From: Dr. Stephen Henson Date: Mon, 6 Jul 2015 13:17:49 +0000 (+0100) Subject: document -2 return value X-Git-Tag: OpenSSL_1_0_0t~30 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=18c5ead86e781ba27c9108ab1854f0b2843238ec;p=oweals%2Fopenssl.git document -2 return value Reviewed-by: Rich Salz (cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d) Conflicts: doc/crypto/X509_NAME_get_index_by_NID.pod --- diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index 3b1f9ff43b..3618b214f2 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B or B after B. B should initially be set to -1. If there are no more entries -1 is returned. +If B is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B. @@ -59,6 +60,10 @@ X509_NAME_get_index_by_OBJ() should be used followed by X509_NAME_get_entry() on any matching indices and then the various B utility functions on the result. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -91,6 +96,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries.