10Sduke=pod 216365Smullan 30Sduke=head1 NAME 40Sduke 50SdukeX509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, 60SdukeX509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, 70SdukeX509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, 80SdukeX509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility 90Sdukefunctions 100Sduke 110Sduke=head1 SYNOPSIS 120Sduke 130Sduke #include <openssl/x509.h> 140Sduke 150Sduke int X509_CRL_get0_by_serial(X509_CRL *crl, 160Sduke X509_REVOKED **ret, const ASN1_INTEGER *serial); 170Sduke int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); 180Sduke 192362Sohair STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); 202362Sohair 212362Sohair const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); 220Sduke const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); 230Sduke 240Sduke int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); 250Sduke int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); 2616365Smullan 270Sduke int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); 280Sduke 2911822Sdarcy int X509_CRL_sort(X509_CRL *crl); 3016365Smullan 3116365Smullan=head1 DESCRIPTION 320Sduke 330SdukeX509_CRL_get0_by_serial() attempts to find a revoked entry in I<crl> for 340Sdukeserial number I<serial>. If it is successful, it sets I<*ret> to the internal 350Sdukepointer of the matching entry. As a result, I<*ret> B<MUST NOT> be freed 360Sdukeafter the call. 370Sduke 380SdukeX509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it 390Sdukelooks for a revoked entry using the serial number of certificate I<x>. 400Sduke 410SdukeX509_CRL_get_REVOKED() returns an internal pointer to a STACK of all 420Sdukerevoked entries for I<crl>. 430Sduke 440SdukeX509_REVOKED_get0_serialNumber() returns an internal pointer to the 450Sdukeserial number of I<r>. 460Sduke 470SdukeX509_REVOKED_get0_revocationDate() returns an internal pointer to the 480Sdukerevocation date of I<r>. 490Sduke 500SdukeX509_REVOKED_set_serialNumber() sets the serial number of I<r> to I<serial>. 510SdukeThe supplied I<serial> pointer is not used internally so it should be 520Sdukefreed after use. 530Sduke 540SdukeX509_REVOKED_set_revocationDate() sets the revocation date of I<r> to 550SdukeI<tm>. The supplied I<tm> pointer is not used internally so it should be 560Sdukefreed after use. 570Sduke 580SdukeX509_CRL_add0_revoked() appends revoked entry I<rev> to CRL I<crl>. The 590Sdukepointer I<rev> is used internally so it B<MUST NOT> be freed after the call: 600Sdukeit is freed when the parent CRL is freed. 610Sduke 620SdukeX509_CRL_sort() sorts the revoked entries of I<crl> into ascending serial 630Sdukenumber order. 640Sduke 650Sduke=head1 NOTES 660Sduke 670SdukeApplications can determine the number of revoked entries returned by 680SdukeX509_CRL_get_REVOKED() using sk_X509_REVOKED_num() and examine each one 690Sdukein turn using sk_X509_REVOKED_value(). 700Sduke 710Sduke=head1 RETURN VALUES 720Sduke 730SdukeX509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure, 740Sduke1 on success except if the revoked entry has the reason C<removeFromCRL> (8), 750Sdukein which case 2 is returned. 760Sduke 770SdukeX509_CRL_get_REVOKED() returns a STACK of revoked entries. 780Sduke 790SdukeX509_REVOKED_get0_serialNumber() returns an B<ASN1_INTEGER> structure. 800Sduke 810SdukeX509_REVOKED_get0_revocationDate() returns an B<ASN1_TIME> structure. 820Sduke 830SdukeX509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), 840SdukeX509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for 850Sdukefailure. 860Sduke 870Sduke=head1 SEE ALSO 880Sduke 890SdukeL<d2i_X509(3)>, 900SdukeL<ERR_get_error(3)>, 910SdukeL<X509_get0_signature(3)>, 920SdukeL<X509_get_ext_d2i(3)>, 930SdukeL<X509_get_extension_flags(3)>, 940SdukeL<X509_get_pubkey(3)>, 950SdukeL<X509_get_subject_name(3)>, 960SdukeL<X509_get_version(3)>, 970SdukeL<X509_NAME_add_entry_by_txt(3)>, 980SdukeL<X509_NAME_ENTRY_get_object(3)>, 990SdukeL<X509_NAME_get_index_by_NID(3)>, 1000SdukeL<X509_NAME_print_ex(3)>, 1010SdukeL<X509_new(3)>, 1020SdukeL<X509_sign(3)>, 1030SdukeL<X509V3_get_d2i(3)>, 1040SdukeL<X509_verify_cert(3)> 1050Sduke 1060Sduke=head1 COPYRIGHT 1070Sduke 1080SdukeCopyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 1090Sduke 1100SdukeLicensed under the Apache License 2.0 (the "License"). You may not use 1110Sdukethis file except in compliance with the License. You can obtain a copy 1120Sdukein the file LICENSE in the source distribution or at 1130SdukeL<https://www.openssl.org/source/license.html>. 1140Sduke 1150Sduke=cut 1160Sduke