As pointed out by tb@, LibreSSL no longer supports user-defined

X509_LOOKUP_METHODs because these objects are now opaque. Simplify the documentation accordingly, shortening it by about 35 input lines in total, but continue providing the information which RETURN VALUES functions might return with other implementations of the library. OK tb@
author: schwarze <> 2021-11-12 14:05:28 +0000
committer: schwarze <> 2021-11-12 14:05:28 +0000
commit: 2a7751f58482c5336ab856f257ed371d86679f60 (patch)
tree: 13796ed09ffe9ceadfa81a84fca65c8b1d4a7c3d /src/lib
parent: 960451b4d8b5772041cabb56dabbf38f54624773 (diff)
download: openbsd-2a7751f58482c5336ab856f257ed371d86679f60.tar.gz
openbsd-2a7751f58482c5336ab856f257ed371d86679f60.tar.bz2
openbsd-2a7751f58482c5336ab856f257ed371d86679f60.zip
4 files changed, 21 insertions, 56 deletions
diff --git a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
index b1f6a17571..f6321351e1 100644
--- a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
+++ b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.11 2021/11/09 16:23:04 schwarze Exp $
+.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.12 2021/11/12 14:05:28 schwarze Exp $
 .\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -67,14 +67,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 9 2021 $
+.Dd $Mdocdate: November 12 2021 $
 .Dt X509_LOOKUP_HASH_DIR 3
 .Os
 .Sh NAME
 .Nm X509_LOOKUP_hash_dir ,
 .Nm X509_LOOKUP_file ,
 .Nm X509_LOOKUP_mem
-.Nd default certificate lookup methods
+.Nd certificate lookup methods
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
 .Ft X509_LOOKUP_METHOD *
diff --git a/src/lib/libcrypto/man/X509_LOOKUP_new.3 b/src/lib/libcrypto/man/X509_LOOKUP_new.3
index e4cd68a40a..f368cbb606 100644
--- a/src/lib/libcrypto/man/X509_LOOKUP_new.3
+++ b/src/lib/libcrypto/man/X509_LOOKUP_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_LOOKUP_new.3,v 1.8 2021/11/12 11:41:50 schwarze Exp $
+.\" $OpenBSD: X509_LOOKUP_new.3,v 1.9 2021/11/12 14:05:28 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -286,16 +286,13 @@ set to
 .Dv NULL .
 .El
 .Pp
+With LibreSSL,
 .Fn X509_LOOKUP_ctrl
 always ignores the
 .Fa ret
-argument when the built-in
+argument.
-.Vt X509_LOOKUP_METHOD
-objects are used.
 .Pp
-When using built-in
+With LibreSSL,
-.Vt X509_LOOKUP_METHOD
-objects,
 .Fn X509_LOOKUP_by_subject
 is only useful if
 .Fa lookup
@@ -336,9 +333,7 @@ In case of success, the first match is returned in the
 .Pf * Fa object
 provided by the caller, overwriting any previous content.
 .Pp
-Unless an application program manually constructs its own
+With LibreSSL,
-.Vt X509_LOOKUP_METHOD
-object containing its own callback functions,
 .Fn X509_LOOKUP_init ,
 .Fn X509_LOOKUP_shutdown ,
 .Fn X509_LOOKUP_by_issuer_serial ,
@@ -346,15 +341,6 @@ object containing its own callback functions,
 and
 .Fn X509_LOOKUP_by_alias
 have no effect.
-.Fn X509_LOOKUP_init
-is supposed to be called after
-.Fn X509_LOOKUP_new
-and before using the
-.Fa lookup
-object,
-.Fn X509_LOOKUP_shutdown
-after using it and before
-.Fn X509_LOOKUP_free .
 .Sh RETURN VALUES
 .Fn X509_LOOKUP_new
 returns the new object or
@@ -363,11 +349,8 @@ if memory allocation fails.
 .Pp
 .Fn X509_LOOKUP_ctrl
 returns 1 for success or 0 for failure.
-If
+With library implementations other than LibreSSL,
-.Fa lookup
+it might also return \-1 for internal errors.
-uses a user-defined
-.Vt X509_LOOKUP_METHOD
-object, it might also return \-1 for internal errors.
