4 files changed, 287 insertions, 5 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 231e39aa27..7a1747f291 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.180 2021/07/12 14:54:00 schwarze Exp $
+# $OpenBSD: Makefile,v 1.181 2021/07/12 15:56:54 schwarze Exp $
 .include <bsd.own.mk>
@@ -321,6 +321,7 @@ MAN=	\
        X509_get1_email.3 \
        X509_keyid_set1.3 \
        X509_new.3 \
+        X509_print_ex.3 \
        X509_sign.3 \
        X509_signature_dump.3 \
        X509_verify_cert.3 \
diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3
index 94fae2a49d..9b87aaa77b 100644
--- a/src/lib/libcrypto/man/X509_CINF_new.3
+++ b/src/lib/libcrypto/man/X509_CINF_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_CINF_new.3,v 1.8 2021/07/09 12:07:27 schwarze Exp $
+.\"     $OpenBSD: X509_CINF_new.3,v 1.9 2021/07/12 15:56:54 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 9 2021 $
+.Dd $Mdocdate: July 12 2021 $
 .Dt X509_CINF_NEW 3
 .Os
 .Sh NAME
@@ -95,6 +95,7 @@ if an error occurs.
 .Sh SEE ALSO
 .Xr d2i_X509_CINF 3 ,
 .Xr X509_add1_trust_object 3 ,
+.Xr X509_CERT_AUX_print 3 ,
 .Xr X509_keyid_set1 3 ,
 .Xr X509_new 3
 .Sh STANDARDS
diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3
index ea097bc866..8a38cf5b72 100644
--- a/src/lib/libcrypto/man/X509_new.3
+++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_new.3,v 1.23 2021/07/04 12:56:27 schwarze Exp $
+.\" $OpenBSD: X509_new.3,v 1.24 2021/07/12 15:56:54 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 4 2021 $
+.Dd $Mdocdate: July 12 2021 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
@@ -192,6 +192,7 @@ if an error occurs.
 .Xr X509_get_version 3 ,
 .Xr X509_INFO_new 3 ,
 .Xr X509_NAME_new 3 ,
+.Xr X509_print_ex 3 ,
 .Xr X509_PUBKEY_new 3 ,
 .Xr X509_REQ_new 3 ,
 .Xr X509_SIG_new 3 ,
diff --git a/src/lib/libcrypto/man/X509_print_ex.3 b/src/lib/libcrypto/man/X509_print_ex.3
new file mode 100644
index 0000000000..19373e0754
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_print_ex.3
@@ -0,0 +1,279 @@
+.\" $OpenBSD: X509_print_ex.3,v 1.1 2021/07/12 15:56:54 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 12 2021 $
+.Dt X509_PRINT_EX 3
+.Os
+.Sh NAME
+.Nm X509_print_ex ,
+.Nm X509_CERT_AUX_print ,
+.Nm X509_print_ex_fp ,
+.Nm X509_print ,
+.Nm X509_print_fp
+.Nd pretty-print an X.509 certificate
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo X509_print_ex
+.Fa "BIO *bio"
+.Fa "X509 *x"
+.Fa "unsigned long nameflags"
+.Fa "unsigned long skipflags"
+.Fc
+.Ft int
+.Fo X509_CERT_AUX_print
+.Fa "BIO *bio"
+.Fa "X509_CERT_AUX *aux"
+.Fa "int indent"
+.Fc
+.Ft int
+.Fo X509_print_ex_fp
+.Fa "FILE *fp"
+.Fa "X509 *x"
+.Fa "unsigned long nameflags"
+.Fa "unsigned long skipflags"
+.Fc
+.Ft int
+.Fo X509_print
+.Fa "BIO *bio"
+.Fa "X509 *x"
+.Fc
+.Ft int
+.Fo X509_print_fp
+.Fa "FILE *fp"
+.Fa "X509 *x"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_print_ex
+prints information contained in
+.Fa x
+to
+.Fa bio
+in human-readable form.
