Sortix
current nightly

Sortix nightly manual

This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.

NAME

X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_CRL_add0_revoked, X509_CRL_sortadd, sort, and retrieve CRL entries

SYNOPSIS

#include <openssl/x509.h>
int
X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial);
int
X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
STACK_OF(X509_REVOKED) *
X509_CRL_get_REVOKED(X509_CRL *crl);
int
X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
int
X509_CRL_sort(X509_CRL *crl);

DESCRIPTION

X509_CRL_get0_by_serial() attempts to find a revoked entry in crl for serial number serial. If it is successful, it sets *ret to the internal pointer of the matching entry. Consequently, *ret must not be freed up after the call.
X509_CRL_get0_by_cert() is similar to X509_CRL_get0_by_serial() except that it looks for a revoked entry using the serial number of certificate x.
X509_CRL_get_REVOKED() returns an internal pointer to a stack of all revoked entries for crl.
X509_CRL_add0_revoked() appends revoked entry rev to CRL crl. The pointer rev is used internally so it must not be freed up after the call: it is freed when the parent CRL is freed.
X509_CRL_sort() sorts the revoked entries of crl into ascending serial number order.
Applications can determine the number of revoked entries returned by X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one in turn using sk_X509_REVOKED_value(), both defined in <openssl/safestack.h>.

RETURN VALUES

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure or 1 for success, except if the revoked entry has the reason “removeFromCRL”, in which case 2 is returned.
The X509_CRL_add0_revoked() function returns 1 if successful; otherwise 0 is returned and an error code can be retrieved with ERR_get_error(3).
X509_CRL_sort() returns 1 for success or 0 for failure. The current implementation cannot fail.
X509_CRL_get_REVOKED() returns a STACK of revoked entries.

SEE ALSO

d2i_X509_CRL(3), X509_CRL_get_ext(3), X509_CRL_get_issuer(3), X509_CRL_get_version(3), X509_CRL_new(3), X509_REVOKED_new(3), X509V3_get_d2i(3)

HISTORY

X509_CRL_get_REVOKED() first appeared in OpenSSL 0.9.2b and has been available since OpenBSD 2.6.
X509_CRL_add0_revoked() and X509_CRL_sort() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.
X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.
Copyright 2011-2025 Jonas 'Sortie' Termansen and contributors.
Sortix's source code is free software under the ISC license. 		#sortix on irc.sortix.org
@sortix_org