diff options
| author | schwarze <> | 2020-09-17 08:04:22 +0000 |
|---|---|---|
| committer | schwarze <> | 2020-09-17 08:04:22 +0000 |
| commit | 2dce98682ff8b7337bc6963a61185ea7cf5142b8 (patch) | |
| tree | 82c0977a100728275a863a8c4b426e8e27d815fc | |
| parent | eca320a8712112c5711439902e616353d0069121 (diff) | |
| download | openbsd-2dce98682ff8b7337bc6963a61185ea7cf5142b8.tar.gz openbsd-2dce98682ff8b7337bc6963a61185ea7cf5142b8.tar.bz2 openbsd-2dce98682ff8b7337bc6963a61185ea7cf5142b8.zip | |
Install the new page SSL_set1_host(3), link to it from relevant places,
and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few trivial changes from the OpenSSL 1.1.1 branch.
OK tb@
| -rw-r--r-- | src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_check_host.3 | 15 | ||||
| -rw-r--r-- | src/lib/libssl/man/Makefile | 3 | ||||
| -rw-r--r-- | src/lib/libssl/man/SSL_CTX_set_verify.3 | 9 | ||||
| -rw-r--r-- | src/lib/libssl/man/SSL_get_peer_certificate.3 | 9 | ||||
| -rw-r--r-- | src/lib/libssl/man/SSL_get_verify_result.3 | 8 |
6 files changed, 31 insertions, 22 deletions
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 5e45278604..33cca3b4b3 100644 --- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | .\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.14 2018/04/07 13:57:43 jmc Exp $ | 1 | .\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.15 2020/09/17 08:04:22 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 | 2 | .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 |
| 3 | .\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 | 3 | .\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 |
| 4 | .\" | 4 | .\" |
| 5 | .\" This file is a derived work. | 5 | .\" This file is a derived work. |
| 6 | .\" The changes are covered by the following Copyright and license: | 6 | .\" The changes are covered by the following Copyright and license: |
| @@ -68,7 +68,7 @@ | |||
| 68 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 68 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 69 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 69 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 70 | .\" | 70 | .\" |
| 71 | .Dd $Mdocdate: April 7 2018 $ | 71 | .Dd $Mdocdate: September 17 2020 $ |
| 72 | .Dt X509_VERIFY_PARAM_SET_FLAGS 3 | 72 | .Dt X509_VERIFY_PARAM_SET_FLAGS 3 |
| 73 | .Os | 73 | .Os |
| 74 | .Sh NAME | 74 | .Sh NAME |
| @@ -337,7 +337,7 @@ in a chain. | |||
| 337 | .Fn X509_VERIFY_PARAM_set1_host | 337 | .Fn X509_VERIFY_PARAM_set1_host |
| 338 | sets the expected DNS hostname to | 338 | sets the expected DNS hostname to |
| 339 | .Fa name | 339 | .Fa name |
| 340 | clearing any previously specified host name or names. | 340 | clearing any previously specified hostname or names. |
| 341 | If | 341 | If |
| 342 | .Fa name | 342 | .Fa name |
| 343 | is | 343 | is |
| @@ -693,6 +693,7 @@ SSL_CTX_set1_param(ctx, param); | |||
| 693 | X509_VERIFY_PARAM_free(param); | 693 | X509_VERIFY_PARAM_free(param); |
| 694 | .Ed | 694 | .Ed |
| 695 | .Sh SEE ALSO | 695 | .Sh SEE ALSO |
| 696 | .Xr SSL_set1_host 3 , | ||
| 696 | .Xr SSL_set1_param 3 , | 697 | .Xr SSL_set1_param 3 , |
| 697 | .Xr X509_check_host 3 , | 698 | .Xr X509_check_host 3 , |
| 698 | .Xr X509_STORE_CTX_set0_param 3 , | 699 | .Xr X509_STORE_CTX_set0_param 3 , |
diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3 index a2c91af1ad..dbc56c0d21 100644 --- a/src/lib/libcrypto/man/X509_check_host.3 +++ b/src/lib/libcrypto/man/X509_check_host.3 | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | .\" $OpenBSD: X509_check_host.3,v 1.5 2019/08/23 12:23:39 schwarze Exp $ | 1 | .\" $OpenBSD: X509_check_host.3,v 1.6 2020/09/17 08:04:22 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL 6738bf14 Feb 13 12:51:29 2018 +0000 | 2 | .\" full merge up to: OpenSSL a09e4d24 Jun 12 01:56:31 2014 -0400 |
| 3 | .\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 | ||
| 3 | .\" | 4 | .\" |
| 4 | .\" This file was written by Florian Weimer <fweimer@redhat.com> and | 5 | .\" This file was written by Florian Weimer <fweimer@redhat.com> and |
| 5 | .\" Viktor Dukhovni <openssl-users@dukhovni.org>. | 6 | .\" Viktor Dukhovni <openssl-users@dukhovni.org>. |
| @@ -50,7 +51,7 @@ | |||
