
263.Ft int
264.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO
265.Fa "BIO *bp"
266.Fa "PKCS8_PRIV_KEY_INFO *x"
267.Fc
268.Ft int
269.Fo PEM_write_PKCS8_PRIV_KEY_INFO
270.Fa "FILE *fp"
271.Fa "PKCS8_PRIV_KEY_INFO *x"
272.Fc
273.Ft EVP_PKEY *
274.Fo PEM_read_bio_PUBKEY
275.Fa "BIO *bp"
276.Fa "EVP_PKEY **x"
277.Fa "pem_password_cb *cb"
278.Fa "void *u"
279.Fc
280.Ft EVP_PKEY *
281.Fo PEM_read_PUBKEY
282.Fa "FILE *fp"
283.Fa "EVP_PKEY **x"
284.Fa "pem_password_cb *cb"
285.Fa "void *u"
286.Fc
287.Ft int
288.Fo PEM_write_bio_PUBKEY
289.Fa "BIO *bp"
290.Fa "EVP_PKEY *x"
291.Fc
292.Ft int
293.Fo PEM_write_PUBKEY
294.Fa "FILE *fp"
295.Fa "EVP_PKEY *x"
296.Fc
297.Ft RSA *
298.Fo PEM_read_bio_RSAPrivateKey
299.Fa "BIO *bp"
300.Fa "RSA **x"
301.Fa "pem_password_cb *cb"
302.Fa "void *u"
303.Fc
304.Ft RSA *
305.Fo PEM_read_RSAPrivateKey
306.Fa "FILE *fp"
307.Fa "RSA **x"
308.Fa "pem_password_cb *cb"
309.Fa "void *u"
310.Fc
311.Ft int
312.Fo PEM_write_bio_RSAPrivateKey
313.Fa "BIO *bp"
314.Fa "RSA *x"
315.Fa "const EVP_CIPHER *enc"
316.Fa "unsigned char *kstr"
317.Fa "int klen"
318.Fa "pem_password_cb *cb"
319.Fa "void *u"
320.Fc
321.Ft int
322.Fo PEM_write_RSAPrivateKey
323.Fa "FILE *fp"
324.Fa "RSA *x"
325.Fa "const EVP_CIPHER *enc"
326.Fa "unsigned char *kstr"
327.Fa "int klen"
328.Fa "pem_password_cb *cb"
329.Fa "void *u"
330.Fc
331.Ft RSA *
332.Fo PEM_read_bio_RSAPublicKey
333.Fa "BIO *bp"
334.Fa "RSA **x"
335.Fa "pem_password_cb *cb"
336.Fa "void *u"
337.Fc
338.Ft RSA *
339.Fo PEM_read_RSAPublicKey
340.Fa "FILE *fp"
341.Fa "RSA **x"
342.Fa "pem_password_cb *cb"
343.Fa "void *u"
344.Fc
345.Ft int
346.Fo PEM_write_bio_RSAPublicKey
347.Fa "BIO *bp"
348.Fa "RSA *x"
349.Fc
350.Ft int
351.Fo PEM_write_RSAPublicKey
352.Fa "FILE *fp"
353.Fa "RSA *x"
354.Fc
355.Ft RSA *
356.Fo PEM_read_bio_RSA_PUBKEY
357.Fa "BIO *bp"
358.Fa "RSA **x"
359.Fa "pem_password_cb *cb"
360.Fa "void *u"
361.Fc
362.Ft RSA *
363.Fo PEM_read_RSA_PUBKEY
364.Fa "FILE *fp"
365.Fa "RSA **x"
366.Fa "pem_password_cb *cb"
367.Fa "void *u"
368.Fc
369.Ft int
370.Fo PEM_write_bio_RSA_PUBKEY
371.Fa "BIO *bp"
372.Fa "RSA *x"
373.Fc
374.Ft int
375.Fo PEM_write_RSA_PUBKEY
376.Fa "FILE *fp"
377.Fa "RSA *x"
378.Fc
379.Ft DSA *
380.Fo PEM_read_bio_DSAPrivateKey
381.Fa "BIO *bp"
382.Fa "DSA **x"
383.Fa "pem_password_cb *cb"
384.Fa "void *u"
385.Fc
386.Ft DSA *
387.Fo PEM_read_DSAPrivateKey
388.Fa "FILE *fp"
389.Fa "DSA **x"
390.Fa "pem_password_cb *cb"
391.Fa "void *u"
392.Fc
393.Ft int
394.Fo PEM_write_bio_DSAPrivateKey
395.Fa "BIO *bp"
396.Fa "DSA *x"
397.Fa "const EVP_CIPHER *enc"
398.Fa "unsigned char *kstr"
399.Fa "int klen"
400.Fa "pem_password_cb *cb"
401.Fa "void *u"
402.Fc
403.Ft int
404.Fo PEM_write_DSAPrivateKey
405.Fa "FILE *fp"
406.Fa "DSA *x"
407.Fa "const EVP_CIPHER *enc"
408.Fa "unsigned char *kstr"
409.Fa "int klen"
