Adjust documentation to work without X509_LOOKUP_by_subject()

X509_LOOKUP_by_subject() was made internal a while back. Its documentation was very detailed, so this was a bit of a tangle to undo.
author: tb <> 2024-09-06 07:48:20 +0000
committer: tb <> 2024-09-06 07:48:20 +0000
commit: 1cf5f5e953944e829c982d02e497cddf8a7ed9c4 (patch)
tree: c421e0899c828f81aa5ae354a82b765955f0356f
parent: 899beb126a718caf4693f0bd0bd02572643faa3a (diff)
download: openbsd-1cf5f5e953944e829c982d02e497cddf8a7ed9c4.tar.gz
openbsd-1cf5f5e953944e829c982d02e497cddf8a7ed9c4.tar.bz2
openbsd-1cf5f5e953944e829c982d02e497cddf8a7ed9c4.zip
1 files changed, 5 insertions, 52 deletions
diff --git a/src/lib/libcrypto/man/X509_LOOKUP_new.3 b/src/lib/libcrypto/man/X509_LOOKUP_new.3
index 1cb1634046..559dbbb594 100644
--- a/src/lib/libcrypto/man/X509_LOOKUP_new.3
+++ b/src/lib/libcrypto/man/X509_LOOKUP_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_LOOKUP_new.3,v 1.11 2024/04/22 02:30:23 jsg Exp $
+.\" $OpenBSD: X509_LOOKUP_new.3,v 1.12 2024/09/06 07:48:20 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: April 22 2024 $
+.Dd $Mdocdate: September 6 2024 $
 .Dt X509_LOOKUP_NEW 3
 .Os
 .Sh NAME
@@ -131,8 +131,6 @@ This lookup method is peculiar in so far as calling
 on a lookup object using it does not yet add any certificates to the associated
 .Vt X509_STORE
 object.
-They need to be added selectively using
-.Fn X509_LOOKUP_by_subject .
 .It Xr X509_LOOKUP_file 3
 The
 .Fa command
@@ -238,19 +236,6 @@ always ignores the
 .Fa ret
 argument.
 .Pp
-With LibreSSL,
-.Fn X509_LOOKUP_by_subject
-is only useful if
-.Fa lookup
-uses
-.Xr X509_LOOKUP_hash_dir 3 .
-It passes the
-.Fa name
-to
-.Xr X509_NAME_hash 3
-and converts the resulting hash to an eight-digit lower-case
-hexadecimal number.
-.Pp
 If the
 .Fa type
 is
@@ -284,28 +269,6 @@ returns 1 for success or 0 for failure.
 With library implementations other than LibreSSL,
 it might also return \-1 for internal errors.
 .Pp
-.Fn X509_LOOKUP_by_subject
-returns 1 for success or 0 for failure.
-In particular, it fails if
-.Fa lookup
-uses
-.Xr X509_LOOKUP_file 3
-or
-.Xr X509_LOOKUP_mem 3 ,
-if
-.Fa name
-is
-.Dv NULL ,
-if
-.Fa type
-is neither
-.Dv X509_LU_X509
-nor
-.Dv X509_LU_CRL ,
-if no match is found, or if memory allocation fails.
-With library implementations other than LibreSSL,
-it might also return negative values for internal errors.
-.Pp
 .Fn X509_get_default_cert_dir
 returns a pointer to the constant string
 .Qq /etc/ssl/certs ,
@@ -355,8 +318,7 @@ failed in
 was called with an invalid
 .Fa type .
 .It Dv ERR_R_BUF_LIB Qq "BUF lib"
-Memory allocation failed in
+Memory allocation failed.
-.Fn X509_LOOKUP_by_subject .
 .It Dv X509_R_INVALID_DIRECTORY Qq "invalid directory"
 The
 .Fa source
@@ -390,10 +352,7 @@ was called with
 and adding the certificates and revocation lists failed.
 This error is added after and in addition to a more specific diagnostic.
