document X509_add1_reject_object(3) and X509_reject_clear(3)

author: schwarze <> 2021-07-08 13:07:00 +0000
committer: schwarze <> 2021-07-08 13:07:00 +0000
commit: 3aee4c9a971412056e2cb9b110f72945b105b483 (patch)
tree: 4567c82fef1efa6ab141316b6e788cf1d953b8e9
parent: 92ac5edde916fb03f49c27b01108f6c56a86c0bd (diff)
download: openbsd-3aee4c9a971412056e2cb9b110f72945b105b483.tar.gz
openbsd-3aee4c9a971412056e2cb9b110f72945b105b483.tar.bz2
openbsd-3aee4c9a971412056e2cb9b110f72945b105b483.zip
1 files changed, 24 insertions, 7 deletions
diff --git a/src/lib/libcrypto/man/X509_add1_trust_object.3 b/src/lib/libcrypto/man/X509_add1_trust_object.3
index ed21a6da37..3c1ae52e69 100644
--- a/src/lib/libcrypto/man/X509_add1_trust_object.3
+++ b/src/lib/libcrypto/man/X509_add1_trust_object.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_add1_trust_object.3,v 1.1 2021/07/08 12:30:27 schwarze Exp $
+.\" $OpenBSD: X509_add1_trust_object.3,v 1.2 2021/07/08 13:07:00 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -19,7 +19,9 @@
 .Os
 .Sh NAME
 .Nm X509_add1_trust_object ,
-.Nm X509_trust_clear
+.Nm X509_trust_clear ,
+.Nm X509_add1_reject_object ,
+.Nm X509_reject_clear
 .Nd mark an X.509 certificate as intended for a specific purpose
 .Sh SYNOPSIS
 .In openssl/x509.h
@@ -32,6 +34,15 @@
 .Fo X509_trust_clear
 .Fa "X509 *x"
 .Fc
+.Ft int
+.Fo X509_add1_reject_object
+.Fa "X509 *x"
+.Fa "const ASN1_OBJECT *purpose"
+.Fc
+.Ft void
+.Fo X509_reject_clear
+.Fa "X509 *x"
+.Fc
 .Sh DESCRIPTION
 .Fn X509_add1_trust_object
 appends a deep copy of the
@@ -51,10 +62,15 @@ constants listed in that manual page are not intended for use with
 .Fn X509_add1_trust_object .
 .Pp
 .Fn X509_trust_clear
-frees and removes all purpose objects
+frees and removes all purpose objects from the set of intended
-contained in the non-standard auxiliary data of
+purposes in the non-standard auxiliary data of
 .Fa x .
 .Pp
+.Fn X509_add1_reject_object
+and
+.Fn X509_reject_clear
+are similar except that they operate on a set of unintended purposes.
+.Pp
 As an alternative to using the functions documented in the present
 manual page, X.509 certificate extensions can be used.
 At the price of higher complexity, those allow storing the purpose
@@ -65,9 +81,10 @@ See
 for details.
 .Sh RETURN VALUES
 .Fn X509_add1_trust_object
-returns the new number of purposes that
+and
-.Fa x
+.Fn X509_add1_reject_object
-is intended for, or 0 if an error occurs, in particular if memory
+return the new number of purposes in the respective set
+or 0 if an error occurs, in particular if memory
 allocation fails or if
 .Fa x
 does not contain a sub-object that can hold non-standard auxiliary data.
author	schwarze <>	2021-07-08 13:07:00 +0000
committer	schwarze <>	2021-07-08 13:07:00 +0000
commit	3aee4c9a971412056e2cb9b110f72945b105b483 (patch)
tree	4567c82fef1efa6ab141316b6e788cf1d953b8e9
parent	92ac5edde916fb03f49c27b01108f6c56a86c0bd (diff)
download	openbsd-3aee4c9a971412056e2cb9b110f72945b105b483.tar.gz openbsd-3aee4c9a971412056e2cb9b110f72945b105b483.tar.bz2 openbsd-3aee4c9a971412056e2cb9b110f72945b105b483.zip

diff --git a/src/lib/libcrypto/man/X509_add1_trust_object.3 b/src/lib/libcrypto/man/X509_add1_trust_object.3 index ed21a6da37..3c1ae52e69 100644 --- a/src/lib/libcrypto/man/X509_add1_trust_object.3 +++ b/src/lib/libcrypto/man/X509_add1_trust_object.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_add1_trust_object.3,v 1.1 2021/07/08 12:30:27 schwarze Exp $	1	.\" $OpenBSD: X509_add1_trust_object.3,v 1.2 2021/07/08 13:07:00 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -19,7 +19,9 @@
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
21	.Nm X509_add1_trust_object ,	21	.Nm X509_add1_trust_object ,
22	.Nm X509_trust_clear	22	.Nm X509_trust_clear ,
		23	.Nm X509_add1_reject_object ,
		24	.Nm X509_reject_clear
23	.Nd mark an X.509 certificate as intended for a specific purpose	25	.Nd mark an X.509 certificate as intended for a specific purpose
24	.Sh SYNOPSIS	26	.Sh SYNOPSIS
25	.In openssl/x509.h	27	.In openssl/x509.h
@@ -32,6 +34,15 @@
32	.Fo X509_trust_clear	34	.Fo X509_trust_clear
33	.Fa "X509 *x"	35	.Fa "X509 *x"
34	.Fc	36	.Fc
		37	.Ft int
		38	.Fo X509_add1_reject_object
		39	.Fa "X509 *x"
		40	.Fa "const ASN1_OBJECT *purpose"
		41	.Fc
		42	.Ft void
		43	.Fo X509_reject_clear
		44	.Fa "X509 *x"
		45	.Fc
35	.Sh DESCRIPTION	46	.Sh DESCRIPTION
36	.Fn X509_add1_trust_object	47	.Fn X509_add1_trust_object
37	appends a deep copy of the	48	appends a deep copy of the
@@ -51,10 +62,15 @@ constants listed in that manual page are not intended for use with
51	.Fn X509_add1_trust_object .	62	.Fn X509_add1_trust_object .
52	.Pp	63	.Pp
53	.Fn X509_trust_clear	64	.Fn X509_trust_clear
54	frees and removes all purpose objects	65	frees and removes all purpose objects from the set of intended
55	contained in the non-standard auxiliary data of	66	purposes in the non-standard auxiliary data of
56	.Fa x .	67	.Fa x .
57	.Pp	68	.Pp
		69	.Fn X509_add1_reject_object
		70	and
		71	.Fn X509_reject_clear
		72	are similar except that they operate on a set of unintended purposes.
		73	.Pp
58	As an alternative to using the functions documented in the present	74	As an alternative to using the functions documented in the present
59	manual page, X.509 certificate extensions can be used.	75	manual page, X.509 certificate extensions can be used.
60	At the price of higher complexity, those allow storing the purpose	76	At the price of higher complexity, those allow storing the purpose
@@ -65,9 +81,10 @@ See
65	for details.	81	for details.
66	.Sh RETURN VALUES	82	.Sh RETURN VALUES
67	.Fn X509_add1_trust_object	83	.Fn X509_add1_trust_object
68	returns the new number of purposes that	84	and
69	.Fa x	85	.Fn X509_add1_reject_object
70	is intended for, or 0 if an error occurs, in particular if memory	86	return the new number of purposes in the respective set
		87	or 0 if an error occurs, in particular if memory
71	allocation fails or if	88	allocation fails or if
72	.Fa x	89	.Fa x
73	does not contain a sub-object that can hold non-standard auxiliary data.	90	does not contain a sub-object that can hold non-standard auxiliary data.