#include <openssl/x509.h> int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); int X509_issuer_name_cmp(const X509 *a, const X509 *b); int X509_subject_name_cmp(const X509 *a, const X509 *b); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
The X509_cmp() function compares two X509 objects indicated by parameters a and b. The comparison is based on the memcmp result of the hash values of two X509 objects and the canonical (DER) encoding values.
The X509_NAME_cmp() function compares two X509_NAME objects indicated by parameters a and b. The comparison is based on the memcmp result of the canonical (DER) encoding values of the two objects using i2d_X509_NAME(3). This procedure adheres to the matching rules for Distinguished Names (DN) given in RFC 4517 section 4.2.15 and RFC 5280 section 7.1. In particular, the order of Relative Distinguished Names (RDNs) is relevant. On the other hand, if an RDN is multi-valued, i.e., it contains a set of AttributeValueAssertions (AVAs), its members are effectively not ordered.
The X509_issuer_and_serial_cmp() function compares the serial number and issuer values in the given X509 objects a and b.
The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions are effectively wrappers of the X509_NAME_cmp() function. These functions compare issuer names and subject names of the objects, or issuers of X509_CRL objects, respectively.
The X509_CRL_match() function compares two X509_CRL objects. Unlike the X509_CRL_cmp() function, this function compares the whole CRL content instead of just the issuer name.
X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp(), X509_CRL_cmp(), and X509_CRL_match() may return -2 to indicate an error.
X509_NAME_cmp() and wrappers utilize the value -2 to indicate errors in some circumstances, which could cause confusion for the applications.
Licensed under the Apache License 2.0 (the ``License''). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.