1.\" $OpenBSD: X509_CRL_print.3,v 1.1 2021/07/19 13:16:43 schwarze Exp $ 2.\" 3.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: July 19 2021 $ 18.Dt X509_CRL_PRINT 3 19.Os 20.Sh NAME 21.Nm X509_CRL_print , 22.Nm X509_CRL_print_fp 23.Nd pretty-print a certificate revocation list 24.Sh SYNOPSIS 25.In openssl/x509.h 26.Ft int 27.Fo X509_CRL_print 28.Fa "BIO *bio" 29.Fa "X509_CRL *crl" 30.Fc 31.Ft int 32.Fo X509_CRL_print_fp 33.Fa "FILE *fp" 34.Fa "X509_CRL *crl" 35.Fc 36.Sh DESCRIPTION 37.Fn X509_CRL_print 38prints information contained in 39.Fa crl 40to 41.Fa bio 42in human-readable form, in the following order: 43.Bl -bullet 44.It 45The certificate revocation list version number as defined by 46the standard, followed in parentheses by the value contained 47in the version field in hexadecimal notation. 48See 49.Xr X509_CRL_get_version 3 50for details. 51.It 52The name of the signature algorithm is printed with 53.Xr X509_signature_print 3 . 54.It 55The issuer name as returned by 56.Xr X509_CRL_get_issuer 3 . 57.It 58The times of the last and next updates as returned by 59.Xr X509_CRL_get0_lastUpdate 3 60and 61.Xr X509_CRL_get0_nextUpdate 3 62are printed with 63.Xr ASN1_TIME_print 3 . 64.It 65All X.509 extensions directly contained 66in the certificate revocation list object 67.Fa crl 68are printed with 69.Xr X509V3_extensions_print 3 . 70.It 71Information about revoked certificates is retrieved with 72.Xr X509_CRL_get_REVOKED 3 , 73and for each revoked certificate, the following is printed: 74.Bl -bullet 75.It 76The serial number of the certificate is printed with 77.Xr i2a_ASN1_INTEGER 3 . 78.It 79The revocation date is printed with 80.Xr ASN1_TIME_print 3 . 81.It 82All X.509 extensions contained in the revocation entry are printed with 83.Xr X509V3_extensions_print 3 . 84.El 85.It 86The signature of 87.Fa crl 88is printed with 89.Xr X509_signature_print 3 . 90.El 91.Pp 92.Fn X509_CRL_print_fp 93is similar to 94.Fn X509_CRL_print 95except that it prints to 96.Fa fp . 97.Sh RETURN VALUES 98These functions are intended to return 1 for success and 0 for error. 99.Sh SEE ALSO 100.Xr BIO_new 3 , 101.Xr X509_CRL_new 3 , 102.Xr X509_print_ex 3 , 103.Xr X509_REVOKED_new 3 104.Sh HISTORY 105These functions first appeared in OpenSSL 0.9.2 and have been available since 106.Ox 2.6 . 107.Sh BUGS 108Most I/O errors are silently ignored. 109Even if the information printed is incomplete, these functions may 110return 1 anyway. 111.Pp 112If the version number is invalid, no information from the CRL is printed 113and the functions fail. 114