Split the functions operating on the X509_VERIFY_PARAM object out

of X509_STORE_CTX_new(3) because i'm about to document five additional functions of this kind and the page X509_STORE_CTX_new(3) is growing unwieldy. No text change yet, except that i added an introductory sentence to the beginning of the DESCRIPTION of the new page.
author: schwarze <> 2021-07-22 17:11:14 +0000
committer: schwarze <> 2021-07-22 17:11:14 +0000
commit: 8a2b2d46e4614778f81e571b6d148f20ded9db18 (patch)
tree: 812181472a93383900f4fa0737302c70b0b7d58b /src/lib
parent: 88e7569f0df9996c3b42ffff7d73a3a9b210faf0 (diff)
download: openbsd-8a2b2d46e4614778f81e571b6d148f20ded9db18.tar.gz
openbsd-8a2b2d46e4614778f81e571b6d148f20ded9db18.tar.bz2
openbsd-8a2b2d46e4614778f81e571b6d148f20ded9db18.zip
3 files changed, 172 insertions, 74 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index c7375752bb..fd8655d5b6 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.183 2021/07/20 17:31:32 schwarze Exp $
+# $OpenBSD: Makefile,v 1.184 2021/07/22 17:11:14 schwarze Exp $
 .include <bsd.own.mk>
@@ -298,6 +298,7 @@ MAN=	\
        X509_STORE_CTX_get_error.3 \
        X509_STORE_CTX_get_ex_new_index.3 \
        X509_STORE_CTX_new.3 \
+        X509_STORE_CTX_set_flags.3 \
        X509_STORE_CTX_set_verify_cb.3 \
        X509_STORE_load_locations.3 \
        X509_STORE_new.3 \
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
index 17faeb3f13..d29bcf10fc 100644
--- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.21 2021/07/22 14:30:38 schwarze Exp $
+.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.22 2021/07/22 17:11:14 schwarze Exp $
 .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -84,11 +84,7 @@
 .Nm X509_STORE_CTX_set_chain ,
 .Nm X509_STORE_CTX_set0_untrusted ,
 .Nm X509_STORE_CTX_get0_untrusted ,
-.Nm X509_STORE_CTX_set0_crls ,
+.Nm X509_STORE_CTX_set0_crls
-.Nm X509_STORE_CTX_set_flags ,
-.Nm X509_STORE_CTX_get0_param ,
-.Nm X509_STORE_CTX_set0_param ,
-.Nm X509_STORE_CTX_set_default
 .Nd X509_STORE_CTX initialisation
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
@@ -151,25 +147,6 @@
 .Fa "X509_STORE_CTX *ctx"
 .Fa "STACK_OF(X509_CRL) *sk"
 .Fc
-.Ft void
-.Fo X509_STORE_CTX_set_flags
-.Fa "X509_STORE_CTX *ctx"
-.Fa "unsigned long flags"
-.Fc
-.Ft X509_VERIFY_PARAM *
-.Fo X509_STORE_CTX_get0_param
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set0_param
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509_VERIFY_PARAM *param"
-.Fc
-.Ft int
-.Fo X509_STORE_CTX_set_default
-.Fa "X509_STORE_CTX *ctx"
-.Fa "const char *name"
-.Fc
 .Sh DESCRIPTION
 These functions initialise an
 .Vt X509_STORE_CTX
@@ -306,33 +283,6 @@ structure.
 This might be used where additional "useful" CRLs are supplied as part
 of a protocol, for example in a PKCS#7 structure.
 .Pp
-.Fn X509_STORE_CTX_set_flags
-sets the internal verification parameter flags to
-.Fa flags .
-See
-.Xr X509_VERIFY_PARAM_set_flags 3
-for a description of the verification flags.
-.Pp
-.Fn X509_STORE_CTX_get0_param
-retrieves an internal pointer to the verification parameters associated
-with
-.Fa ctx .
-.Pp
-.Fn X509_STORE_CTX_set0_param
-sets the internal verification parameter pointer to
-.Fa param .
-After this call
-.Fa param
-should not be used.
-.Pp
-.Fn X509_STORE_CTX_set_default
-looks up and sets the default verification method to
-.Fa name .
-This uses the function
-.Xr X509_VERIFY_PARAM_lookup 3
-to find an appropriate set of parameters from
-.Fa name .
-.Pp
 The certificates and CRLs in a store are used internally and should
 .Sy not
 be freed up until after the associated
@@ -383,20 +333,11 @@ returns the internal pointer
 to the set of additional, untrusted certificates or
 .Dv NULL
 if no set of additional certificates was provided.
-.Pp
-.Fn X509_STORE_CTX_get0_param
-returns a pointer to an
-.Vt X509_VERIFY_PARAM
-structure or
-.Dv NULL
-if an error occurred.
-.Pp
-.Fn X509_STORE_CTX_set_default
-returns 1 for success or 0 if an error occurred.
 .Sh SEE ALSO
 .Xr X509_CRL_new 3 ,
 .Xr X509_STORE_CTX_get_error 3 ,
 .Xr X509_STORE_CTX_get_ex_new_index 3 ,
+.Xr X509_STORE_CTX_set_flags 3 ,
 .Xr X509_STORE_new 3 ,
 .Xr X509_STORE_set1_param 3 ,
 .Xr X509_verify_cert 3 ,
@@ -417,19 +358,9 @@ first appeared in OpenSSL 0.9.5 and have been available since
 .Ox 2.7 .
 .Pp
 .Fn X509_STORE_CTX_trusted_stack
-and
+first appeared in OpenSSL 0.9.6 and has been available since
-.Fn X509_STORE_CTX_set_flags
-first appeared in OpenSSL 0.9.6 and have been available since
 .Ox 2.9 .
 .Pp
-.Fn X509_STORE_CTX_set0_crls ,
-.Fn X509_STORE_CTX_get0_param ,
-.Fn X509_STORE_CTX_set0_param ,
-and
-.Fn X509_STORE_CTX_set_default
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
 .Fn X509_STORE_CTX_get0_store
 first appeared in OpenSSL 1.0.2.
 .Fn X509_STORE_CTX_set0_trusted_stack ,
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3
new file mode 100644
index 0000000000..f15ec5f16f
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3
@@ -0,0 +1,166 @@
+.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.1 2021/07/22 17:11:14 schwarze Exp $
+.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
+.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
+.\"
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2009 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: July 22 2021 $
+.Dt X509_STORE_CTX_SET_FLAGS 3
+.Os
+.Sh NAME
+.Nm X509_STORE_CTX_set_flags ,
+.Nm X509_STORE_CTX_get0_param ,
+.Nm X509_STORE_CTX_set0_param ,
+.Nm X509_STORE_CTX_set_default
+.Nd X509_STORE_CTX parameter initialisation
+.Sh SYNOPSIS
+.In openssl/x509_vfy.h
+.Ft void
+.Fo X509_STORE_CTX_set_flags
+.Fa "X509_STORE_CTX *ctx"
+.Fa "unsigned long flags"
+.Fc
+.Ft X509_VERIFY_PARAM *
+.Fo X509_STORE_CTX_get0_param
+.Fa "X509_STORE_CTX *ctx"
+.Fc
+.Ft void
+.Fo X509_STORE_CTX_set0_param
+.Fa "X509_STORE_CTX *ctx"
+.Fa "X509_VERIFY_PARAM *param"
+.Fc
+.Ft int
+.Fo X509_STORE_CTX_set_default
+.Fa "X509_STORE_CTX *ctx"
+.Fa "const char *name"
+.Fc
+.Sh DESCRIPTION
+These functions operate on the
+.Vt X509_VERIFY_PARAM
+object used by
+.Fa ctx .
+Usually,
+.Xr X509_STORE_CTX_init 3
+is called on
+.Fa ctx
+before these functions, and
+.Xr X509_verify_cert 3
+afterwards.
+.Pp
+.Fn X509_STORE_CTX_set_flags
+sets the internal verification parameter flags to
+.Fa flags .
+See
+.Xr X509_VERIFY_PARAM_set_flags 3
+for a description of the verification flags.