+Printing is aborted as soon as any operation fails, with the exception
+that failures while attempting to decode or print the public key,
+the X.509 version 3 extensions, or non-standard auxiliary data are
+not considered as errors.
+.Pp
+By default, the following blocks of information are printed
+in the following order.
+Each block can be skipped by setting the corresponding bit in
+.Fa skipflags ,
+provided in parentheses after each block description.
+.Bl -bullet
+.It
+A pair of lines reading
+.Qq Certificate:\&
+and
+.Qq Data:\&
+containing no information.
+.Pq Dv X509_FLAG_NO_HEADER
+.It
+The certificate version number as defined by the standard,
+followed in parentheses by the value contained in the version field
+in hexadecimal notation.
+See
+.Xr X509_get_version 3
+for details.
+.Pq Dv X509_FLAG_NO_VERSION
+.It
+The serial number of the certificate as returned by
+.Xr X509_get_serialNumber 3 .
+If it is not \-1 and converting it to
+.Vt long
+succeeds, it is printed in both decimal and hexadecimal format.
+If it is \-1, too wide to fit in
+.Vt long ,
+or conversion fails, it is printed byte-by-byte in hexadecimal notation.
+.Pq Dv X509_FLAG_NO_SERIAL
+.It
+The name of the signature algorithm is printed with
+.Xr X509_signature_print 3 .
+.Pq Dv X509_FLAG_NO_SIGNAME
+.It
+The issuer name returned by
+.Xr X509_get_issuer_name 3
+is printed with
+.Xr X509_NAME_print_ex 3 .
+.Pq Dv X509_FLAG_NO_ISSUER
+.It
+The validity period from
+.Xr X509_get_notBefore 3
+to
+.Xr X509_get_notAfter 3
+is printed using
+.Xr ASN1_TIME_print 3 .
+.Pq Dv X509_FLAG_NO_VALIDITY
+.It
+The subject name returned from
+.Xr X509_get_subject_name 3
+is printed with
+.Xr X509_NAME_print_ex 3 .
+.Pq Dv X509_FLAG_NO_SUBJECT
+.It
+The public key algorithm is printed with
+.Xr i2a_ASN1_OBJECT 3 ,
+and the public key returned from
+.Xr X509_get_pubkey 3
+with
+.Xr EVP_PKEY_print_public 3 .
+.Pq Dv X509_FLAG_NO_PUBKEY
+.It
+All X.509 extensions contained in the certificate are printed with
+.Xr X509V3_extensions_print 3 .
+.Pq Dv X509_FLAG_NO_EXTENSIONS
+.It
+The signature is printed with
+.Xr X509_signature_print 3 .
+.Pq Dv X509_FLAG_NO_SIGDUMP
+.It
+Non-standard auxiliary data associated with the certificate is printed
+using the function
+.Fn X509_CERT_AUX_print
+documented below.
+.Pq Dv X509_FLAG_NO_AUX
+.El
+.Pp
+The
+.Fa nameflags
+argument modifies the format for printing X.501
+.Vt Name
+objects contained in
+.Fa x .
+It is passed through to
+.Xr X509_NAME_print_ex 3 .
+If
+.Fa nameflags
+is
+.Dv X509_FLAG_COMPAT ,
+the
+.Fa indent
+argument of
+.Xr X509_NAME_print_ex 3
+is set to 16 spaces and the traditional SSLeay format generated by
+.Xr X509_NAME_print 3
+is used.
+Otherwise, if the only bit set in
+.Dv XN_FLAG_SEP_MASK
+is
+.Dv XN_FLAG_SEP_MULTILINE ,
+.Fa indent
+is set to 12 spaces.
+Otherwise,
+.Fa indent
+is set to zero.
+.Pp
+.Fn X509_CERT_AUX_print
+prints information contained in
+.Fa aux
+to
+.Fa bio
+in human-readable form with a left margin of
+.Fa indent
+spaces.
