diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/X509_cmp.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/X509_cmp.3 | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/secure/lib/libcrypto/man/man3/X509_cmp.3 b/secure/lib/libcrypto/man/man3/X509_cmp.3 index 73201c1169b7..20b8cec0f009 100644 --- a/secure/lib/libcrypto/man/man3/X509_cmp.3 +++ b/secure/lib/libcrypto/man/man3/X509_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CMP 3" -.TH X509_CMP 3 "2022-06-21" "1.1.1p" "OpenSSL" +.IX Title "X509_CMP 3ossl" +.TH X509_CMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values +X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +\&\- compare X509 certificates and related values .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -159,16 +160,20 @@ This set of functions are used to compare X509 objects, including X509 certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. .PP The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters -\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +\&\fIa\fR and \fIb\fR. The comparison is based on the \fBmemcmp\fR result of the hash values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. .PP The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by -parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of -the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) -has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +parameters \fIa\fR and \fIb\fR. The comparison is based on the \fBmemcmp\fR result of the +canonical (\s-1DER\s0) encoding values of the two objects using \fBi2d_X509_NAME\fR\|(3). +This procedure adheres to the matching rules for Distinguished Names (\s-1DN\s0) +given in \s-1RFC 4517\s0 section 4.2.15 and \s-1RFC 5280\s0 section 7.1. +In particular, the order of Relative Distinguished Names (RDNs) is relevant. +On the other hand, if an \s-1RDN\s0 is multi-valued, i.e., it contains a set of +AttributeValueAssertions (AVAs), its members are effectively not ordered. .PP The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer -values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +values in the given \fBX509\fR objects \fIa\fR and \fIb\fR. .PP The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare @@ -181,12 +186,12 @@ The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike of just the issuer name. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Like common memory comparison functions, the \fBX509\fR comparison functions return -an integer less than, equal to, or greater than zero if object \fBa\fR is found to -be less than, to match, or be greater than object \fBb\fR, respectively. +The \fBX509\fR comparison functions return \fB\-1\fR, \fB0\fR, or \fB1\fR if object \fIa\fR is +found to be less than, to match, or be greater than object \fIb\fR, respectively. .PP \&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, -\&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +\&\fBX509_subject_name_cmp()\fR, \fBX509_CRL_cmp()\fR, and \fBX509_CRL_match()\fR +may return \fB\-2\fR to indicate an error. .SH "NOTES" .IX Header "NOTES" These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do @@ -201,7 +206,7 @@ circumstances, which could cause confusion for the applications. \&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |