diff options
| author | schwarze <> | 2021-11-17 16:08:32 +0000 |
|---|---|---|
| committer | schwarze <> | 2021-11-17 16:08:32 +0000 |
| commit | 8c1761a51aa50ec3f12696927791681f5d155db6 (patch) | |
| tree | b482c5bb492a64e0f9db616bf3b40910b8ce4eff /src/lib | |
| parent | 1e3c032a54098351c348cfd0269ea0030e6454eb (diff) | |
| download | openbsd-8c1761a51aa50ec3f12696927791681f5d155db6.tar.gz openbsd-8c1761a51aa50ec3f12696927791681f5d155db6.tar.bz2 openbsd-8c1761a51aa50ec3f12696927791681f5d155db6.zip | |
In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ provided
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/man/Makefile | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 7 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_CTX_new.3 | 7 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 | 7 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 | 167 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 | 11 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_new.3 | 7 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 | 40 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 6 |
9 files changed, 209 insertions, 46 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 46ca3ba3d4..830c556849 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.215 2021/11/15 16:18:36 schwarze Exp $ | 1 | # $OpenBSD: Makefile,v 1.216 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | 4 | ||
| @@ -322,6 +322,7 @@ MAN= \ | |||
| 322 | X509_STORE_CTX_get_ex_new_index.3 \ | 322 | X509_STORE_CTX_get_ex_new_index.3 \ |
| 323 | X509_STORE_CTX_new.3 \ | 323 | X509_STORE_CTX_new.3 \ |
| 324 | X509_STORE_CTX_set_flags.3 \ | 324 | X509_STORE_CTX_set_flags.3 \ |
| 325 | X509_STORE_CTX_set_verify.3 \ | ||
| 325 | X509_STORE_CTX_set_verify_cb.3 \ | 326 | X509_STORE_CTX_set_verify_cb.3 \ |
| 326 | X509_STORE_get_by_subject.3 \ | 327 | X509_STORE_get_by_subject.3 \ |
| 327 | X509_STORE_load_locations.3 \ | 328 | X509_STORE_load_locations.3 \ |
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 36ea311dce..7bfc01228f 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.19 2021/11/16 12:06:57 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.20 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: | 2 | .\" full merge up to: |
| 3 | .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100 | 3 | .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100 |
| 4 | .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100 | 4 | .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100 |
| @@ -68,7 +68,7 @@ | |||
| 68 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 68 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 69 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 69 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 70 | .\" | 70 | .\" |
| 71 | .Dd $Mdocdate: November 16 2021 $ | 71 | .Dd $Mdocdate: November 17 2021 $ |
| 72 | .Dt X509_STORE_CTX_GET_ERROR 3 | 72 | .Dt X509_STORE_CTX_GET_ERROR 3 |
| 73 | .Os | 73 | .Os |
| 74 | .Sh NAME | 74 | .Sh NAME |
| @@ -532,6 +532,9 @@ This will never be returned unless explicitly set by an application. | |||
| 532 | .Xr X509_policy_check 3 , | 532 | .Xr X509_policy_check 3 , |
