233069f8db
Add function to retrieve the signature from a CMS_SignerInfo structure: applications can then read or modify it. (cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
81 lines
2.9 KiB
Text
81 lines
2.9 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions.
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/cms.h>
|
|
|
|
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
|
|
|
|
int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
|
|
ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
|
|
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
|
|
void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures
|
|
associated with a CMS signedData structure.
|
|
|
|
CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier
|
|
associated with a specific CMS_SignerInfo structure B<si>. Either the
|
|
keyidentifier will be set in B<keyid> or B<both> issuer name and serial number
|
|
in B<issuer> and B<sno>.
|
|
|
|
CMS_SignerInfo_get0_signature() retrieves the signature associated with
|
|
B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned
|
|
corresponds to the internal signature value if B<si> so it may be read or
|
|
modified.
|
|
|
|
CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer
|
|
identifier B<si>. It returns zero if the comparison is successful and non zero
|
|
if not.
|
|
|
|
CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B<si> to
|
|
B<signer>.
|
|
|
|
=head1 NOTES
|
|
|
|
The main purpose of these functions is to enable an application to lookup
|
|
signers certificates using any appropriate technique when the simpler method
|
|
of CMS_verify() is not appropriate.
|
|
|
|
In typical usage and application will retrieve all CMS_SignerInfo structures
|
|
using CMS_get0_SignerInfo() and retrieve the identifier information using
|
|
CMS. It will then obtain the signer certificate by some unspecified means
|
|
(or return and error if it cannot be found) and set it using
|
|
CMS_SignerInfo_set1_signer_cert().
|
|
|
|
Once all signer certificates have been set CMS_verify() can be used.
|
|
|
|
Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if
|
|
there are no signers this is not a problem in practice because the only
|
|
error which can occur is if the B<cms> structure is not of type signedData
|
|
due to application error.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there
|
|
are no signers or an error occurs.
|
|
|
|
CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure.
|
|
|
|
CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non
|
|
zero otherwise.
|
|
|
|
CMS_SignerInfo_set1_signer_cert() does not return a value.
|
|
|
|
Any error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
These functions were first was added to OpenSSL 0.9.8
|
|
|
|
=cut
|