+If
+.Fa aux
+is
+.Dv NULL ,
+it prints nothing.
+.Pp
+Information is printed in the following order:
+.Bl -bullet
+.It
+Purposes the certificate is intended to be used for as set with
+.Xr X509_add1_trust_object 3 ,
+each printed with
+.Xr OBJ_obj2txt 3 .
+.It
+Purposes the certificate is explicitly
+.Em not
+intended to be used for as set with
+.Xr X509_add1_reject_object 3 ,
+again each printed with
+.Xr OBJ_obj2txt 3 .
+.It
+If
+.Fa aux
+contains data set with
+.Xr X509_alias_set1 3 ,
+the raw bytes are printed in unencoded form.
+.It
+If
+.Fa aux
+contains data set with
+.Xr X509_keyid_set1 3 ,
+the bytes are printed in hexadecimal notation with colons in between.
+.El
+.Pp
+.Fn X509_print_ex_fp
+is similar to
+.Fn X509_print_ex
+except that it prints to
+.Fa fp .
+.Pp
+.Fn X509_print
+and
+.Fn X509_print_fp
+are wrapper functions setting the
+.Fa nameflags
+to
+.Dv XN_FLAG_COMPAT
+and the
+.Fa skipflags
+to
+.Dv X509_FLAG_COMPAT .
+.Sh RETURN VALUES
+.Fn X509_print_ex ,
+.Fn X509_print_ex_fp ,
+.Fn X509_print ,
+and
+.Fn X509_print_fp
+return 1 if all requested information was successfully printed,
+even if failures occured while attempting to decode or print the
+public key or X.509 version 3 extensions, or 0 if any other operation
+failed.
+.Pp
+.Fn X509_CERT_AUX_print
+always returns 1 and silently ignores write errors.
+.Sh SEE ALSO
+.Xr BIO_new 3 ,
+.Xr X509_CERT_AUX_new 3 ,
+.Xr X509_new 3
+.Sh HISTORY
+.Fn X509_print
+first appeared in SSLeay 0.5.1 and was changed to print to a
+.Vt BIO
+in SSLeay 0.6.0.
+.Fn X509_print_fp
+first appeared in SSLeay 0.6.0.
+Both functions have been available since
+.Ox 2.4 .
+.Pp
+.Fn X509_CERT_AUX_print
+first appeared in OpenSSL 0.9.5 and has been available since
+.Ox 2.7 .
+.Pp
+.Fn X509_print_ex
+and
+.Fn X509_print_ex_fp
+first appeared in OpenSSL 0.9.7 and have been available since
+.Ox 3.2 .
+.Sh BUGS
+If arbitrary data was stored into
+.Fa x
+using
+.Xr X509_alias_set1 3 ,
+these functions may print binary data and even NUL bytes.

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 231e39aa27..7a1747f291 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.180 2021/07/12 14:54:00 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.181 2021/07/12 15:56:54 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -321,6 +321,7 @@ MAN= \
321	X509_get1_email.3 \	321	X509_get1_email.3 \
322	X509_keyid_set1.3 \	322	X509_keyid_set1.3 \
323	X509_new.3 \	323	X509_new.3 \
		324	X509_print_ex.3 \
324	X509_sign.3 \	325	X509_sign.3 \
325	X509_signature_dump.3 \	326	X509_signature_dump.3 \
326	X509_verify_cert.3 \	327	X509_verify_cert.3 \


diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3 index 94fae2a49d..9b87aaa77b 100644 --- a/src/lib/libcrypto/man/X509_CINF_new.3 +++ b/src/lib/libcrypto/man/X509_CINF_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_CINF_new.3,v 1.8 2021/07/09 12:07:27 schwarze Exp $	1	.\" $OpenBSD: X509_CINF_new.3,v 1.9 2021/07/12 15:56:54 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 9 2021 $	17	.Dd $Mdocdate: July 12 2021 $
18	.Dt X509_CINF_NEW 3	18	.Dt X509_CINF_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -95,6 +95,7 @@ if an error occurs.