410.Fa "pem_password_cb *cb"
411.Fa "void *u"
412.Fc
413.Ft DSA *
414.Fo PEM_read_bio_DSA_PUBKEY
415.Fa "BIO *bp"
416.Fa "DSA **x"
417.Fa "pem_password_cb *cb"
418.Fa "void *u"
419.Fc
420.Ft DSA *
421.Fo PEM_read_DSA_PUBKEY
422.Fa "FILE *fp"
423.Fa "DSA **x"
424.Fa "pem_password_cb *cb"
425.Fa "void *u"
426.Fc
427.Ft int
428.Fo PEM_write_bio_DSA_PUBKEY
429.Fa "BIO *bp"
430.Fa "DSA *x"
431.Fc
432.Ft int
433.Fo PEM_write_DSA_PUBKEY
434.Fa "FILE *fp"
435.Fa "DSA *x"
436.Fc
437.Ft DSA *
438.Fo PEM_read_bio_DSAparams
439.Fa "BIO *bp"
440.Fa "DSA **x"
441.Fa "pem_password_cb *cb"
442.Fa "void *u"
443.Fc
444.Ft DSA *
445.Fo PEM_read_DSAparams
446.Fa "FILE *fp"
447.Fa "DSA **x"
448.Fa "pem_password_cb *cb"
449.Fa "void *u"
450.Fc
451.Ft int
452.Fo PEM_write_bio_DSAparams
453.Fa "BIO *bp"
454.Fa "DSA *x"
455.Fc
456.Ft int
457.Fo PEM_write_DSAparams
458.Fa "FILE *fp"
459.Fa "DSA *x"
460.Fc
461.Ft DH *
462.Fo PEM_read_bio_DHparams
463.Fa "BIO *bp"
464.Fa "DH **x"
465.Fa "pem_password_cb *cb"
466.Fa "void *u"
467.Fc
468.Ft DH *
469.Fo PEM_read_DHparams
470.Fa "FILE *fp"
471.Fa "DH **x"
472.Fa "pem_password_cb *cb"
473.Fa "void *u"
474.Fc
475.Ft int
476.Fo PEM_write_bio_DHparams
477.Fa "BIO *bp"
478.Fa "DH *x"
479.Fc
480.Ft int
481.Fo PEM_write_DHparams
482.Fa "FILE *fp"
483.Fa "DH *x"
484.Fc
485.Ft EC_GROUP *
486.Fo PEM_read_bio_ECPKParameters
487.Fa "BIO *bp"
488.Fa "EC_GROUP **x"
489.Fa "pem_password_cb *cb"
490.Fa "void *u"
491.Fc
492.Ft EC_GROUP *
493.Fo PEM_read_ECPKParameters
494.Fa "FILE *fp"
495.Fa "EC_GROUP **x"
496.Fa "pem_password_cb *cb"
497.Fa "void *u"
498.Fc
499.Ft int
500.Fo PEM_write_bio_ECPKParameters
501.Fa "BIO *bp"
502.Fa "const EC_GROUP *x"
503.Fc
504.Ft int
505.Fo PEM_write_ECPKParameters
506.Fa "FILE *fp"
507.Fa "const EC_GROUP *x"
508.Fc
509.Ft EC_KEY *
510.Fo PEM_read_bio_ECPrivateKey
511.Fa "BIO *bp"
512.Fa "EC_KEY **key"
513.Fa "pem_password_cb *cb"
514.Fa "void *u"
515.Fc
516.Ft EC_KEY *
517.Fo PEM_read_ECPrivateKey
518.Fa "FILE *fp"
519.Fa "EC_KEY **eckey"
520.Fa "pem_password_cb *cb"
521.Fa "void *u"
522.Fc
523.Ft int
524.Fo PEM_write_bio_ECPrivateKey
525.Fa "BIO *bp"
526.Fa "EC_KEY *x"
527.Fa "const EVP_CIPHER *enc"
528.Fa "unsigned char *kstr"
529.Fa "int klen"
530.Fa "pem_password_cb *cb"
531.Fa "void *u"
532.Fc
533.Ft int
534.Fo PEM_write_ECPrivateKey
535.Fa "FILE *fp"
536.Fa "EC_KEY *x"
537.Fa "const EVP_CIPHER *enc"
538.Fa "unsigned char *kstr"
539.Fa "int klen"
540.Fa "pem_password_cb *cb"
541.Fa "void *u"
542.Fc
543.Ft EC_KEY *
544.Fo PEM_read_bio_EC_PUBKEY
545.Fa "BIO *bp"
546.Fa "EC_KEY **x"
547.Fa "pem_password_cb *cb"
548.Fa "void *u"
549.Fc
550.Ft EC_KEY *
551.Fo PEM_read_EC_PUBKEY
552.Fa "FILE *fp"
553.Fa "EC_KEY **x"
554.Fa "pem_password_cb *cb"
555.Fa "void *u"
556.Fc
557.Ft int
558.Fo PEM_write_bio_EC_PUBKEY
559.Fa "BIO *bp"