+.Pp
+.Fn X509_STORE_CTX_get0_param
+retrieves an internal pointer to the verification parameters associated
+with
+.Fa ctx .
+.Pp
+.Fn X509_STORE_CTX_set0_param
+sets the internal verification parameter pointer to
+.Fa param .
+After this call
+.Fa param
+should not be used.
+.Pp
+.Fn X509_STORE_CTX_set_default
+looks up and sets the default verification method to
+.Fa name .
+This uses the function
+.Xr X509_VERIFY_PARAM_lookup 3
+to find an appropriate set of parameters from
+.Fa name .
+.Sh RETURN VALUES
+.Fn X509_STORE_CTX_get0_param
+returns a pointer to an
+.Vt X509_VERIFY_PARAM
+structure or
+.Dv NULL
+if an error occurred.
+.Pp
+.Fn X509_STORE_CTX_set_default
+returns 1 for success or 0 if an error occurred.
+.Sh SEE ALSO
+.Xr X509_STORE_CTX_get_error 3 ,
+.Xr X509_STORE_CTX_new 3 ,
+.Xr X509_STORE_new 3 ,
+.Xr X509_STORE_set1_param 3 ,
+.Xr X509_verify_cert 3 ,
+.Xr X509_VERIFY_PARAM_set_flags 3
+.Sh HISTORY
+.Fn X509_STORE_CTX_set_flags
+first appeared in OpenSSL 0.9.6 and has been available since
+.Ox 2.9 .
+.Pp
+.Fn X509_STORE_CTX_get0_param ,
+.Fn X509_STORE_CTX_set0_param ,
+and
+.Fn X509_STORE_CTX_set_default
+first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
author	schwarze <>	2021-07-22 17:11:14 +0000
committer	schwarze <>	2021-07-22 17:11:14 +0000
commit	8a2b2d46e4614778f81e571b6d148f20ded9db18 (patch)
tree	812181472a93383900f4fa0737302c70b0b7d58b /src/lib
parent	88e7569f0df9996c3b42ffff7d73a3a9b210faf0 (diff)
download	openbsd-8a2b2d46e4614778f81e571b6d148f20ded9db18.tar.gz openbsd-8a2b2d46e4614778f81e571b6d148f20ded9db18.tar.bz2 openbsd-8a2b2d46e4614778f81e571b6d148f20ded9db18.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index c7375752bb..fd8655d5b6 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.183 2021/07/20 17:31:32 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.184 2021/07/22 17:11:14 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -298,6 +298,7 @@ MAN= \
298	X509_STORE_CTX_get_error.3 \	298	X509_STORE_CTX_get_error.3 \
299	X509_STORE_CTX_get_ex_new_index.3 \	299	X509_STORE_CTX_get_ex_new_index.3 \
300	X509_STORE_CTX_new.3 \	300	X509_STORE_CTX_new.3 \
		301	X509_STORE_CTX_set_flags.3 \
301	X509_STORE_CTX_set_verify_cb.3 \	302	X509_STORE_CTX_set_verify_cb.3 \
302	X509_STORE_load_locations.3 \	303	X509_STORE_load_locations.3 \
303	X509_STORE_new.3 \	304	X509_STORE_new.3 \


diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 index 17faeb3f13..d29bcf10fc 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.21 2021/07/22 14:30:38 schwarze Exp $	1	.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.22 2021/07/22 17:11:14 schwarze Exp $
2	.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100	2	.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\"	4	.\"
@@ -84,11 +84,7 @@
84	.Nm X509_STORE_CTX_set_chain ,	84	.Nm X509_STORE_CTX_set_chain ,
85	.Nm X509_STORE_CTX_set0_untrusted ,	85	.Nm X509_STORE_CTX_set0_untrusted ,
86	.Nm X509_STORE_CTX_get0_untrusted ,	86	.Nm X509_STORE_CTX_get0_untrusted ,
87	.Nm X509_STORE_CTX_set0_crls ,	87	.Nm X509_STORE_CTX_set0_crls
88	.Nm X509_STORE_CTX_set_flags ,
89	.Nm X509_STORE_CTX_get0_param ,
90	.Nm X509_STORE_CTX_set0_param ,
91	.Nm X509_STORE_CTX_set_default
92	.Nd X509_STORE_CTX initialisation	88	.Nd X509_STORE_CTX initialisation
93	.Sh SYNOPSIS	89	.Sh SYNOPSIS
94	.In openssl/x509_vfy.h	90	.In openssl/x509_vfy.h
@@ -151,25 +147,6 @@
151	.Fa "X509_STORE_CTX *ctx"	147	.Fa "X509_STORE_CTX *ctx"
152	.Fa "STACK_OF(X509_CRL) *sk"	148	.Fa "STACK_OF(X509_CRL) *sk"
153	.Fc	149	.Fc
154	.Ft void
155	.Fo X509_STORE_CTX_set_flags
156	.Fa "X509_STORE_CTX *ctx"
157	.Fa "unsigned long flags"
158	.Fc
159	.Ft X509_VERIFY_PARAM *
160	.Fo X509_STORE_CTX_get0_param
161	.Fa "X509_STORE_CTX *ctx"
162	.Fc
163	.Ft void
164	.Fo X509_STORE_CTX_set0_param
165	.Fa "X509_STORE_CTX *ctx"
166	.Fa "X509_VERIFY_PARAM *param"
167	.Fc
168	.Ft int
169	.Fo X509_STORE_CTX_set_default
170	.Fa "X509_STORE_CTX *ctx"
171	.Fa "const char *name"
172	.Fc
173	.Sh DESCRIPTION	150	.Sh DESCRIPTION
174	These functions initialise an	151	These functions initialise an
175	.Vt X509_STORE_CTX	152	.Vt X509_STORE_CTX
@@ -306,33 +283,6 @@ structure.
306	This might be used where additional "useful" CRLs are supplied as part	283	This might be used where additional "useful" CRLs are supplied as part
307	of a protocol, for example in a PKCS#7 structure.	284	of a protocol, for example in a PKCS#7 structure.
308	.Pp	285	.Pp
309	.Fn X509_STORE_CTX_set_flags
310	sets the internal verification parameter flags to
311	.Fa flags .
312	See
313	.Xr X509_VERIFY_PARAM_set_flags 3
314	for a description of the verification flags.
315	.Pp
316	.Fn X509_STORE_CTX_get0_param
317	retrieves an internal pointer to the verification parameters associated
318	with
319	.Fa ctx .
320	.Pp
321	.Fn X509_STORE_CTX_set0_param
322	sets the internal verification parameter pointer to
323	.Fa param .
324	After this call
325	.Fa param
326	should not be used.
327	.Pp
328	.Fn X509_STORE_CTX_set_default
329	looks up and sets the default verification method to
330	.Fa name .
331	This uses the function
332	.Xr X509_VERIFY_PARAM_lookup 3
333	to find an appropriate set of parameters from
334	.Fa name .
335	.Pp
336	The certificates and CRLs in a store are used internally and should	286	The certificates and CRLs in a store are used internally and should
337	.Sy not	287	.Sy not
338	be freed up until after the associated	288	be freed up until after the associated
@@ -383,20 +333,11 @@ returns the internal pointer
383	to the set of additional, untrusted certificates or	333	to the set of additional, untrusted certificates or
384	.Dv NULL	334	.Dv NULL
385	if no set of additional certificates was provided.	335	if no set of additional certificates was provided.
386	.Pp
387	.Fn X509_STORE_CTX_get0_param
388	returns a pointer to an
389	.Vt X509_VERIFY_PARAM
390	structure or
391	.Dv NULL
392	if an error occurred.
393	.Pp
394	.Fn X509_STORE_CTX_set_default
395	returns 1 for success or 0 if an error occurred.
396	.Sh SEE ALSO	336	.Sh SEE ALSO
397	.Xr X509_CRL_new 3 ,	337	.Xr X509_CRL_new 3 ,
398	.Xr X509_STORE_CTX_get_error 3 ,	338	.Xr X509_STORE_CTX_get_error 3 ,
399	.Xr X509_STORE_CTX_get_ex_new_index 3 ,	339	.Xr X509_STORE_CTX_get_ex_new_index 3 ,
		340	.Xr X509_STORE_CTX_set_flags 3 ,
400	.Xr X509_STORE_new 3 ,	341	.Xr X509_STORE_new 3 ,
401	.Xr X509_STORE_set1_param 3 ,	342	.Xr X509_STORE_set1_param 3 ,
402	.Xr X509_verify_cert 3 ,	343	.Xr X509_verify_cert 3 ,
@@ -417,19 +358,9 @@ first appeared in OpenSSL 0.9.5 and have been available since
417	.Ox 2.7 .	358	.Ox 2.7 .
418	.Pp	359	.Pp
419	.Fn X509_STORE_CTX_trusted_stack	360	.Fn X509_STORE_CTX_trusted_stack
420	and	361	first appeared in OpenSSL 0.9.6 and has been available since
421	.Fn X509_STORE_CTX_set_flags
422	first appeared in OpenSSL 0.9.6 and have been available since
423	.Ox 2.9 .	362	.Ox 2.9 .
424	.Pp	363	.Pp
425	.Fn X509_STORE_CTX_set0_crls ,
426	.Fn X509_STORE_CTX_get0_param ,
427	.Fn X509_STORE_CTX_set0_param ,
428	and
429	.Fn X509_STORE_CTX_set_default
430	first appeared in OpenSSL 0.9.8 and have been available since
431	.Ox 4.5 .
432	.Pp
433	.Fn X509_STORE_CTX_get0_store	364	.Fn X509_STORE_CTX_get0_store
434	first appeared in OpenSSL 1.0.2.	365	first appeared in OpenSSL 1.0.2.
435	.Fn X509_STORE_CTX_set0_trusted_stack ,	366	.Fn X509_STORE_CTX_set0_trusted_stack ,


diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 new file mode 100644 index 0000000000..f15ec5f16f --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3
@@ -0,0 +1,166 @@
		1	.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.1 2021/07/22 17:11:14 schwarze Exp $
		2	.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
		3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
		4	.\"
		5	.\" This file is a derived work.
		6	.\" The changes are covered by the following Copyright and license:
		7	.\"
		8	.\" Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
		9	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		10	.\"
		11	.\" Permission to use, copy, modify, and distribute this software for any
		12	.\" purpose with or without fee is hereby granted, provided that the above
		13	.\" copyright notice and this permission notice appear in all copies.
		14	.\"
		15	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
		16	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		17	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
		18	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		19	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		20	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		21	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		22	.\"
		23	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
		24	.\" Copyright (c) 2009 The OpenSSL Project. All rights reserved.
		25	.\"
		26	.\" Redistribution and use in source and binary forms, with or without
		27	.\" modification, are permitted provided that the following conditions
		28	.\" are met:
		29	.\"
		30	.\" 1. Redistributions of source code must retain the above copyright
		31	.\" notice, this list of conditions and the following disclaimer.
		32	.\"
		33	.\" 2. Redistributions in binary form must reproduce the above copyright
		34	.\" notice, this list of conditions and the following disclaimer in
		35	.\" the documentation and/or other materials provided with the
		36	.\" distribution.
		37	.\"
		38	.\" 3. All advertising materials mentioning features or use of this
		39	.\" software must display the following acknowledgment:
		40	.\" "This product includes software developed by the OpenSSL Project
		41	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		42	.\"
		43	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		44	.\" endorse or promote products derived from this software without
		45	.\" prior written permission. For written permission, please contact
		46	.\" openssl-core@openssl.org.
		47	.\"
		48	.\" 5. Products derived from this software may not be called "OpenSSL"
		49	.\" nor may "OpenSSL" appear in their names without prior written
		50	.\" permission of the OpenSSL Project.
		51	.\"
		52	.\" 6. Redistributions of any form whatsoever must retain the following
		53	.\" acknowledgment:
		54	.\" "This product includes software developed by the OpenSSL Project
		55	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		56	.\"
		57	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		58	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		59	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		60	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		61	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		62	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		63	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		64	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		65	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		66	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		69	.\"
		70	.Dd $Mdocdate: July 22 2021 $
		71	.Dt X509_STORE_CTX_SET_FLAGS 3
		72	.Os
		73	.Sh NAME
		74	.Nm X509_STORE_CTX_set_flags ,
		75	.Nm X509_STORE_CTX_get0_param ,
		76	.Nm X509_STORE_CTX_set0_param ,
		77	.Nm X509_STORE_CTX_set_default
		78	.Nd X509_STORE_CTX parameter initialisation
		79	.Sh SYNOPSIS
		80	.In openssl/x509_vfy.h
		81	.Ft void
		82	.Fo X509_STORE_CTX_set_flags
		83	.Fa "X509_STORE_CTX *ctx"
		84	.Fa "unsigned long flags"
		85	.Fc
		86	.Ft X509_VERIFY_PARAM *
		87	.Fo X509_STORE_CTX_get0_param
		88	.Fa "X509_STORE_CTX *ctx"
		89	.Fc
		90	.Ft void
		91	.Fo X509_STORE_CTX_set0_param
		92	.Fa "X509_STORE_CTX *ctx"
		93	.Fa "X509_VERIFY_PARAM *param"
		94	.Fc
		95	.Ft int
		96	.Fo X509_STORE_CTX_set_default
		97	.Fa "X509_STORE_CTX *ctx"
		98	.Fa "const char *name"
		99	.Fc
		100	.Sh DESCRIPTION
		101	These functions operate on the
		102	.Vt X509_VERIFY_PARAM
		103	object used by
		104	.Fa ctx .
		105	Usually,
		106	.Xr X509_STORE_CTX_init 3
		107	is called on
		108	.Fa ctx
		109	before these functions, and
		110	.Xr X509_verify_cert 3
		111	afterwards.
		112	.Pp
		113	.Fn X509_STORE_CTX_set_flags
		114	sets the internal verification parameter flags to
		115	.Fa flags .
		116	See
		117	.Xr X509_VERIFY_PARAM_set_flags 3
		118	for a description of the verification flags.
		119	.Pp
		120	.Fn X509_STORE_CTX_get0_param
		121	retrieves an internal pointer to the verification parameters associated
		122	with
		123	.Fa ctx .
		124	.Pp
		125	.Fn X509_STORE_CTX_set0_param
		126	sets the internal verification parameter pointer to
		127	.Fa param .
		128	After this call
		129	.Fa param
		130	should not be used.
		131	.Pp
		132	.Fn X509_STORE_CTX_set_default
		133	looks up and sets the default verification method to
		134	.Fa name .
		135	This uses the function
		136	.Xr X509_VERIFY_PARAM_lookup 3
		137	to find an appropriate set of parameters from
		138	.Fa name .
		139	.Sh RETURN VALUES
		140	.Fn X509_STORE_CTX_get0_param
		141	returns a pointer to an
		142	.Vt X509_VERIFY_PARAM
		143	structure or
		144	.Dv NULL
		145	if an error occurred.
		146	.Pp
		147	.Fn X509_STORE_CTX_set_default
		148	returns 1 for success or 0 if an error occurred.
		149	.Sh SEE ALSO
		150	.Xr X509_STORE_CTX_get_error 3 ,
		151	.Xr X509_STORE_CTX_new 3 ,
		152	.Xr X509_STORE_new 3 ,
		153	.Xr X509_STORE_set1_param 3 ,
		154	.Xr X509_verify_cert 3 ,
		155	.Xr X509_VERIFY_PARAM_set_flags 3
		156	.Sh HISTORY
		157	.Fn X509_STORE_CTX_set_flags
		158	first appeared in OpenSSL 0.9.6 and has been available since
		159	.Ox 2.9 .
		160	.Pp
		161	.Fn X509_STORE_CTX_get0_param ,
		162	.Fn X509_STORE_CTX_set0_param ,
		163	and
		164	.Fn X509_STORE_CTX_set_default
		165	first appeared in OpenSSL 0.9.8 and have been available since
		166	.Ox 4.5 .