1.\" $OpenBSD: X509_REVOKED_new.3,v 1.12 2021/07/19 13:16:43 schwarze Exp $
2.\" full merge up to:
3.\" OpenSSL man3/X509_CRL_get0_by_serial cdd6c8c5 Mar 20 12:29:37 2017 +0100
4.\"
5.\" This file is a derived work.
6.\" The changes are covered by the following Copyright and license:
7.\"
8.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
9.\"
10.\" Permission to use, copy, modify, and distribute this software for any
11.\" purpose with or without fee is hereby granted, provided that the above
12.\" copyright notice and this permission notice appear in all copies.
13.\"
14.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21.\"
22.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
23.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
24.\"
25.\" Redistribution and use in source and binary forms, with or without
26.\" modification, are permitted provided that the following conditions
27.\" are met:
28.\"
29.\" 1. Redistributions of source code must retain the above copyright
30.\"    notice, this list of conditions and the following disclaimer.
31.\"
32.\" 2. Redistributions in binary form must reproduce the above copyright
33.\"    notice, this list of conditions and the following disclaimer in
34.\"    the documentation and/or other materials provided with the
35.\"    distribution.
36.\"
37.\" 3. All advertising materials mentioning features or use of this
38.\"    software must display the following acknowledgment:
39.\"    "This product includes software developed by the OpenSSL Project
40.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
41.\"
42.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43.\"    endorse or promote products derived from this software without
44.\"    prior written permission. For written permission, please contact
45.\"    openssl-core@openssl.org.
46.\"
47.\" 5. Products derived from this software may not be called "OpenSSL"
48.\"    nor may "OpenSSL" appear in their names without prior written
49.\"    permission of the OpenSSL Project.
50.\"
51.\" 6. Redistributions of any form whatsoever must retain the following
52.\"    acknowledgment:
53.\"    "This product includes software developed by the OpenSSL Project
54.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
55.\"
56.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
60.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68.\"
69.Dd $Mdocdate: July 19 2021 $
70.Dt X509_REVOKED_NEW 3
71.Os
72.Sh NAME
73.Nm X509_REVOKED_new ,
74.Nm X509_REVOKED_dup ,
75.Nm X509_REVOKED_free ,
76.Nm X509_REVOKED_get0_serialNumber ,
77.Nm X509_REVOKED_get0_revocationDate ,
78.Nm X509_REVOKED_set_serialNumber ,
79.Nm X509_REVOKED_set_revocationDate
80.Nd create, change, and inspect an X.509 CRL revoked entry
81.Sh SYNOPSIS
82.In openssl/x509.h
83.Ft X509_REVOKED *
84.Fn X509_REVOKED_new void
85.Ft X509_REVOKED *
86.Fo X509_REVOKED_dup
87.Fa "X509_REVOKED *r"
88.Fc
89.Ft void
90.Fn X509_REVOKED_free "X509_REVOKED *r"
91.Ft const ASN1_INTEGER *
92.Fo X509_REVOKED_get0_serialNumber
93.Fa "const X509_REVOKED *r"
94.Fc
95.Ft const ASN1_TIME *
96.Fo X509_REVOKED_get0_revocationDate
97.Fa "const X509_REVOKED *r"
98.Fc
99.Ft int
100.Fo X509_REVOKED_set_serialNumber
101.Fa "X509_REVOKED *r"
102.Fa "ASN1_INTEGER *serial"
103.Fc
104.Ft int
105.Fo X509_REVOKED_set_revocationDate
106.Fa "X509_REVOKED *r"
107.Fa "ASN1_TIME *tm"
108.Fc
109.Sh DESCRIPTION
110.Fn X509_REVOKED_new
111allocates and initializes an empty
112.Vt X509_REVOKED
113object, representing one of the elements of
114the revokedCertificates field of the ASN.1
115.Vt TBSCertList
116structure defined in RFC 5280 section 5.1.
117It is used by
118.Vt X509_CRL
119objects and can hold information about one revoked certificate
120including issuer names, serial number, revocation date, and revocation
121reason.
122.Pp
123.Fn X509_REVOKED_dup
124creates a deep copy of
125.Fa r .
126.Pp
127.Fn X509_REVOKED_free
128frees
129.Fa r .
130.Pp
131.Fn X509_REVOKED_set_serialNumber
132sets the serial number of
133.Fa r
134to
135.Fa serial .
136The supplied
137.Fa serial
138pointer is not used internally so it should be freed up after use.
139.Pp
140.Fn X509_REVOKED_set_revocationDate
141sets the revocation date of
142.Fa r
143to
144.Fa tm .
145The supplied
146.Fa tm
147pointer is not used internally so it should be freed up after use.
148.Sh RETURN VALUES
149The
150.Fn X509_REVOKED_new
151function returns the new
152.Vt X509_REVOKED
153object if successful; otherwise
154.Dv NULL
155is returned and an error code can be retrieved with
156.Xr ERR_get_error 3 .
157.Pp
158.Fn X509_REVOKED_dup
159return the new
160.Vt X509_REVOKED
161object or
162.Dv NULL
163if an error occurs.
164In some cases of failure, the reason can be determined with
165.Xr ERR_get_error 3 .
166.Pp
167.Fn X509_REVOKED_get0_serialNumber
168returns an internal pointer to the serial number of
169.Fa r .
170.Pp
171.Fn X509_REVOKED_get0_revocationDate
172returns an internal pointer to the revocation date of
173.Fa r .
174.Pp
175.Fn X509_REVOKED_set_serialNumber
176and
177.Fn X509_REVOKED_set_revocationDate
178return 1 for success or 0 for failure.
179In some cases of failure, the reason can be determined with
180.Xr ERR_get_error 3 .
181.Sh SEE ALSO
182.Xr d2i_X509_CRL 3 ,
183.Xr PEM_read_X509_CRL 3 ,
184.Xr X509_CRL_get0_by_serial 3 ,
185.Xr X509_CRL_new 3 ,
186.Xr X509_CRL_print 3 ,
187.Xr X509_EXTENSION_new 3 ,
188.Xr X509_REVOKED_get_ext 3 ,
189.Xr X509_REVOKED_get_ext_d2i 3
190.Sh STANDARDS
191RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
192Certificate Revocation List (CRL) Profile, section 5.1: CRL Fields
193.Sh HISTORY
194.Fn X509_REVOKED_new
195and
196.Fn X509_REVOKED_free
197first appeared in SSLeay 0.4.4 and have been available since
198.Ox 2.4 .
199.Pp
200.Fn X509_REVOKED_set_serialNumber
201and
202.Fn X509_REVOKED_set_revocationDate
203first appeared in OpenSSL 0.9.7 and have been available since
204.Ox 3.2 .
205.Pp
206.Fn X509_REVOKED_dup
207first appeared in OpenSSL 1.0.2.
208.Fn X509_REVOKED_get0_serialNumber
209and
210.Fn X509_REVOKED_get0_revocationDate
211first appeared in OpenSSL 1.1.0.
212These functions have been available since
213.Ox 6.3 .
214