Remove docs of various X509_TRUST "functionality" that no longer exists

Some macros are still exposed, but apart from the loss of a very nice way of saying "this is completely misdesigned, overengineered and not properly thought through" the only thing we would have learned from it is that this stuff is "probably useless".
author: tb <> 2024-08-17 09:16:37 +0000
committer: tb <> 2024-08-17 09:16:37 +0000
commit: 20ed53f10932af6b45672ea0db498ac81f754340 (patch)
tree: 917c25c867be79962e6172ca3d79b22a9f8f96b2 /src/lib/libcrypto/man/X509_check_trust.3
parent: 07020d4504e9147315469dae8e2265a740e54bf5 (diff)
download: openbsd-20ed53f10932af6b45672ea0db498ac81f754340.tar.gz
openbsd-20ed53f10932af6b45672ea0db498ac81f754340.tar.bz2
openbsd-20ed53f10932af6b45672ea0db498ac81f754340.zip
1 files changed, 2 insertions, 43 deletions
diff --git a/src/lib/libcrypto/man/X509_check_trust.3 b/src/lib/libcrypto/man/X509_check_trust.3
index 0f02a1b1ef..3a4e020950 100644
--- a/src/lib/libcrypto/man/X509_check_trust.3
+++ b/src/lib/libcrypto/man/X509_check_trust.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_check_trust.3,v 1.8 2023/04/30 14:49:47 tb Exp $
+.\" $OpenBSD: X509_check_trust.3,v 1.9 2024/08/17 09:16:37 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,12 +14,11 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: April 30 2023 $
+.Dd $Mdocdate: August 17 2024 $
 .Dt X509_CHECK_TRUST 3
 .Os
 .Sh NAME
 .Nm X509_check_trust ,
-.Nm X509_TRUST_set_default
 .Nd check whether a certificate is trusted
 .Sh SYNOPSIS
 .In openssl/x509.h
@@ -29,12 +28,6 @@
 .Fa "int trust"
 .Fa "int flags"
 .Fc
-.Ft int
-.Fo "(*X509_TRUST_set_default(int (*handler)(int, X509 *, int)))"
-.Fa "int trust"
-.Fa "X509 *certificate"
-.Fa "int flags"
-.Fc
 .Sh DESCRIPTION
 .Fn X509_check_trust
 checks whether the
@@ -183,27 +176,6 @@ identifiers listed above, or it may have installed additional,
 user-supplied checking functions for user-defined
 .Fa trust
 identifiers not listed above.
-.Pp
-If the function
-.Fn X509_TRUST_set_default
-was called, the
-.Fa handler
-function passed to it is used instead of the standard algorithm,
-but only in the case where the
-.Fa trust
-argument of
-.Fn X509_check_trust
-is invalid.
-The compatibility step is not used in this case.
-.Pp
-If the return value of the first call to
-.Fn X509_TRUST_set_default
-is saved and passed back to
-.Fn X509_TRUST_set_default
-later on, the standard behaviour
-of using the standard algorithm for invalid
-.Fa trust
-arguments is restored.
 .Sh RETURN VALUES
 .Fn X509_check_trust
 returns the following values:
@@ -222,27 +194,14 @@ The
 is neither trusted nor explicitly rejected,
 which implies that it is not trusted.
 .El
-.Pp
-.Fn X509_TRUST_set_default
-returns a pointer to the handler function for invalid
-.Fa trust
-that was installed before the call, which may either be a pointer
-to a function installed by a previous call to
-.Fn X509_TRUST_set_default
-or a pointer to the built-in function implementing the standard algorithm if
-.Fn X509_TRUST_set_default
-was never called before.
 .Sh SEE ALSO
 .Xr PEM_read_X509_AUX 3 ,
 .Xr X509_add1_trust_object 3 ,
 .Xr X509_CERT_AUX_new 3 ,
 .Xr X509_check_purpose 3 ,
 .Xr X509_new 3 ,
-.Xr X509_TRUST_set 3 ,
 .Xr X509_VERIFY_PARAM_set_trust 3
 .Sh HISTORY
 .Fn X509_check_trust
-and
-.Fn X509_TRUST_set_default
 first appeared in OpenSSL 0.9.5 and has been available since
 .Ox 2.7 .
author	tb <>	2024-08-17 09:16:37 +0000
committer	tb <>	2024-08-17 09:16:37 +0000
commit	20ed53f10932af6b45672ea0db498ac81f754340 (patch)
tree	917c25c867be79962e6172ca3d79b22a9f8f96b2 /src/lib/libcrypto/man/X509_check_trust.3
parent	07020d4504e9147315469dae8e2265a740e54bf5 (diff)
download	openbsd-20ed53f10932af6b45672ea0db498ac81f754340.tar.gz openbsd-20ed53f10932af6b45672ea0db498ac81f754340.tar.bz2 openbsd-20ed53f10932af6b45672ea0db498ac81f754340.zip