| 533 | .Xr X509_policy_tree_level_count 3 , | 533 | .Xr X509_policy_tree_level_count 3 , |
| 534 | .Xr X509_STORE_CTX_new 3 , | 534 | .Xr X509_STORE_CTX_new 3 , |
| 535 | .Xr X509_STORE_CTX_set_verify 3 , | ||
| 536 | .Xr X509_STORE_CTX_set_verify_cb 3 , | ||
| 537 | .Xr X509_STORE_set_verify_cb 3 , | ||
| 535 | .Xr X509_up_ref 3 , | 538 | .Xr X509_up_ref 3 , |
| 536 | .Xr X509_verify_cert 3 | 539 | .Xr X509_verify_cert 3 |
| 537 | .Sh HISTORY | 540 | .Sh HISTORY |
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 index d1aca9527b..a10742ff05 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_CTX_new.3,v 1.25 2021/10/18 18:20:39 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_CTX_new.3,v 1.26 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 | 2 | .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 |
| 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 | 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 |
| 4 | .\" | 4 | .\" |
| @@ -67,7 +67,7 @@ | |||
| 67 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 67 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 68 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 68 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 69 | .\" | 69 | .\" |
| 70 | .Dd $Mdocdate: October 18 2021 $ | 70 | .Dd $Mdocdate: November 17 2021 $ |
| 71 | .Dt X509_STORE_CTX_NEW 3 | 71 | .Dt X509_STORE_CTX_NEW 3 |
| 72 | .Os | 72 | .Os |
| 73 | .Sh NAME | 73 | .Sh NAME |
| @@ -323,9 +323,12 @@ if no set of additional certificates was provided. | |||
| 323 | .Xr X509_STORE_CTX_get_error 3 , | 323 | .Xr X509_STORE_CTX_get_error 3 , |
| 324 | .Xr X509_STORE_CTX_get_ex_new_index 3 , | 324 | .Xr X509_STORE_CTX_get_ex_new_index 3 , |
| 325 | .Xr X509_STORE_CTX_set_flags 3 , | 325 | .Xr X509_STORE_CTX_set_flags 3 , |
| 326 | .Xr X509_STORE_CTX_set_verify 3 , | ||
| 327 | .Xr X509_STORE_CTX_set_verify_cb 3 , | ||
| 326 | .Xr X509_STORE_get_by_subject 3 , | 328 | .Xr X509_STORE_get_by_subject 3 , |
| 327 | .Xr X509_STORE_new 3 , | 329 | .Xr X509_STORE_new 3 , |
| 328 | .Xr X509_STORE_set1_param 3 , | 330 | .Xr X509_STORE_set1_param 3 , |
| 331 | .Xr X509_STORE_set_verify_cb 3 , | ||
| 329 | .Xr X509_verify_cert 3 , | 332 | .Xr X509_verify_cert 3 , |
| 330 | .Xr X509_VERIFY_PARAM_inherit 3 , | 333 | .Xr X509_VERIFY_PARAM_inherit 3 , |
| 331 | .Xr X509_VERIFY_PARAM_set_flags 3 | 334 | .Xr X509_VERIFY_PARAM_set_flags 3 |
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 index 4307a3ae98..2ac76951fa 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.5 2021/10/18 18:20:39 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.6 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 | 2 | .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 |
| 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 | 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 |
| 4 | .\" | 4 | .\" |
| @@ -67,7 +67,7 @@ | |||
| 67 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 67 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 68 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 68 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 69 | .\" | 69 | .\" |
| 70 | .Dd $Mdocdate: October 18 2021 $ | 70 | .Dd $Mdocdate: November 17 2021 $ |
| 71 | .Dt X509_STORE_CTX_SET_FLAGS 3 | 71 | .Dt X509_STORE_CTX_SET_FLAGS 3 |
| 72 | .Os | 72 | .Os |
| 73 | .Sh NAME | 73 | .Sh NAME |
| @@ -392,8 +392,11 @@ The other functions provide no diagnostics. | |||
| 392 | .Sh SEE ALSO | 392 | .Sh SEE ALSO |
| 393 | .Xr X509_STORE_CTX_get_error 3 , | 393 | .Xr X509_STORE_CTX_get_error 3 , |
| 394 | .Xr X509_STORE_CTX_new 3 , | 394 | .Xr X509_STORE_CTX_new 3 , |
| 395 | .Xr X509_STORE_CTX_set_verify 3 , | ||
| 396 | .Xr X509_STORE_CTX_set_verify_cb 3 , | ||
| 395 | .Xr X509_STORE_new 3 , | 397 | .Xr X509_STORE_new 3 , |
| 396 | .Xr X509_STORE_set1_param 3 , | 398 | .Xr X509_STORE_set1_param 3 , |
| 399 | .Xr X509_STORE_set_verify_cb 3 , | ||
| 397 | .Xr X509_verify_cert 3 , | 400 | .Xr X509_verify_cert 3 , |
| 398 | .Xr X509_VERIFY_PARAM_new 3 , | 401 | .Xr X509_VERIFY_PARAM_new 3 , |
| 399 | .Xr X509_VERIFY_PARAM_set_flags 3 | 402 | .Xr X509_VERIFY_PARAM_set_flags 3 |
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 new file mode 100644 index 0000000000..a68ade6b3f --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 | |||
| @@ -0,0 +1,167 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.1 2021/11/17 16:08:32 schwarze Exp $ | ||
| 2 | .\" | ||
| 3 | .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> | ||
| 4 | .\" | ||
| 5 | .\" Permission to use, copy, modify, and distribute this software for any | ||
| 6 | .\" purpose with or without fee is hereby granted, provided that the above | ||
| 7 | .\" copyright notice and this permission notice appear in all copies. | ||
| 8 | .\" | ||
| 9 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | .\" | ||
| 17 | .Dd $Mdocdate: November 17 2021 $ | ||
| 18 | .Dt X509_STORE_CTX_SET_VERIFY 3 | ||
| 19 | .Os | ||
| 20 | .\" ds LIBRESSL_NEW_API | ||
| 21 | .Sh NAME | ||
| 22 | .if dLIBRESSL_NEW_API \{\ | ||
| 23 | .Nm X509_STORE_CTX_verify_fn , | ||
| 24 | .\} | ||
| 25 | .Nm X509_STORE_CTX_set_verify , | ||
| 26 | .ie dLIBRESSL_NEW_API \{\ | ||
| 27 | .Nm X509_STORE_CTX_get_verify , | ||
| 28 | .Nm X509_STORE_set_verify , | ||
| 29 | .Nm X509_STORE_set_verify_func | ||
| 30 | .\} | ||
| 31 | .el \{\ | ||
| 32 | .Nm X509_STORE_CTX_get_verify | ||
| 33 | .\} | ||
| 34 | .Nd user-defined certificate chain verification function | ||
| 35 | .Sh SYNOPSIS | ||
| 36 | .In openssl/x509_vfy.h | ||
| 37 | .if dLIBRESSL_NEW_API \{\ | ||
| 38 | .Ft typedef int | ||
| 39 | .Fo "(*X509_STORE_CTX_verify_fn)" | ||
| 40 | .Fa "X509_STORE_CTX *ctx" | ||
| 41 | .Fc | ||
| 42 | .\} | ||
| 43 | .Ft void | ||
| 44 | .Fo X509_STORE_CTX_set_verify | ||
| 45 | .Fa "X509_STORE_CTX *ctx" | ||
| 46 | .ie dLIBRESSL_NEW_API \{\ | ||
| 47 | .Fa "X509_STORE_CTX_verify_fn verify" | ||
| 48 | .\} | ||
| 49 | .el \{\ | ||
| 50 | .Fa "int (*verify)(X509_STORE_CTX *)" | ||
| 51 | .\} | ||
| 52 | .Fc | ||
| 53 | .ie dLIBRESSL_NEW_API \{\ | ||
| 54 | .Ft X509_STORE_CTX_verify_fn | ||
| 55 | .Fo X509_STORE_CTX_get_verify | ||
| 56 | .\} | ||
| 57 | .el \{\ | ||
| 58 | .Ft int | ||
| 59 | .Fo "(*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))" | ||
| 60 | .\} | ||
| 61 | .Fa "X509_STORE_CTX *ctx" | ||
| 62 | .Fc | ||
| 63 | .if dLIBRESSL_NEW_API \{\ | ||
| 64 | .Ft void | ||
| 65 | .Fo X509_STORE_set_verify | ||
| 66 | .Fa "X509_STORE *store" | ||
| 67 | .Fa "X509_STORE_CTX_verify_fn verify" | ||
| 68 | .Fc | ||
| 69 | .Ft void | ||
| 70 | .Fo X509_STORE_set_verify_func | ||
| 71 | .Fa "X509_STORE *store" | ||
| 72 | .Fa "X509_STORE_CTX_verify_fn verify" | ||
| 73 | .Fc | ||
| 74 | .\} | ||
| 75 | .Sh DESCRIPTION | ||
| 76 | .Fn X509_STORE_CTX_set_verify | ||
| 77 | configures | ||
| 78 | .Fa ctx | ||
| 79 | to use the | ||
| 80 | .Fa verify | ||
| 81 | argument as the X.509 certificate chain verification function instead | ||
| 82 | of the default verification function built into the library when | ||
| 83 | .Xr X509_verify_cert 3 | ||
| 84 | is called. | ||
| 85 | .Pp | ||
| 86 | The | ||
| 87 | .Fa verify | ||
| 88 | function provided by the user is only called if the | ||
| 89 | .Dv X509_V_FLAG_LEGACY_VERIFY | ||
| 90 | or | ||
| 91 | .Dv X509_V_FLAG_NO_ALT_CHAINS | ||
| 92 | flag was set on | ||
| 93 | .Fa ctx | ||
| 94 | using | ||
| 95 | .Xr X509_STORE_CTX_set_flags 3 | ||
| 96 | or | ||
| 97 | .Xr X509_VERIFY_PARAM_set_flags 3 . | ||
| 98 | Otherwise, it is ignored and a different algorithm is used that does | ||
| 99 | not support replacing the verification function. | ||
| 100 | .if dLIBRESSL_NEW_API \{\ | ||
| 101 | .Pp | ||
| 102 | .Fn X509_STORE_set_verify | ||
| 103 | saves the function pointer | ||
| 104 | .Fa verify | ||
| 105 | in the given | ||
| 106 | .Fa store | ||
| 107 | object. | ||
| 108 | That pointer will be copied to an | ||
| 109 | .Vt X509_STORE_CTX | ||
| 110 | object when | ||
| 111 | .Fa store | ||
| 112 | is later passed as an argument to | ||
| 113 | .Xr X509_STORE_CTX_init 3 . | ||
| 114 | .Pp | ||
| 115 | .Fn X509_STORE_set_verify_func | ||
| 116 | is an alias for | ||
| 117 | .Fn X509_STORE_set_verify | ||
| 118 | implemented as a macro. | ||
| 119 | .\} | ||
| 120 | .Sh RETURN VALUES | ||
| 121 | .if dLIBRESSL_NEW_API \{\ | ||
| 122 | .Fn X509_STORE_CTX_verify_fn | ||
| 123 | is supposed to return 1 to indicate that the chain is valid | ||
| 124 | or 0 if it is not or if an error occurred. | ||
| 125 | .Pp | ||
| 126 | .\} | ||
| 127 | .Fn X509_STORE_CTX_get_verify | ||
| 128 | returns a function pointer to the function previously set with | ||
| 129 | .Fn X509_STORE_CTX_set_verify | ||
| 130 | or | ||
| 131 | .Xr X509_STORE_CTX_init 3 , | ||
| 132 | or | ||
| 133 | .Dv NULL | ||
| 134 | if | ||
| 135 | .Fa ctx | ||
| 136 | is uninitialized. | ||
| 137 | .Sh SEE ALSO | ||
| 138 | .Xr X509_STORE_CTX_init 3 , | ||
| 139 | .Xr X509_STORE_CTX_set_error 3 , | ||
| 140 | .Xr X509_STORE_CTX_set_flags 3 , | ||
| 141 | .Xr X509_STORE_CTX_set_verify_cb 3 , | ||
| 142 | .Xr X509_STORE_new 3 , | ||
| 143 | .Xr X509_STORE_set_flags 3 , | ||
| 144 | .Xr X509_STORE_set_verify_cb 3 , | ||
| 145 | .Xr X509_verify_cert 3 , | ||
| 146 | .Xr X509_VERIFY_PARAM_set_flags 3 | ||
| 147 | .Sh HISTORY | ||
| 148 | .if dLIBRESSL_NEW_API \{\ | ||
| 149 | .Fn X509_STORE_set_verify_func | ||
| 150 | first appeared in SSLeay 0.8.0 and has been available since | ||
| 151 | .Ox 2.4 . | ||
| 152 | .Pp | ||
| 153 | .\} | ||
| 154 | .Fn X509_STORE_CTX_set_verify | ||
| 155 | and | ||
| 156 | .Fn X509_STORE_CTX_get_verify | ||
| 157 | first appeared in OpenSSL 1.1.0 and have been available since | ||
| 158 | .Ox 7.1 . | ||
| 159 | .if dLIBRESSL_NEW_API \{\ | ||
| 160 | .Pp | ||
| 161 | .Fn X509_STORE_CTX_verify_fn | ||
| 162 | and | ||
| 163 | .Fn X509_STORE_set_verify | ||
| 164 | first appeared in OpenSSL 1.1.0 and have been available since | ||
| 165 | .reminder Check the version number! | ||
| 166 | .Ox 7.1 . | ||
| 167 | .\} | ||
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index bf0c6af40d..2c16230a32 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.6 2021/11/16 14:07:57 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.7 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 | 2 | .\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 |
| 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 | 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 |
| 4 | .\" | 4 | .\" |
| @@ -66,7 +66,7 @@ | |||
| 66 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 66 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 67 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 67 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 68 | .\" | 68 | .\" |
| 69 | .Dd $Mdocdate: November 16 2021 $ | 69 | .Dd $Mdocdate: November 17 2021 $ |
| 70 | .Dt X509_STORE_CTX_SET_VERIFY_CB 3 | 70 | .Dt X509_STORE_CTX_SET_VERIFY_CB 3 |
| 71 | .Os | 71 | .Os |
| 72 | .Sh NAME | 72 | .Sh NAME |
| @@ -253,7 +253,12 @@ verify_callback(int ok, X509_STORE_CTX *ctx) | |||
| 253 | .Sh SEE ALSO | 253 | .Sh SEE ALSO |
| 254 | .Xr X509_STORE_CTX_get_error 3 , | 254 | .Xr X509_STORE_CTX_get_error 3 , |
| 255 | .Xr X509_STORE_CTX_get_ex_new_index 3 , | 255 | .Xr X509_STORE_CTX_get_ex_new_index 3 , |
| 256 | .Xr X509_STORE_set_verify_cb_func 3 | 256 | .Xr X509_STORE_CTX_new 3 , |
| 257 | .Xr X509_STORE_CTX_set_error 3 , | ||
| 258 | .Xr X509_STORE_CTX_set_flags 3 , | ||
| 259 | .Xr X509_STORE_set_verify_cb 3 , | ||
| 260 | .Xr X509_verify_cert 3 , | ||
| 261 | .Xr X509_VERIFY_PARAM_set_flags 3 | ||
| 257 | .Sh HISTORY | 262 | .Sh HISTORY |
| 258 | .Fn X509_STORE_CTX_set_verify_cb | 263 | .Fn X509_STORE_CTX_set_verify_cb |
| 259 | first appeared in OpenSSL 0.9.6c and has been available since | 264 | first appeared in OpenSSL 0.9.6c and has been available since |
diff --git a/src/lib/libcrypto/man/X509_STORE_new.3 b/src/lib/libcrypto/man/X509_STORE_new.3 index c84be75cbb..a17da03a41 100644 --- a/src/lib/libcrypto/man/X509_STORE_new.3 +++ b/src/lib/libcrypto/man/X509_STORE_new.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_new.3,v 1.6 2021/11/09 16:23:04 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_new.3,v 1.7 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 | 2 | .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 |
| 3 | .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 | 3 | .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 |
| 4 | .\" | 4 | .\" |
| @@ -67,7 +67,7 @@ | |||
| 67 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 67 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 68 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 68 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 69 | .\" | 69 | .\" |
| 70 | .Dd $Mdocdate: November 9 2021 $ | 70 | .Dd $Mdocdate: November 17 2021 $ |
| 71 | .Dt X509_STORE_NEW 3 | 71 | .Dt X509_STORE_NEW 3 |
| 72 | .Os | 72 | .Os |
| 73 | .Sh NAME | 73 | .Sh NAME |
| @@ -131,7 +131,8 @@ returns 1 for success and 0 for failure. | |||
| 131 | .Xr X509_STORE_get_ex_new_index 3 , | 131 | .Xr X509_STORE_get_ex_new_index 3 , |
| 132 | .Xr X509_STORE_load_locations 3 , | 132 | .Xr X509_STORE_load_locations 3 , |
| 133 | .Xr X509_STORE_set1_param 3 , | 133 | .Xr X509_STORE_set1_param 3 , |
| 134 | .Xr X509_STORE_set_verify_cb 3 | 134 | .Xr X509_STORE_set_verify_cb 3 , |
| 135 | .Xr X509_verify_cert 3 | ||
| 135 | .Sh HISTORY | 136 | .Sh HISTORY |
| 136 | .Fn X509_STORE_new | 137 | .Fn X509_STORE_new |
| 137 | and | 138 | and |
diff --git a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 59b1feff77..f6d534bbb0 100644 --- a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.10 2021/07/29 10:13:45 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.11 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 | 2 | .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 |
| 3 | .\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100 | 3 | .\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100 |
| 4 | .\" | 4 | .\" |
| @@ -49,13 +49,12 @@ | |||
| 49 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 49 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 50 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 50 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 51 | .\" | 51 | .\" |
| 52 | .Dd $Mdocdate: July 29 2021 $ | 52 | .Dd $Mdocdate: November 17 2021 $ |
| 53 | .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 | 53 | .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 |
| 54 | .Os | 54 | .Os |
| 55 | .Sh NAME | 55 | .Sh NAME |
| 56 | .Nm X509_STORE_set_verify_cb , | 56 | .Nm X509_STORE_set_verify_cb , |
| 57 | .Nm X509_STORE_set_verify_cb_func , | 57 | .Nm X509_STORE_set_verify_cb_func |
| 58 | .Nm X509_STORE_set_verify_func | ||
| 59 | .Nd set verification callback | 58 | .Nd set verification callback |
| 60 | .Sh SYNOPSIS | 59 | .Sh SYNOPSIS |
| 61 | .In openssl/x509_vfy.h | 60 | .In openssl/x509_vfy.h |
| @@ -69,11 +68,6 @@ | |||
| 69 | .Fa "X509_STORE *st" | 68 | .Fa "X509_STORE *st" |
| 70 | .Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" | 69 | .Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" |
| 71 | .Fc | 70 | .Fc |
| 72 | .Ft void | ||
| 73 | .Fo X509_STORE_set_verify_func | ||
| 74 | .Fa "X509_STORE *st" | ||
| 75 | .Fa "int (*verify_func)(X509_STORE_CTX *ctx)" | ||
| 76 | .Fc | ||
| 77 | .Sh DESCRIPTION | 71 | .Sh DESCRIPTION |
| 78 | .Fn X509_STORE_set_verify_cb | 72 | .Fn X509_STORE_set_verify_cb |
| 79 | sets the verification callback of | 73 | sets the verification callback of |
| @@ -93,32 +87,16 @@ structure when it is initialized. | |||
| 93 | This can be used to set the verification callback when the | 87 | This can be used to set the verification callback when the |
| 94 | .Vt X509_STORE_CTX | 88 | .Vt X509_STORE_CTX |
| 95 | is otherwise inaccessible (for example during S/MIME verification). | 89 | is otherwise inaccessible (for example during S/MIME verification). |
| 96 | .Pp | ||
| 97 | .Fn X509_STORE_set_verify_func | ||
| 98 | sets the final chain verification function for | ||
| 99 | .Fa st | ||
| 100 | to | ||
| 101 | .Fa verify_func . | ||
| 102 | Its purpose is to go through the chain of certificates and check | ||
| 103 | that all signatures are valid and that the current time is within | ||
| 104 | the limits of each certificate's first and last validity time. | ||
| 105 | The final chain verification function | ||
| 106 | must return 0 on failure and 1 on success. | ||
| 107 | If | ||
| 108 | .Fn X509_STORE_set_verify_func | ||
| 109 | is not called or called with | ||
| 110 | .Fa verify_func | ||
| 111 | set to a | ||
| 112 | .Dv NULL | ||
| 113 | pointer, the built-in default function is used. | ||
| 114 | .Sh SEE ALSO | 90 | .Sh SEE ALSO |
| 91 | .Xr X509_STORE_CTX_new 3 , | ||
| 92 | .Xr X509_STORE_CTX_set_verify 3 , | ||
| 115 | .Xr X509_STORE_CTX_set_verify_cb 3 , | 93 | .Xr X509_STORE_CTX_set_verify_cb 3 , |
| 116 | .Xr X509_STORE_new 3 | 94 | .Xr X509_STORE_new 3 , |
| 95 | .Xr X509_STORE_set_flags 3 , | ||
| 96 | .Xr X509_verify_cert 3 | ||
| 117 | .Sh HISTORY | 97 | .Sh HISTORY |
| 118 | .Fn X509_STORE_set_verify_cb_func | 98 | .Fn X509_STORE_set_verify_cb_func |
| 119 | and | 99 | first appeared in SSLeay 0.8.0 and has been available since |
| 120 | .Fn X509_STORE_set_verify_func | ||
| 121 | first appeared in SSLeay 0.8.0 and have been available since | ||
| 122 | .Ox 2.4 . | 100 | .Ox 2.4 . |
| 123 | .Pp | 101 | .Pp |
| 124 | .Fn X509_STORE_set_verify_cb | 102 | .Fn X509_STORE_set_verify_cb |
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 6e2c0259c5..3226dabcd3 100644 --- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.20 2021/11/13 19:21:17 schwarze Exp $ | 1 | .\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.21 2021/11/17 16:08:32 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 | 2 | .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 |
| 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 | 3 | .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 |
| 4 | .\" | 4 | .\" |
| @@ -68,7 +68,7 @@ | |||
| 68 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 68 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 69 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 69 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 70 | .\" | 70 | .\" |
| 71 | .Dd $Mdocdate: November 13 2021 $ | 71 | .Dd $Mdocdate: November 17 2021 $ |
| 72 | .Dt X509_VERIFY_PARAM_SET_FLAGS 3 | 72 | .Dt X509_VERIFY_PARAM_SET_FLAGS 3 |
| 73 | .Os | 73 | .Os |
| 74 | .Sh NAME | 74 | .Sh NAME |
| @@ -653,6 +653,8 @@ X509_VERIFY_PARAM_free(param); | |||
| 653 | .Xr SSL_set1_host 3 , | 653 | .Xr SSL_set1_host 3 , |
| 654 | .Xr SSL_set1_param 3 , | 654 | .Xr SSL_set1_param 3 , |
| 655 | .Xr X509_check_host 3 , | 655 | .Xr X509_check_host 3 , |
| 656 | .Xr X509_STORE_CTX_new 3 , | ||
| 657 | .Xr X509_STORE_new 3 , | ||
| 656 | .Xr X509_verify_cert 3 , | 658 | .Xr X509_verify_cert 3 , |
| 657 | .Xr X509_VERIFY_PARAM_new 3 | 659 | .Xr X509_VERIFY_PARAM_new 3 |
| 658 | .Sh HISTORY | 660 | .Sh HISTORY |