 .It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure"
-Memory allocation failed in
+Memory allocation failed.
-.Fn X509_LOOKUP_ctrl
-or
-.Fn X509_LOOKUP_by_subject .
 .It Dv ERR_R_PEM_LIB Qq "PEM lib"
 .Xr PEM_X509_INFO_read_bio 3 ,
 .Xr PEM_read_bio_X509_AUX 3 ,
@@ -409,7 +368,7 @@ or
 failed in
 .Fn X509_LOOKUP_ctrl .
 .It Dv X509_R_WRONG_LOOKUP_TYPE Qq "wrong lookup type"
-.Fn X509_LOOKUP_by_subject
+.Xr X509_STORE_CTX_get_by_subject 3
 was called with an invalid
 .Fa type .
 .El
@@ -418,12 +377,6 @@ Passing an invalid
 .Fa command
 to
 .Fn X509_LOOKUP_ctrl
-or calling
-.Fn X509_LOOKUP_by_subject
-with a
-.Dv NULL
-.Fa name
-or with arguments that yield no match
 causes failure but provides no diagnostics.
 .Sh SEE ALSO
 .Xr d2i_X509_bio 3 ,
author	tb <>	2024-09-06 07:48:20 +0000
committer	tb <>	2024-09-06 07:48:20 +0000
commit	1cf5f5e953944e829c982d02e497cddf8a7ed9c4 (patch)
tree	c421e0899c828f81aa5ae354a82b765955f0356f
parent	899beb126a718caf4693f0bd0bd02572643faa3a (diff)
download	openbsd-1cf5f5e953944e829c982d02e497cddf8a7ed9c4.tar.gz openbsd-1cf5f5e953944e829c982d02e497cddf8a7ed9c4.tar.bz2 openbsd-1cf5f5e953944e829c982d02e497cddf8a7ed9c4.zip

diff --git a/src/lib/libcrypto/man/X509_LOOKUP_new.3 b/src/lib/libcrypto/man/X509_LOOKUP_new.3 index 1cb1634046..559dbbb594 100644 --- a/src/lib/libcrypto/man/X509_LOOKUP_new.3 +++ b/src/lib/libcrypto/man/X509_LOOKUP_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_LOOKUP_new.3,v 1.11 2024/04/22 02:30:23 jsg Exp $	1	.\" $OpenBSD: X509_LOOKUP_new.3,v 1.12 2024/09/06 07:48:20 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: April 22 2024 $	17	.Dd $Mdocdate: September 6 2024 $
18	.Dt X509_LOOKUP_NEW 3	18	.Dt X509_LOOKUP_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -131,8 +131,6 @@ This lookup method is peculiar in so far as calling
131	on a lookup object using it does not yet add any certificates to the associated	131	on a lookup object using it does not yet add any certificates to the associated
132	.Vt X509_STORE	132	.Vt X509_STORE
133	object.	133	object.
134	They need to be added selectively using
135	.Fn X509_LOOKUP_by_subject .
136	.It Xr X509_LOOKUP_file 3	134	.It Xr X509_LOOKUP_file 3
137	The	135	The
138	.Fa command	136	.Fa command
@@ -238,19 +236,6 @@ always ignores the
238	.Fa ret	236	.Fa ret
239	argument.	237	argument.
240	.Pp	238	.Pp
241	With LibreSSL,
242	.Fn X509_LOOKUP_by_subject
243	is only useful if
244	.Fa lookup
245	uses
246	.Xr X509_LOOKUP_hash_dir 3 .
247	It passes the
248	.Fa name
249	to
250	.Xr X509_NAME_hash 3
251	and converts the resulting hash to an eight-digit lower-case
252	hexadecimal number.
253	.Pp
254	If the	239	If the
255	.Fa type	240	.Fa type
256	is	241	is
@@ -284,28 +269,6 @@ returns 1 for success or 0 for failure.