560.Fa "EC_KEY *x"
561.Fc
562.Ft int
563.Fo PEM_write_EC_PUBKEY
564.Fa "FILE *fp"
565.Fa "EC_KEY *x"
566.Fc
567.Ft X509 *
568.Fo PEM_read_bio_X509
569.Fa "BIO *bp"
570.Fa "X509 **x"
571.Fa "pem_password_cb *cb"
572.Fa "void *u"
573.Fc
574.Ft X509 *
575.Fo PEM_read_X509
576.Fa "FILE *fp"
577.Fa "X509 **x"
578.Fa "pem_password_cb *cb"
579.Fa "void *u"
580.Fc
581.Ft int
582.Fo PEM_write_bio_X509
583.Fa "BIO *bp"
584.Fa "X509 *x"
585.Fc
586.Ft int
587.Fo PEM_write_X509
588.Fa "FILE *fp"
589.Fa "X509 *x"
590.Fc
591.Ft X509 *
592.Fo PEM_read_bio_X509_AUX
593.Fa "BIO *bp"
594.Fa "X509 **x"
595.Fa "pem_password_cb *cb"
596.Fa "void *u"
597.Fc
598.Ft X509 *
599.Fo PEM_read_X509_AUX
600.Fa "FILE *fp"
601.Fa "X509 **x"
602.Fa "pem_password_cb *cb"
603.Fa "void *u"
604.Fc
605.Ft int
606.Fo PEM_write_bio_X509_AUX
607.Fa "BIO *bp"
608.Fa "X509 *x"
609.Fc
610.Ft int
611.Fo PEM_write_X509_AUX
612.Fa "FILE *fp"
613.Fa "X509 *x"
614.Fc
615.Ft X509_REQ *
616.Fo PEM_read_bio_X509_REQ
617.Fa "BIO *bp"
618.Fa "X509_REQ **x"
619.Fa "pem_password_cb *cb"
620.Fa "void *u"
621.Fc
622.Ft X509_REQ *
623.Fo PEM_read_X509_REQ
624.Fa "FILE *fp"
625.Fa "X509_REQ **x"
626.Fa "pem_password_cb *cb"
627.Fa "void *u"
628.Fc
629.Ft int
630.Fo PEM_write_bio_X509_REQ
631.Fa "BIO *bp"
632.Fa "X509_REQ *x"
633.Fc
634.Ft int
635.Fo PEM_write_X509_REQ
636.Fa "FILE *fp"
637.Fa "X509_REQ *x"
638.Fc
639.Ft int
640.Fo PEM_write_bio_X509_REQ_NEW
641.Fa "BIO *bp"
642.Fa "X509_REQ *x"
643.Fc
644.Ft int
645.Fo PEM_write_X509_REQ_NEW
646.Fa "FILE *fp"
647.Fa "X509_REQ *x"
648.Fc
649.Ft X509_CRL *
650.Fo PEM_read_bio_X509_CRL
651.Fa "BIO *bp"
652.Fa "X509_CRL **x"
653.Fa "pem_password_cb *cb"
654.Fa "void *u"
655.Fc
656.Ft X509_CRL *
657.Fo PEM_read_X509_CRL
658.Fa "FILE *fp"
659.Fa "X509_CRL **x"
660.Fa "pem_password_cb *cb"
661.Fa "void *u"
662.Fc
663.Ft int
664.Fo PEM_write_bio_X509_CRL
665.Fa "BIO *bp"
666.Fa "X509_CRL *x"
667.Fc
668.Ft int
669.Fo PEM_write_X509_CRL
670.Fa "FILE *fp"
671.Fa "X509_CRL *x"
672.Fc
673.Ft PKCS7 *
674.Fo PEM_read_bio_PKCS7
675.Fa "BIO *bp"
676.Fa "PKCS7 **x"
677.Fa "pem_password_cb *cb"
678.Fa "void *u"
679.Fc
680.Ft PKCS7 *
681.Fo PEM_read_PKCS7
682.Fa "FILE *fp"
683.Fa "PKCS7 **x"
684.Fa "pem_password_cb *cb"
685.Fa "void *u"
686.Fc
687.Ft int
688.Fo PEM_write_bio_PKCS7
689.Fa "BIO *bp"
690.Fa "PKCS7 *x"
691.Fc
692.Ft int
693.Fo PEM_write_PKCS7
694.Fa "FILE *fp"
695.Fa "PKCS7 *x"
696.Fc
697.Ft NETSCAPE_CERT_SEQUENCE *
698.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE
699.Fa "BIO *bp"
700.Fa "NETSCAPE_CERT_SEQUENCE **x"
701.Fa "pem_password_cb *cb"
702.Fa "void *u"
703.Fc
704.Ft NETSCAPE_CERT_SEQUENCE *
705.Fo PEM_read_NETSCAPE_CERT_SEQUENCE
706.Fa "FILE *fp"
707.Fa "NETSCAPE_CERT_SEQUENCE **x"
708.Fa "pem_password_cb *cb"
709.Fa "void *u"
710.Fc
711.Ft int
712.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE
713.Fa "BIO *bp"
714.Fa "NETSCAPE_CERT_SEQUENCE *x"
715.Fc
716.Ft int
717.Fo PEM_write_NETSCAPE_CERT_SEQUENCE
718.Fa "FILE *fp"
719.Fa "NETSCAPE_CERT_SEQUENCE *x"
720.Fc
721.In openssl/cms.h
722.Ft CMS_ContentInfo *
723.Fo PEM_read_CMS
724.Fa "FILE *fp"
725.Fa "CMS_ContentInfo **x"
726.Fa "pem_password_cb *cb"
727.Fa "void *u"
728.Fc
729.Ft CMS_ContentInfo *
730.Fo PEM_read_bio_CMS
731.Fa "BIO *bp"
732.Fa "CMS_ContentInfo **x"
733.Fa "pem_password_cb *cb"
734.Fa "void *u"
735.Fc
736.Ft int
737.Fo PEM_write_CMS
738.Fa "FILE *fp"
739.Fa "const CMS_ContentInfo *x"
740.Fc
741.Ft int
742.Fo PEM_write_bio_CMS
743.Fa "BIO *bp"
744.Fa "const CMS_ContentInfo *x"
745.Fc
746.Sh DESCRIPTION
747The PEM functions read or write structures in PEM format.
748In this sense PEM format is simply base64-encoded data surrounded by
749header lines; see
750.Xr PEM_read 3
751for more details.
752.Pp
753For more details about the meaning of arguments see the
754.Sx PEM function arguments
755section.
756.Pp
757Each operation has four functions associated with it.
758For brevity the term
759.Dq Ar TYPE No functions
760will be used to collectively refer to the
761.Fn PEM_read_bio_TYPE ,
762.Fn PEM_read_TYPE ,
763.Fn PEM_write_bio_TYPE ,
764and
765.Fn PEM_write_TYPE
766functions.
767If no set of specific functions exists for a given type,
768.Xr PEM_ASN1_read 3
769can be used instead.
770.Pp
771The
772.Sy PrivateKey
773functions read or write a private key in PEM format using an
774.Vt EVP_PKEY
775structure.
776The write routines use "traditional" private key format and can handle
777both RSA and DSA private keys.
778The read functions can additionally transparently handle PKCS#8 format
779encrypted and unencrypted keys too.
780.Pp
781.Fn PEM_write_bio_PKCS8PrivateKey
782and
783.Fn PEM_write_PKCS8PrivateKey
784write a private key in an
785.Vt EVP_PKEY
786structure in PKCS#8
787.Vt EncryptedPrivateKeyInfo
788format using PKCS#5 v2.0 password based encryption algorithms.
789The
790.Fa enc
791argument specifies the encryption algorithm to use: unlike all other PEM
792routines, the encryption is applied at the PKCS#8 level and not in the
793PEM headers.
794If
795.Fa enc
796is
797.Dv NULL ,
798then no encryption is used and a PKCS#8
799.Vt PrivateKeyInfo
800structure is used instead.
801.Pp
802.Fn PEM_write_bio_PKCS8PrivateKey_nid
803and
804.Fn PEM_write_PKCS8PrivateKey_nid
805also write out a private key as a PKCS#8
806.Vt EncryptedPrivateKeyInfo .
807However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
808The algorithm to use is specified in the
809.Fa nid
810parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
811.Pp
812The
813.Sy PKCS8
814functions process an encrypted private key using an
815.Vt X509_SIG
816structure and the
817.Xr d2i_X509_SIG 3
818function.