95	.Sh SEE ALSO	95	.Sh SEE ALSO
96	.Xr d2i_X509_CINF 3 ,	96	.Xr d2i_X509_CINF 3 ,
97	.Xr X509_add1_trust_object 3 ,	97	.Xr X509_add1_trust_object 3 ,
		98	.Xr X509_CERT_AUX_print 3 ,
98	.Xr X509_keyid_set1 3 ,	99	.Xr X509_keyid_set1 3 ,
99	.Xr X509_new 3	100	.Xr X509_new 3
100	.Sh STANDARDS	101	.Sh STANDARDS


diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 index ea097bc866..8a38cf5b72 100644 --- a/src/lib/libcrypto/man/X509_new.3 +++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_new.3,v 1.23 2021/07/04 12:56:27 schwarze Exp $	1	.\" $OpenBSD: X509_new.3,v 1.24 2021/07/12 15:56:54 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -66,7 +66,7 @@
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"	68	.\"
69	.Dd $Mdocdate: July 4 2021 $	69	.Dd $Mdocdate: July 12 2021 $
70	.Dt X509_NEW 3	70	.Dt X509_NEW 3
71	.Os	71	.Os
72	.Sh NAME	72	.Sh NAME
@@ -192,6 +192,7 @@ if an error occurs.
192	.Xr X509_get_version 3 ,	192	.Xr X509_get_version 3 ,
193	.Xr X509_INFO_new 3 ,	193	.Xr X509_INFO_new 3 ,
194	.Xr X509_NAME_new 3 ,	194	.Xr X509_NAME_new 3 ,
		195	.Xr X509_print_ex 3 ,
195	.Xr X509_PUBKEY_new 3 ,	196	.Xr X509_PUBKEY_new 3 ,
196	.Xr X509_REQ_new 3 ,	197	.Xr X509_REQ_new 3 ,
197	.Xr X509_SIG_new 3 ,	198	.Xr X509_SIG_new 3 ,


diff --git a/src/lib/libcrypto/man/X509_print_ex.3 b/src/lib/libcrypto/man/X509_print_ex.3 new file mode 100644 index 0000000000..19373e0754 --- /dev/null +++ b/src/lib/libcrypto/man/X509_print_ex.3
@@ -0,0 +1,279 @@
		1	.\" $OpenBSD: X509_print_ex.3,v 1.1 2021/07/12 15:56:54 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: July 12 2021 $
		18	.Dt X509_PRINT_EX 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509_print_ex ,
		22	.Nm X509_CERT_AUX_print ,
		23	.Nm X509_print_ex_fp ,
		24	.Nm X509_print ,
		25	.Nm X509_print_fp
		26	.Nd pretty-print an X.509 certificate
		27	.Sh SYNOPSIS
		28	.In openssl/x509.h
		29	.Ft int
		30	.Fo X509_print_ex
		31	.Fa "BIO *bio"
		32	.Fa "X509 *x"
		33	.Fa "unsigned long nameflags"
		34	.Fa "unsigned long skipflags"
		35	.Fc
		36	.Ft int
		37	.Fo X509_CERT_AUX_print
		38	.Fa "BIO *bio"
		39	.Fa "X509_CERT_AUX *aux"
		40	.Fa "int indent"
		41	.Fc
		42	.Ft int
		43	.Fo X509_print_ex_fp
		44	.Fa "FILE *fp"
		45	.Fa "X509 *x"
		46	.Fa "unsigned long nameflags"
		47	.Fa "unsigned long skipflags"
		48	.Fc
		49	.Ft int
		50	.Fo X509_print
		51	.Fa "BIO *bio"
		52	.Fa "X509 *x"
		53	.Fc
		54	.Ft int
		55	.Fo X509_print_fp
		56	.Fa "FILE *fp"
		57	.Fa "X509 *x"
		58	.Fc
		59	.Sh DESCRIPTION
		60	.Fn X509_print_ex
		61	prints information contained in
		62	.Fa x
		63	to
		64	.Fa bio
		65	in human-readable form.