 .Pp
 .Fn X509_LOOKUP_by_subject
 returns 1 for success or 0 for failure.
@@ -388,27 +371,21 @@ is neither
 nor
 .Dv X509_LU_CRL ,
 if no match is found, or if memory allocation fails.
-If
+With library implementations other than LibreSSL,
-.Fa lookup
+it might also return negative values for internal errors.
-uses a user-defined
-.Vt X509_LOOKUP_METHOD
-object, it might also return negative values for internal errors.
 .Pp
 .Fn X509_LOOKUP_init
 and
 .Fn X509_LOOKUP_shutdown
 are supposed to return 1 for success and 0 for failure.
-When using the built-in
+With LibreSSL, they always return 1.
-.Vt X509_LOOKUP_METHOD
-objects, they always return 1.
 .Pp
+With LibreSSL,
 .Fn X509_LOOKUP_by_issuer_serial ,
 .Fn X509_LOOKUP_by_fingerprint ,
 and
 .Fn X509_LOOKUP_by_alias
-always return 0 when using the built-in
+always return 0.
-.Vt X509_LOOKUP_METHOD
-objects.
 .Pp
 .Fn X509_get_default_cert_dir
 returns a pointer to the constant string
diff --git a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
index 797ddc1292..6c8b8f8b5e 100644
--- a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
+++ b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.2 2021/11/12 11:41:50 schwarze Exp $
+.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.3 2021/11/12 14:05:28 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -159,12 +159,7 @@ return 1 if a match is found or 0 on failure.
 In addition to simply not finding a match,
 they may also fail due to memory allocation failure in
 .Xr X509_LOOKUP_by_subject 3 .
-If
+With library implementations other than LibreSSL,
-.Fa ctx
-contains any
-.Vt X509_LOOKUP
-object using a user-defined
-.Vt X509_LOOKUP_METHOD ,
 they might also return negative values for internal errors.
 .Pp
 .Fn X509_STORE_CTX_get_obj_by_subject
@@ -194,12 +189,7 @@ already contains matching CRLs, or if memory allocation fails.
 returns 1 if a matching
 .Fa issuer
 CA certificate is found or 0 otherwise.
-If
+With library implementations other than LibreSSL,
-.Fa ctx
-contains any
-.Vt X509_LOOKUP
-object using a user-defined
-.Vt X509_LOOKUP_METHOD ,
 it might also return negative values for internal errors.
 .Sh SEE ALSO
 .Xr STACK_OF 3 ,
diff --git a/src/lib/libcrypto/man/X509_STORE_load_locations.3 b/src/lib/libcrypto/man/X509_STORE_load_locations.3
index 66d8950737..f38eeb6671 100644
--- a/src/lib/libcrypto/man/X509_STORE_load_locations.3
+++ b/src/lib/libcrypto/man/X509_STORE_load_locations.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_load_locations.3,v 1.9 2021/11/09 16:23:04 schwarze Exp $
+.\" $OpenBSD: X509_STORE_load_locations.3,v 1.10 2021/11/12 14:05:28 schwarze Exp $
 .\" full merge up to:
 .\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 9 2021 $
+.Dd $Mdocdate: November 12 2021 $
 .Dt X509_STORE_LOAD_LOCATIONS 3
 .Os
 .Sh NAME
@@ -148,9 +148,7 @@ In particular, parse errors or lack of memory can cause failure.
 returns the existing or new lookup object or
 .Dv NULL
 on failure.
-When using the built-in
+With LibreSSL, the only reason for failure is lack of memory.
-.Vt X509_LOOKUP_METHOD
-objects, the only reason for failure is lack of memory.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa /etc/ssl/cert.pem
author	schwarze <>	2021-11-12 14:05:28 +0000
committer	schwarze <>	2021-11-12 14:05:28 +0000
commit	2a7751f58482c5336ab856f257ed371d86679f60 (patch)
tree	13796ed09ffe9ceadfa81a84fca65c8b1d4a7c3d /src/lib
parent	960451b4d8b5772041cabb56dabbf38f54624773 (diff)
download	openbsd-2a7751f58482c5336ab856f257ed371d86679f60.tar.gz openbsd-2a7751f58482c5336ab856f257ed371d86679f60.tar.bz2 openbsd-2a7751f58482c5336ab856f257ed371d86679f60.zip