819.Pp
820The
821.Sy PKCS8_PRIV_KEY_INFO
822functions process a private key using a
823.Vt PKCS8_PRIV_KEY_INFO
824structure.
825.Pp
826The
827.Sy PUBKEY
828functions process a public key using an
829.Vt EVP_PKEY
830structure.
831The public key is encoded as an ASN.1
832.Vt SubjectPublicKeyInfo
833structure.
834.Pp
835The
836.Sy RSAPrivateKey
837functions process an RSA private key using an
838.Vt RSA
839structure.
840They handle the same formats as the
841.Sy PrivateKey
842functions, but an error occurs if the private key is not RSA.
843.Pp
844The
845.Sy RSAPublicKey
846functions process an RSA public key using an
847.Vt RSA
848structure.
849The public key is encoded using a PKCS#1
850.Vt RSAPublicKey
851structure.
852.Pp
853The
854.Sy RSA_PUBKEY
855functions also process an RSA public key using an
856.Vt RSA
857structure.
858However the public key is encoded using an ASN.1
859.Vt SubjectPublicKeyInfo
860structure and an error occurs if the public key is not RSA.
861.Pp
862The
863.Sy DSAPrivateKey
864functions process a DSA private key using a
865.Vt DSA
866structure.
867They handle the same formats as the
868.Sy PrivateKey
869functions but an error occurs if the private key is not DSA.
870.Pp
871The
872.Sy DSA_PUBKEY
873functions process a DSA public key using a
874.Vt DSA
875structure.
876The public key is encoded using an ASN.1
877.Vt SubjectPublicKeyInfo
878structure and an error occurs if the public key is not DSA.
879.Pp
880The
881.Sy DSAparams
882functions process DSA parameters using a
883.Vt DSA
884structure.
885The parameters are encoded using a Dss-Parms structure as defined in RFC 2459.
886.Pp
887The
888.Sy DHparams
889functions process DH parameters using a
890.Vt DH
891structure.
892The parameters are encoded using a PKCS#3 DHparameter structure.
893.Pp
894The
895.Sy ECPKParameters
896functions process EC parameters using an
897.Vt EC_GROUP
898structure and the
899.Xr d2i_ECPKParameters 3
900function.
901.Pp
902The
903.Sy ECPrivateKey
904functions process an EC private key using an
905.Vt EC_KEY
906structure.
907.Pp
908The
909.Sy EC_PUBKEY
910functions process an EC public key using an
911.Vt EC_KEY
912structure.
913.Pp
914The
915.Sy X509
916functions process an X509 certificate using an
917.Vt X509
918structure.
919They will also process a trusted X509 certificate but any trust settings
920are discarded.
921.Pp
922The
923.Sy X509_AUX
924functions process a trusted X509 certificate using an
925.Vt X509
926structure.
927The
928.Xr X509_check_trust 3
929manual explains how the auxiliary trust information is used.
930.Pp
931The
932.Sy X509_REQ
933and
934.Sy X509_REQ_NEW
935functions process a PKCS#10 certificate request using an
936.Vt X509_REQ
937structure.
938The
939.Sy X509_REQ
940write functions use CERTIFICATE REQUEST in the header whereas the
941.Sy X509_REQ_NEW
942functions use NEW CERTIFICATE REQUEST (as required by some CAs).
943The
944.Sy X509_REQ
945read functions will handle either form so there are no
946.Sy X509_REQ_NEW
947read functions.
948.Pp
949The
950.Sy X509_CRL
951functions process an X509 CRL using an
952.Vt X509_CRL
953structure.
954.Pp
955The
956.Sy PKCS7
957functions process a PKCS#7
958.Vt ContentInfo
959using a
960.Vt PKCS7
961structure.
962.Pp
963The
964.Sy NETSCAPE_CERT_SEQUENCE
965functions process a Netscape Certificate Sequence using a
966.Vt NETSCAPE_CERT_SEQUENCE
967structure.
968.Pp
969The
970.Sy CMS
971functions process a
972.Vt CMS_ContentInfo
973structure.
974.Pp
975The old
976.Sy PrivateKey
977write routines are retained for compatibility.
978New applications should write private keys using the
979.Fn PEM_write_bio_PKCS8PrivateKey
980or
981.Fn PEM_write_PKCS8PrivateKey
982routines because they are more secure (they use an iteration count of
9832048 whereas the traditional routines use a count of 1) unless
984compatibility with older versions of OpenSSL is important.
985.Pp
986The
987.Sy PrivateKey
988read routines can be used in all applications because they handle all
989formats transparently.
990.Ss PEM function arguments
991The PEM functions have many common arguments.
