Document X509_STORE_set_verify_func(3), mostly using text from the

OpenSSL 1.1.1 branch, which is still under a free license, tweaked by me. While here, garbage collect the weird BUGS section.
author: schwarze <> 2021-07-29 10:13:45 +0000
committer: schwarze <> 2021-07-29 10:13:45 +0000
commit: 478dc838cb27a358d6b5158ee627a40c0cf7a818 (patch)
tree: c8e9e3f4649f22b6d48e514d6766c15211108046
parent: 3914c181dd451be6f69fd1b4c96bac38ae4245a6 (diff)
download: openbsd-478dc838cb27a358d6b5158ee627a40c0cf7a818.tar.gz
openbsd-478dc838cb27a358d6b5158ee627a40c0cf7a818.tar.bz2
openbsd-478dc838cb27a358d6b5158ee627a40c0cf7a818.zip
1 files changed, 32 insertions, 8 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index 052c28b6a8..59b1feff77 100644
--- a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -1,5 +1,6 @@
-.\"     $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.9 2020/03/29 17:05:02 schwarze Exp $
+.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.10 2021/07/29 10:13:45 schwarze Exp $
-.\"     OpenSSL 05ea606a May 20 20:52:46 2016 -0400
+.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
+.\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2009 The OpenSSL Project.  All rights reserved.
@@ -48,12 +49,13 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2020 $
+.Dd $Mdocdate: July 29 2021 $
 .Dt X509_STORE_SET_VERIFY_CB_FUNC 3
 .Os
 .Sh NAME
 .Nm X509_STORE_set_verify_cb ,
-.Nm X509_STORE_set_verify_cb_func
+.Nm X509_STORE_set_verify_cb_func ,
+.Nm X509_STORE_set_verify_func
 .Nd set verification callback
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
@@ -67,6 +69,11 @@
 .Fa "X509_STORE *st"
 .Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)"
 .Fc
+.Ft void
+.Fo X509_STORE_set_verify_func
+.Fa "X509_STORE *st"
+.Fa "int (*verify_func)(X509_STORE_CTX *ctx)"
+.Fc
 .Sh DESCRIPTION
 .Fn X509_STORE_set_verify_cb
 sets the verification callback of
@@ -86,17 +93,34 @@ structure when it is initialized.
 This can be used to set the verification callback when the
 .Vt X509_STORE_CTX
 is otherwise inaccessible (for example during S/MIME verification).
+.Pp
+.Fn X509_STORE_set_verify_func
+sets the final chain verification function for
+.Fa st
+to
+.Fa verify_func .
+Its purpose is to go through the chain of certificates and check
+that all signatures are valid and that the current time is within
+the limits of each certificate's first and last validity time.
+The final chain verification function
+must return 0 on failure and 1 on success.
+If
+.Fn X509_STORE_set_verify_func
+is not called or called with
+.Fa verify_func
+set to a
+.Dv NULL
+pointer, the built-in default function is used.
 .Sh SEE ALSO
 .Xr X509_STORE_CTX_set_verify_cb 3 ,
 .Xr X509_STORE_new 3
 .Sh HISTORY
 .Fn X509_STORE_set_verify_cb_func
-first appeared in SSLeay 0.8.0 and has been available since
+and
+.Fn X509_STORE_set_verify_func
+first appeared in SSLeay 0.8.0 and have been available since
 .Ox 2.4 .
 .Pp
 .Fn X509_STORE_set_verify_cb
 first appeared in OpenSSL 1.0.0 and has been available since
 .Ox 4.9 .
-.Sh BUGS
-The macro version of this function was the only one available before
-OpenSSL 1.0.0.
author	schwarze <>	2021-07-29 10:13:45 +0000
committer	schwarze <>	2021-07-29 10:13:45 +0000
commit	478dc838cb27a358d6b5158ee627a40c0cf7a818 (patch)
tree	c8e9e3f4649f22b6d48e514d6766c15211108046
parent	3914c181dd451be6f69fd1b4c96bac38ae4245a6 (diff)
download	openbsd-478dc838cb27a358d6b5158ee627a40c0cf7a818.tar.gz openbsd-478dc838cb27a358d6b5158ee627a40c0cf7a818.tar.bz2 openbsd-478dc838cb27a358d6b5158ee627a40c0cf7a818.zip