| 50 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 51 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 51 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 52 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 52 | .\" | 53 | .\" |
| 53 | .Dd $Mdocdate: August 23 2019 $ | 54 | .Dd $Mdocdate: September 17 2020 $ |
| 54 | .Dt X509_CHECK_HOST 3 | 55 | .Dt X509_CHECK_HOST 3 |
| 55 | .Os | 56 | .Os |
| 56 | .Sh NAME | 57 | .Sh NAME |
| @@ -91,13 +92,13 @@ | |||
| 91 | .Fc | 92 | .Fc |
| 92 | .Sh DESCRIPTION | 93 | .Sh DESCRIPTION |
| 93 | The certificate matching functions are used to check whether a | 94 | The certificate matching functions are used to check whether a |
| 94 | certificate matches a given host name, email address, or IP address. | 95 | certificate matches a given hostname, email address, or IP address. |
| 95 | The validity of the certificate and its trust level has to be checked by | 96 | The validity of the certificate and its trust level has to be checked by |
| 96 | other means. | 97 | other means. |
| 97 | .Pp | 98 | .Pp |
| 98 | .Fn X509_check_host | 99 | .Fn X509_check_host |
| 99 | checks if the certificate Subject Alternative Name (SAN) or Subject | 100 | checks if the certificate Subject Alternative Name (SAN) or Subject |
| 100 | CommonName (CN) matches the specified host name, which must be encoded | 101 | CommonName (CN) matches the specified hostname, which must be encoded |
| 101 | in the preferred name syntax described in section 3.5 of RFC 1034. | 102 | in the preferred name syntax described in section 3.5 of RFC 1034. |
| 102 | By default, wildcards are supported and they match only in the | 103 | By default, wildcards are supported and they match only in the |
| 103 | left-most label; they may match part of that label with an | 104 | left-most label; they may match part of that label with an |
| @@ -234,9 +235,11 @@ returns -2 if the provided | |||
| 234 | .Fa name | 235 | .Fa name |
| 235 | contains embedded NUL bytes. | 236 | contains embedded NUL bytes. |
| 236 | .Sh SEE ALSO | 237 | .Sh SEE ALSO |
| 238 | .Xr SSL_set1_host 3 , | ||
| 237 | .Xr X509_EXTENSION_new 3 , | 239 | .Xr X509_EXTENSION_new 3 , |
| 238 | .Xr X509_get1_email 3 , | 240 | .Xr X509_get1_email 3 , |
| 239 | .Xr X509_new 3 | 241 | .Xr X509_new 3 , |
| 242 | .Xr X509_VERIFY_PARAM_set1_host 3 | ||
| 240 | .Sh HISTORY | 243 | .Sh HISTORY |
| 241 | These functions first appeared in OpenSSL 1.0.2 | 244 | These functions first appeared in OpenSSL 1.0.2 |
| 242 | and have been available since | 245 | and have been available since |
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index 4c3157bd95..0ea04a3077 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.66 2019/04/05 18:29:43 schwarze Exp $ | 1 | # $OpenBSD: Makefile,v 1.67 2020/09/17 08:04:22 schwarze Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | 4 | ||
| @@ -102,6 +102,7 @@ MAN = BIO_f_ssl.3 \ | |||
| 102 | SSL_renegotiate.3 \ | 102 | SSL_renegotiate.3 \ |
| 103 | SSL_rstate_string.3 \ | 103 | SSL_rstate_string.3 \ |
| 104 | SSL_session_reused.3 \ | 104 | SSL_session_reused.3 \ |
| 105 | SSL_set1_host.3 \ | ||
| 105 | SSL_set1_param.3 \ | 106 | SSL_set1_param.3 \ |
| 106 | SSL_set_bio.3 \ | 107 | SSL_set_bio.3 \ |
| 107 | SSL_set_connect_state.3 \ | 108 | SSL_set_connect_state.3 \ |
diff --git a/src/lib/libssl/man/SSL_CTX_set_verify.3 b/src/lib/libssl/man/SSL_CTX_set_verify.3 index 40a09de902..5b137358ab 100644 --- a/src/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/src/lib/libssl/man/SSL_CTX_set_verify.3 | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | .\" $OpenBSD: SSL_CTX_set_verify.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_CTX_set_verify.3,v 1.8 2020/09/17 08:04:22 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 | 2 | .\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 |
| 3 | .\" selective merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 | 3 | .\" selective merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100 |
| 4 | .\" | 4 | .\" |
| 5 | .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. | 5 | .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. |
| 6 | .\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project. | 6 | .\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project. |
| @@ -50,7 +50,7 @@ | |||