992.Pp
993The
994.Fa bp
995parameter specifies the
996.Vt BIO
997to read from or write to.
998.Pp
999The
1000.Fa fp
1001parameter specifies the
1002.Vt FILE
1003pointer to read from or write to.
1004.Pp
1005The PEM read functions all take a pointer to pointer argument
1006.Fa x
1007and return a pointer of the same type.
1008If
1009.Fa x
1010is
1011.Dv NULL ,
1012then the parameter is ignored.
1013If
1014.Fa x
1015is not
1016.Dv NULL
1017but
1018.Pf * Fa x
1019is
1020.Dv NULL ,
1021then the structure returned will be written to
1022.Pf * Fa x .
1023If neither
1024.Fa x
1025nor
1026.Pf * Fa x
1027are
1028.Dv NULL ,
1029then an attempt is made to reuse the structure at
1030.Pf * Fa x ,
1031but see the
1032.Sx BUGS
1033and
1034.Sx EXAMPLES
1035sections.
1036Irrespective of the value of
1037.Fa x ,
1038a pointer to the structure is always returned, or
1039.Dv NULL
1040if an error occurred.
1041.Pp
1042The PEM functions which write private keys take an
1043.Fa enc
1044parameter, which specifies the encryption algorithm to use.
1045Encryption is done at the PEM level.
1046If this parameter is set to
1047.Dv NULL ,
1048then the private key is written in unencrypted form.
1049.Pp
1050The optional arguments
1051.Fa u
1052and
1053.Fa cb
1054are a passphrase used for encrypting a PEM structure
1055or a callback to obtain the passphrase; see
1056.Xr pem_password_cb 3
1057for details.
1058.Pp
1059For the PEM write routines, if the
1060.Fa kstr
1061parameter is not
1062.Dv NULL ,
1063then
1064.Fa klen
1065bytes at
1066.Fa kstr
1067are used as the passphrase and
1068.Fa cb
1069is ignored.
1070.Ss PEM encryption format
1071This old
1072.Sy PrivateKey
1073routines use a non-standard technique for encryption.
1074.Pp
1075The private key (or other data) takes the following form:
1076.Bd -literal -offset indent
1077-----BEGIN RSA PRIVATE KEY-----
1078Proc-Type: 4,ENCRYPTED
1079DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
1080
1081\&...base64 encoded data...
1082-----END RSA PRIVATE KEY-----
1083.Ed
1084.Pp
1085The line beginning with
1086.Dq DEK-Info
1087contains two comma separated pieces of information:
1088the encryption algorithm name as used by
1089.Xr EVP_get_cipherbyname 3
1090and an 8-byte salt encoded as a set of hexadecimal digits.
1091.Pp
1092After this is the base64-encoded encrypted data.
1093.Pp
1094The encryption key is determined using
1095.Xr EVP_BytesToKey 3 ,
1096using the salt and an iteration count of 1.
1097The IV used is the value of the salt and *not* the IV returned by
1098.Xr EVP_BytesToKey 3 .
1099.Sh RETURN VALUES
1100The read routines return either a pointer to the structure read or
1101.Dv NULL
1102if an error occurred.
1103.Pp
1104The write routines return 1 for success or 0 for failure.
1105.Sh EXAMPLES
1106Although the PEM routines take several arguments, in almost all
1107applications most of them are set to 0 or
1108.Dv NULL .
1109.Pp
1110Read a certificate in PEM format from a
1111.Vt BIO :
1112.Bd -literal -offset indent
1113X509 *x;
1114x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1115if (x == NULL) {
1116	/* Error */
1117}
1118.Ed
1119.Pp
1120Alternative method:
1121.Bd -literal -offset indent
1122X509 *x = NULL;
1123if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
1124	/* Error */
1125}
1126.Ed
1127.Pp
1128Write a certificate to a
1129.Vt BIO :
1130.Bd -literal -offset indent
1131if (!PEM_write_bio_X509(bp, x)) {
1132	/* Error */
1133}
1134.Ed
1135.Pp
1136Write an unencrypted private key to a
1137.Vt FILE :
1138.Bd -literal -offset indent
1139if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
1140	/* Error */
1141}
1142.Ed
1143.Pp
1144Write a private key (using traditional format) to a
1145.Vt BIO
1146using triple DES encryption; the pass phrase is prompted for:
1147.Bd -literal -offset indent
1148if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
1149    NULL, 0, 0, NULL)) {
1150	/* Error */
1151}
1152.Ed
1153.Pp
1154Write a private key (using PKCS#8 format) to a
1155.Vt BIO
1156using triple DES encryption, using the pass phrase "hello":
1157.Bd -literal -offset indent
1158if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
1159    NULL, 0, 0, "hello")) {
1160	/* Error */
1161}
1162.Ed
1163.Pp
1164Read a private key from a
1165.Vt BIO
1166using the pass phrase "hello":
1167.Bd -literal -offset indent
1168key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
1169if (key == NULL) {
1170	/* Error */
1171}
1172.Ed
1173.Pp
1174Read a private key from a
1175.Vt BIO
1176using a pass phrase callback:
1177.Bd -literal -offset indent
1178key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
1179if (key == NULL) {
1180	/* Error */
1181}
1182.Ed
1183.Pp
1184Skeleton pass phrase callback:
1185.Bd -literal -offset indent
1186int
1187pass_cb(char *buf, int size, int rwflag, void *u)
1188{
1189	char	*tmp;
1190	size_t	 len;
1191
1192	/* We'd probably do something else if 'rwflag' is 1 */
1193	printf("Enter pass phrase for \e"%s\e"\en", u);
1194
1195	/*
1196	 * Instead of the following line, get the passphrase
1197	 * from the user in some way.
