diff options
| author | tb <> | 2025-12-20 07:22:43 +0000 |
|---|---|---|
| committer | tb <> | 2025-12-20 07:22:43 +0000 |
| commit | 4e99a5c0b6fa18eb76160d4cb726840aacb45404 (patch) | |
| tree | b0d0acb9f140921d9cf4cbf885ff5bb8d5588b85 /src/lib/libcrypto/man | |
| parent | a9b40e5ff0d02898290bff32f585973bf373feb5 (diff) | |
| download | openbsd-4e99a5c0b6fa18eb76160d4cb726840aacb45404.tar.gz openbsd-4e99a5c0b6fa18eb76160d4cb726840aacb45404.tar.bz2 openbsd-4e99a5c0b6fa18eb76160d4cb726840aacb45404.zip | |
pkcs7: add PKCS7_NO_DUAL_CONTENT flag/behavior
What Netscape fucked up just had to be embraced by secure boot and
other nonsense. First OpenSSL wanted to be strict (which we inherited)
then Rich Salz Postel-ized this and made OpenSSL bypass this check by
default and added a flag to be strict 10 years ago.
Now sthen found that PHP 8.5 uses/exposes this flag.
Follows OpenSSL 6b2ebe43 (2016)
ok kenjiro
Diffstat (limited to 'src/lib/libcrypto/man')
| -rw-r--r-- | src/lib/libcrypto/man/PKCS7_verify.3 | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3 index 6bf932b54b..53b32f738a 100644 --- a/src/lib/libcrypto/man/PKCS7_verify.3 +++ b/src/lib/libcrypto/man/PKCS7_verify.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: PKCS7_verify.3,v 1.12 2025/06/08 22:40:30 schwarze Exp $ | 1 | .\" $OpenBSD: PKCS7_verify.3,v 1.13 2025/12/20 07:22:43 tb Exp $ |
| 2 | .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 | 2 | .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. | 4 | .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. |
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 50 | .\" | 50 | .\" |
| 51 | .Dd $Mdocdate: June 8 2025 $ | 51 | .Dd $Mdocdate: December 20 2025 $ |
| 52 | .Dt PKCS7_VERIFY 3 | 52 | .Dt PKCS7_VERIFY 3 |
| 53 | .Os | 53 | .Os |
| 54 | .Sh NAME | 54 | .Sh NAME |
| @@ -125,6 +125,15 @@ is detached, | |||
| 125 | .Fa indata | 125 | .Fa indata |
| 126 | cannot be | 126 | cannot be |
| 127 | .Dv NULL . | 127 | .Dv NULL . |
| 128 | If the content is not detached and | ||
| 129 | .Fa indata | ||
| 130 | is not | ||
| 131 | .Fa NULL , | ||
| 132 | then the structure has both embedded and external content. | ||
| 133 | To treat this as an error, use the flag | ||
| 134 | .Dv PKCS7_NO_DUAL_CONTENT . | ||
| 135 | The default behavior allows this, for compatibility with other | ||
| 136 | implementations. | ||
| 128 | .Pp | 137 | .Pp |
| 129 | An attempt is made to locate all the signer's certificates, first | 138 | An attempt is made to locate all the signer's certificates, first |
| 130 | looking in the | 139 | looking in the |