| 50 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 50 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 51 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 51 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 52 | .\" | 52 | .\" |
| 53 | .Dd $Mdocdate: March 27 2018 $ | 53 | .Dd $Mdocdate: September 17 2020 $ |
| 54 | .Dt SSL_CTX_SET_VERIFY 3 | 54 | .Dt SSL_CTX_SET_VERIFY 3 |
| 55 | .Os | 55 | .Os |
| 56 | .Sh NAME | 56 | .Sh NAME |
| @@ -443,7 +443,8 @@ if (peer = SSL_get_peer_certificate(ssl)) { | |||
| 443 | .Xr SSL_get_ex_new_index 3 , | 443 | .Xr SSL_get_ex_new_index 3 , |
| 444 | .Xr SSL_get_peer_certificate 3 , | 444 | .Xr SSL_get_peer_certificate 3 , |
| 445 | .Xr SSL_get_verify_result 3 , | 445 | .Xr SSL_get_verify_result 3 , |
| 446 | .Xr SSL_new 3 | 446 | .Xr SSL_new 3 , |
| 447 | .Xr SSL_set1_host 3 | ||
| 447 | .Sh HISTORY | 448 | .Sh HISTORY |
| 448 | .Fn SSL_set_verify | 449 | .Fn SSL_set_verify |
| 449 | appeared in SSLeay 0.4 or earlier. | 450 | appeared in SSLeay 0.4 or earlier. |
diff --git a/src/lib/libssl/man/SSL_get_peer_certificate.3 b/src/lib/libssl/man/SSL_get_peer_certificate.3 index 5e7247f4d1..358026d396 100644 --- a/src/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/src/lib/libssl/man/SSL_get_peer_certificate.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" $OpenBSD: SSL_get_peer_certificate.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_get_peer_certificate.3,v 1.5 2020/09/17 08:04:22 schwarze Exp $ |
| 2 | .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 | 2 | .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. | 4 | .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. |
| 5 | .\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. | 5 | .\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. |
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 50 | .\" | 50 | .\" |
| 51 | .Dd $Mdocdate: March 27 2018 $ | 51 | .Dd $Mdocdate: September 17 2020 $ |
| 52 | .Dt SSL_GET_PEER_CERTIFICATE 3 | 52 | .Dt SSL_GET_PEER_CERTIFICATE 3 |
| 53 | .Os | 53 | .Os |
| 54 | .Sh NAME | 54 | .Sh NAME |
| @@ -97,7 +97,8 @@ The return value points to the certificate presented by the peer. | |||
| 97 | .Sh SEE ALSO | 97 | .Sh SEE ALSO |
| 98 | .Xr ssl 3 , | 98 | .Xr ssl 3 , |
| 99 | .Xr SSL_CTX_set_verify 3 , | 99 | .Xr SSL_CTX_set_verify 3 , |
| 100 | .Xr SSL_get_verify_result 3 | 100 | .Xr SSL_get_verify_result 3 , |
| 101 | .Xr SSL_get0_peername 3 | ||
| 101 | .Sh HISTORY | 102 | .Sh HISTORY |
| 102 | .Fn SSL_get_peer_certificate | 103 | .Fn SSL_get_peer_certificate |
| 103 | appeared in SSLeay 0.4 or earlier and has been available since | 104 | appeared in SSLeay 0.4 or earlier and has been available since |
diff --git a/src/lib/libssl/man/SSL_get_verify_result.3 b/src/lib/libssl/man/SSL_get_verify_result.3 index ec4df2d38e..03c4210084 100644 --- a/src/lib/libssl/man/SSL_get_verify_result.3 +++ b/src/lib/libssl/man/SSL_get_verify_result.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" $OpenBSD: SSL_get_verify_result.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_get_verify_result.3,v 1.5 2020/09/17 08:04:22 schwarze Exp $ |
| 2 | .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 | 2 | .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. | 4 | .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. |
| 5 | .\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. | 5 | .\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. |
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 50 | .\" | 50 | .\" |
| 51 | .Dd $Mdocdate: March 27 2018 $ | 51 | .Dd $Mdocdate: September 17 2020 $ |
| 52 | .Dt SSL_GET_VERIFY_RESULT 3 | 52 | .Dt SSL_GET_VERIFY_RESULT 3 |
| 53 | .Os | 53 | .Os |
| 54 | .Sh NAME | 54 | .Sh NAME |
| @@ -84,7 +84,9 @@ Documented in | |||
| 84 | .Sh SEE ALSO | 84 | .Sh SEE ALSO |
| 85 | .Xr openssl 1 , | 85 | .Xr openssl 1 , |
| 86 | .Xr ssl 3 , | 86 | .Xr ssl 3 , |
| 87 | .Xr SSL_CTX_set_verify 3 , | ||
| 87 | .Xr SSL_get_peer_certificate 3 , | 88 | .Xr SSL_get_peer_certificate 3 , |
| 89 | .Xr SSL_get0_peername 3 , | ||
| 88 | .Xr SSL_set_verify_result 3 | 90 | .Xr SSL_set_verify_result 3 |
| 89 | .Sh HISTORY | 91 | .Sh HISTORY |
| 90 | .Fn SSL_get_verify_result | 92 | .Fn SSL_get_verify_result |