284	With library implementations other than LibreSSL,	269	With library implementations other than LibreSSL,
285	it might also return \-1 for internal errors.	270	it might also return \-1 for internal errors.
286	.Pp	271	.Pp
287	.Fn X509_LOOKUP_by_subject
288	returns 1 for success or 0 for failure.
289	In particular, it fails if
290	.Fa lookup
291	uses
292	.Xr X509_LOOKUP_file 3
293	or
294	.Xr X509_LOOKUP_mem 3 ,
295	if
296	.Fa name
297	is
298	.Dv NULL ,
299	if
300	.Fa type
301	is neither
302	.Dv X509_LU_X509
303	nor
304	.Dv X509_LU_CRL ,
305	if no match is found, or if memory allocation fails.
306	With library implementations other than LibreSSL,
307	it might also return negative values for internal errors.
308	.Pp
309	.Fn X509_get_default_cert_dir	272	.Fn X509_get_default_cert_dir
310	returns a pointer to the constant string	273	returns a pointer to the constant string
311	.Qq /etc/ssl/certs ,	274	.Qq /etc/ssl/certs ,
@@ -355,8 +318,7 @@ failed in
355	was called with an invalid	318	was called with an invalid
356	.Fa type .	319	.Fa type .
357	.It Dv ERR_R_BUF_LIB Qq "BUF lib"	320	.It Dv ERR_R_BUF_LIB Qq "BUF lib"
358	Memory allocation failed in	321	Memory allocation failed.
359	.Fn X509_LOOKUP_by_subject .
360	.It Dv X509_R_INVALID_DIRECTORY Qq "invalid directory"	322	.It Dv X509_R_INVALID_DIRECTORY Qq "invalid directory"
361	The	323	The
362	.Fa source	324	.Fa source
@@ -390,10 +352,7 @@ was called with
390	and adding the certificates and revocation lists failed.	352	and adding the certificates and revocation lists failed.
391	This error is added after and in addition to a more specific diagnostic.	353	This error is added after and in addition to a more specific diagnostic.
392	.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure"	354	.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure"
393	Memory allocation failed in	355	Memory allocation failed.
394	.Fn X509_LOOKUP_ctrl
395	or
396	.Fn X509_LOOKUP_by_subject .
397	.It Dv ERR_R_PEM_LIB Qq "PEM lib"	356	.It Dv ERR_R_PEM_LIB Qq "PEM lib"
398	.Xr PEM_X509_INFO_read_bio 3 ,	357	.Xr PEM_X509_INFO_read_bio 3 ,
399	.Xr PEM_read_bio_X509_AUX 3 ,	358	.Xr PEM_read_bio_X509_AUX 3 ,
@@ -409,7 +368,7 @@ or
409	failed in	368	failed in
410	.Fn X509_LOOKUP_ctrl .	369	.Fn X509_LOOKUP_ctrl .
411	.It Dv X509_R_WRONG_LOOKUP_TYPE Qq "wrong lookup type"	370	.It Dv X509_R_WRONG_LOOKUP_TYPE Qq "wrong lookup type"
412	.Fn X509_LOOKUP_by_subject	371	.Xr X509_STORE_CTX_get_by_subject 3
413	was called with an invalid	372	was called with an invalid
414	.Fa type .	373	.Fa type .
415	.El	374	.El
@@ -418,12 +377,6 @@ Passing an invalid
418	.Fa command	377	.Fa command
419	to	378	to
420	.Fn X509_LOOKUP_ctrl	379	.Fn X509_LOOKUP_ctrl
421	or calling
422	.Fn X509_LOOKUP_by_subject
423	with a
424	.Dv NULL
425	.Fa name
426	or with arguments that yield no match
427	causes failure but provides no diagnostics.	380	causes failure but provides no diagnostics.
428	.Sh SEE ALSO	381	.Sh SEE ALSO
429	.Xr d2i_X509_bio 3 ,	382	.Xr d2i_X509_bio 3 ,