		66	Printing is aborted as soon as any operation fails, with the exception
		67	that failures while attempting to decode or print the public key,
		68	the X.509 version 3 extensions, or non-standard auxiliary data are
		69	not considered as errors.
		70	.Pp
		71	By default, the following blocks of information are printed
		72	in the following order.
		73	Each block can be skipped by setting the corresponding bit in
		74	.Fa skipflags ,
		75	provided in parentheses after each block description.
		76	.Bl -bullet
		77	.It
		78	A pair of lines reading
		79	.Qq Certificate:\&
		80	and
		81	.Qq Data:\&
		82	containing no information.
		83	.Pq Dv X509_FLAG_NO_HEADER
		84	.It
		85	The certificate version number as defined by the standard,
		86	followed in parentheses by the value contained in the version field
		87	in hexadecimal notation.
		88	See
		89	.Xr X509_get_version 3
		90	for details.
		91	.Pq Dv X509_FLAG_NO_VERSION
		92	.It
		93	The serial number of the certificate as returned by
		94	.Xr X509_get_serialNumber 3 .
		95	If it is not \-1 and converting it to
		96	.Vt long
		97	succeeds, it is printed in both decimal and hexadecimal format.
		98	If it is \-1, too wide to fit in
		99	.Vt long ,
		100	or conversion fails, it is printed byte-by-byte in hexadecimal notation.
		101	.Pq Dv X509_FLAG_NO_SERIAL
		102	.It
		103	The name of the signature algorithm is printed with
		104	.Xr X509_signature_print 3 .
		105	.Pq Dv X509_FLAG_NO_SIGNAME
		106	.It
		107	The issuer name returned by
		108	.Xr X509_get_issuer_name 3
		109	is printed with
		110	.Xr X509_NAME_print_ex 3 .
		111	.Pq Dv X509_FLAG_NO_ISSUER
		112	.It
		113	The validity period from
		114	.Xr X509_get_notBefore 3
		115	to
		116	.Xr X509_get_notAfter 3
		117	is printed using
		118	.Xr ASN1_TIME_print 3 .
		119	.Pq Dv X509_FLAG_NO_VALIDITY
		120	.It
		121	The subject name returned from
		122	.Xr X509_get_subject_name 3
		123	is printed with
		124	.Xr X509_NAME_print_ex 3 .
		125	.Pq Dv X509_FLAG_NO_SUBJECT
		126	.It
		127	The public key algorithm is printed with
		128	.Xr i2a_ASN1_OBJECT 3 ,
		129	and the public key returned from
		130	.Xr X509_get_pubkey 3
		131	with
		132	.Xr EVP_PKEY_print_public 3 .
		133	.Pq Dv X509_FLAG_NO_PUBKEY
		134	.It
		135	All X.509 extensions contained in the certificate are printed with
		136	.Xr X509V3_extensions_print 3 .
		137	.Pq Dv X509_FLAG_NO_EXTENSIONS
		138	.It
		139	The signature is printed with
		140	.Xr X509_signature_print 3 .
		141	.Pq Dv X509_FLAG_NO_SIGDUMP
		142	.It
		143	Non-standard auxiliary data associated with the certificate is printed
		144	using the function
		145	.Fn X509_CERT_AUX_print
		146	documented below.
		147	.Pq Dv X509_FLAG_NO_AUX
		148	.El
		149	.Pp
		150	The
		151	.Fa nameflags
		152	argument modifies the format for printing X.501
		153	.Vt Name
		154	objects contained in
		155	.Fa x .
		156	It is passed through to
		157	.Xr X509_NAME_print_ex 3 .
		158	If
		159	.Fa nameflags
		160	is
		161	.Dv X509_FLAG_COMPAT ,
		162	the
		163	.Fa indent
		164	argument of
		165	.Xr X509_NAME_print_ex 3
		166	is set to 16 spaces and the traditional SSLeay format generated by
		167	.Xr X509_NAME_print 3
		168	is used.
		169	Otherwise, if the only bit set in
		170	.Dv XN_FLAG_SEP_MASK
		171	is
		172	.Dv XN_FLAG_SEP_MULTILINE ,
		173	.Fa indent
		174	is set to 12 spaces.
		175	Otherwise,
		176	.Fa indent
		177	is set to zero.
		178	.Pp
		179	.Fn X509_CERT_AUX_print
		180	prints information contained in
		181	.Fa aux
		182	to
		183	.Fa bio
		184	in human-readable form with a left margin of
		185	.Fa indent
		186	spaces.
		187	If
		188	.Fa aux
		189	is
		190	.Dv NULL ,
		191	it prints nothing.
		192	.Pp
		193	Information is printed in the following order:
		194	.Bl -bullet
		195	.It
		196	Purposes the certificate is intended to be used for as set with
		197	.Xr X509_add1_trust_object 3 ,
		198	each printed with
		199	.Xr OBJ_obj2txt 3 .
		200	.It
		201	Purposes the certificate is explicitly
		202	.Em not
		203	intended to be used for as set with
		204	.Xr X509_add1_reject_object 3 ,
		205	again each printed with
		206	.Xr OBJ_obj2txt 3 .
		207	.It
		208	If
		209	.Fa aux
		210	contains data set with
		211	.Xr X509_alias_set1 3 ,
		212	the raw bytes are printed in unencoded form.
		213	.It
		214	If
		215	.Fa aux
		216	contains data set with
		217	.Xr X509_keyid_set1 3 ,
		218	the bytes are printed in hexadecimal notation with colons in between.
		219	.El
		220	.Pp
		221	.Fn X509_print_ex_fp
		222	is similar to
		223	.Fn X509_print_ex
		224	except that it prints to
		225	.Fa fp .
		226	.Pp
		227	.Fn X509_print
		228	and
		229	.Fn X509_print_fp
		230	are wrapper functions setting the
		231	.Fa nameflags
		232	to
		233	.Dv XN_FLAG_COMPAT
		234	and the
		235	.Fa skipflags
		236	to
		237	.Dv X509_FLAG_COMPAT .
		238	.Sh RETURN VALUES
		239	.Fn X509_print_ex ,
		240	.Fn X509_print_ex_fp ,
		241	.Fn X509_print ,
		242	and
		243	.Fn X509_print_fp
		244	return 1 if all requested information was successfully printed,
		245	even if failures occured while attempting to decode or print the
		246	public key or X.509 version 3 extensions, or 0 if any other operation
		247	failed.
		248	.Pp
		249	.Fn X509_CERT_AUX_print
		250	always returns 1 and silently ignores write errors.
		251	.Sh SEE ALSO
		252	.Xr BIO_new 3 ,
		253	.Xr X509_CERT_AUX_new 3 ,
		254	.Xr X509_new 3
		255	.Sh HISTORY
		256	.Fn X509_print
		257	first appeared in SSLeay 0.5.1 and was changed to print to a
		258	.Vt BIO
		259	in SSLeay 0.6.0.
		260	.Fn X509_print_fp
		261	first appeared in SSLeay 0.6.0.
		262	Both functions have been available since
		263	.Ox 2.4 .
		264	.Pp
		265	.Fn X509_CERT_AUX_print
		266	first appeared in OpenSSL 0.9.5 and has been available since
		267	.Ox 2.7 .
		268	.Pp
		269	.Fn X509_print_ex
		270	and
		271	.Fn X509_print_ex_fp
		272	first appeared in OpenSSL 0.9.7 and have been available since
		273	.Ox 3.2 .
		274	.Sh BUGS
		275	If arbitrary data was stored into
		276	.Fa x
		277	using
		278	.Xr X509_alias_set1 3 ,
		279	these functions may print binary data and even NUL bytes.