1198	 */
1199	tmp = "hello";
1200	if (tmp == NULL) /* An error occurred. */
1201		return -1;
1202
1203	len = strlen(tmp);
1204	if (len == 0) /* Treat an empty passphrase as an error, too. */
1205		return -1;
1206
1207	/* if too long, truncate */
1208	if (len > size)
1209		len = size;
1210	memcpy(buf, tmp, len);
1211	return len;
1212}
1213.Ed
1214.Sh SEE ALSO
1215.Xr BIO_new 3 ,
1216.Xr DSA_new 3 ,
1217.Xr PEM_ASN1_read 3 ,
1218.Xr PEM_bytes_read_bio 3 ,
1219.Xr PEM_read 3 ,
1220.Xr PEM_read_SSL_SESSION 3 ,
1221.Xr PEM_write_bio_CMS_stream 3 ,
1222.Xr PEM_write_bio_PKCS7_stream 3 ,
1223.Xr PEM_X509_INFO_read 3 ,
1224.Xr RSA_new 3 ,
1225.Xr X509_CRL_new 3 ,
1226.Xr X509_REQ_new 3 ,
1227.Xr X509_SIG_new 3
1228.Sh HISTORY
1229.Fn PEM_read_X509
1230and
1231.Fn PEM_write_X509
1232appeared in SSLeay 0.4 or earlier.
1233.Fn PEM_read_X509_REQ ,
1234.Fn PEM_write_X509_REQ ,
1235.Fn PEM_read_X509_CRL ,
1236and
1237.Fn PEM_write_X509_CRL
1238first appeared in SSLeay 0.4.4.
1239.Fn PEM_read_RSAPrivateKey ,
1240.Fn PEM_write_RSAPrivateKey ,
1241.Fn PEM_read_DHparams ,
1242.Fn PEM_write_DHparams ,
1243.Fn PEM_read_PKCS7 ,
1244and
1245.Fn PEM_write_PKCS7
1246first appeared in SSLeay 0.5.1.
1247.Fn PEM_read_bio_PrivateKey ,
1248.Fn PEM_read_PrivateKey ,
1249.Fn PEM_read_bio_RSAPrivateKey ,
1250.Fn PEM_write_bio_RSAPrivateKey ,
1251.Fn PEM_read_bio_DSAPrivateKey ,
1252.Fn PEM_read_DSAPrivateKey ,
1253.Fn PEM_write_bio_DSAPrivateKey ,
1254.Fn PEM_write_DSAPrivateKey ,
1255.Fn PEM_read_bio_DHparams ,
1256.Fn PEM_write_bio_DHparams ,
1257.Fn PEM_read_bio_X509 ,
1258.Fn PEM_write_bio_X509 ,
1259.Fn PEM_read_bio_X509_REQ ,
1260.Fn PEM_write_bio_X509_REQ ,
1261.Fn PEM_read_bio_X509_CRL ,
1262.Fn PEM_write_bio_X509_CRL ,
1263.Fn PEM_read_bio_PKCS7 ,
1264and
1265.Fn PEM_write_bio_PKCS7
1266first appeared in SSLeay 0.6.0.
1267.Fn PEM_write_bio_PrivateKey ,
1268.Fn PEM_write_PrivateKey ,
1269.Fn PEM_read_bio_DSAparams ,
1270.Fn PEM_read_DSAparams ,
1271.Fn PEM_write_bio_DSAparams ,
1272and
1273.Fn PEM_write_DSAparams
1274first appeared in SSLeay 0.8.0.
1275.Fn PEM_read_bio_RSAPublicKey ,
1276.Fn PEM_read_RSAPublicKey ,
1277.Fn PEM_write_bio_RSAPublicKey ,
1278and
1279.Fn PEM_write_RSAPublicKey
1280first appeared in SSLeay 0.8.1.
1281All these functions have been available since
1282.Ox 2.4 .
1283.Pp
1284.Fn PEM_write_bio_PKCS8PrivateKey ,
1285.Fn PEM_write_PKCS8PrivateKey ,
1286.Fn PEM_read_bio_PKCS8 ,
1287.Fn PEM_read_PKCS8 ,
1288.Fn PEM_write_bio_PKCS8 ,
1289.Fn PEM_write_PKCS8 ,
1290.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
1291.Fn PEM_read_PKCS8_PRIV_KEY_INFO ,
1292.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
1293.Fn PEM_write_PKCS8_PRIV_KEY_INFO ,
1294.Fn PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
1295.Fn PEM_read_NETSCAPE_CERT_SEQUENCE ,
1296.Fn PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
1297and
1298.Fn PEM_write_NETSCAPE_CERT_SEQUENCE
1299first appeared in OpenSSL 0.9.4 and have been available since
1300.Ox 2.6 .
1301.Pp
1302.Fn PEM_write_bio_PKCS8PrivateKey_nid ,
1303.Fn PEM_write_PKCS8PrivateKey_nid ,
1304.Fn PEM_read_bio_PUBKEY ,
1305.Fn PEM_read_PUBKEY ,
1306.Fn PEM_write_bio_PUBKEY ,
1307.Fn PEM_write_PUBKEY ,
1308.Fn PEM_read_bio_RSA_PUBKEY ,
1309.Fn PEM_read_RSA_PUBKEY ,
1310.Fn PEM_write_bio_RSA_PUBKEY ,
1311.Fn PEM_write_RSA_PUBKEY ,
1312.Fn PEM_read_bio_DSA_PUBKEY ,
1313.Fn PEM_read_DSA_PUBKEY ,
1314.Fn PEM_write_bio_DSA_PUBKEY ,
1315.Fn PEM_write_DSA_PUBKEY ,
1316.Fn PEM_write_bio_X509_REQ_NEW ,
1317.Fn PEM_write_X509_REQ_NEW ,
1318.Fn PEM_read_bio_X509_AUX ,
1319.Fn PEM_read_X509_AUX ,
1320.Fn PEM_write_bio_X509_AUX ,
1321and
1322.Fn PEM_write_X509_AUX
1323first appeared in OpenSSL 0.9.5 and have been available since
1324.Ox 2.7 .
1325.Pp
1326.Fn PEM_read_bio_ECPKParameters ,
1327.Fn PEM_read_ECPKParameters ,
1328.Fn PEM_write_bio_ECPKParameters ,
1329.Fn PEM_write_ECPKParameters ,
1330.Fn PEM_read_bio_ECPrivateKey ,
1331.Fn PEM_read_ECPrivateKey ,
1332.Fn PEM_write_bio_ECPrivateKey ,
1333.Fn PEM_write_ECPrivateKey ,
1334.Fn PEM_read_bio_EC_PUBKEY ,
1335.Fn PEM_read_EC_PUBKEY ,
1336.Fn PEM_write_bio_EC_PUBKEY ,
1337and
1338.Fn PEM_write_EC_PUBKEY
1339first appeared in OpenSSL 0.9.8 and have been available since
1340.Ox 4.5 .
1341.Pp
1342.Fn PEM_read_CMS ,
1343.Fn PEM_read_bio_CMS ,
1344.Fn PEM_write_CMS ,
1345and
1346.Fn PEM_write_bio_CMS
1347first appeared in OpenSSL 0.9.8h and have been available since
1348.Ox 6.7 .
1349.Sh CAVEATS
1350A frequent cause of problems is attempting to use the PEM routines like
1351this:
1352.Bd -literal -offset indent
1353X509 *x;
1354PEM_read_bio_X509(bp, &x, 0, NULL);
1355.Ed
1356.Pp
1357This is a bug because an attempt will be made to reuse the data at
1358.Fa x ,
1359which is an uninitialised pointer.
1360.Pp
1361These functions make no assumption regarding the pass phrase received
1362from the password callback.
1363It will simply be treated as a byte sequence.
1364.Sh BUGS
1365The PEM read routines in some versions of OpenSSL will not correctly
1366reuse an existing structure.
1367Therefore
1368.Pp
1369.Dl PEM_read_bio_X509(bp, &x, 0, NULL);
1370.Pp
1371where
1372.Fa x
1373already contains a valid certificate may not work, whereas
1374.Bd -literal -offset indent
1375X509_free(x);
1376x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1377.Ed
1378.Pp
1379is guaranteed to work.
1380