Uncomment and document X.509 verifier error codes

These are in actual use, so their meaning should be documented. The remaining commented codes are unused outside of x509_txt.c except for X509_V_ERR_INVALID_NON_CA which looks used at first glance, but it is actually in an unreachable path of the legacy verifier.
author: tb <> 2023-04-21 06:45:56 +0000
committer: tb <> 2023-04-21 06:45:56 +0000
commit: a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac (patch)
tree: cde8e3ea87bfdf758642f5bad2c13152d45a04bb /src/lib
parent: 800bdf8c9aa4299de4237c15d63e4a201a02c594 (diff)
download: openbsd-a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac.tar.gz
openbsd-a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac.tar.bz2
openbsd-a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac.zip
1 files changed, 20 insertions, 10 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index 48af7d9af7..30e4024736 100644
--- a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.25 2022/11/29 19:52:48 tb Exp $
+.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.26 2023/04/21 06:45:56 tb Exp $
 .\" full merge up to:
 .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100
 .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 29 2022 $
+.Dd $Mdocdate: April 21 2023 $
 .Dt X509_STORE_CTX_GET_ERROR 3
 .Os
 .Sh NAME
@@ -485,14 +485,24 @@ This is only set if issuer check debugging is enabled it is used for
 status notification and is
 .Sy not
 in itself an error.
-.\" .It Dv X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER : \
+.It Dv X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER : \
-.\"  No unable to get CRL issuer certificate
+ No unable to get CRL issuer certificate
-.\" .It Dv X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION : \
+The CRL's issuer could not be found:
-.\"  No unhandled critical extension
+there is no alternative CRL issuer set on
-.\" .It Dv X509_V_ERR_KEYUSAGE_NO_CRL_SIGN : \
+.Ar ctx
-.\"  No key usage does not include CRL signing
+and the last certificate in the chain is not self signed.
-.\" .It Dv X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION : \
+.It Dv X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION : \
-.\"  No unhandled critical CRL extension
+ No unhandled critical extension
+The certificate contains a critical extension that is unsupported
+by the library.
+.It Dv X509_V_ERR_KEYUSAGE_NO_CRL_SIGN : \
+ No key usage does not include CRL signing
+The CRL issuer has a key usage extension with unset cRLSign bit.
+.It Dv X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION : \
+ No unhandled critical CRL extension
+The CRL contains a critical extension that is unsupported
+by the library.
+.\" XXX - The following are unreachable (X509_V_ERR_INVALID_NON_CA) or unused.
 .\" .It Dv X509_V_ERR_INVALID_NON_CA : \
 .\"  No invalid non-CA certificate (has CA markings)
 .\" .It Dv X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED : \
author	tb <>	2023-04-21 06:45:56 +0000
committer	tb <>	2023-04-21 06:45:56 +0000
commit	a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac (patch)
tree	cde8e3ea87bfdf758642f5bad2c13152d45a04bb /src/lib
parent	800bdf8c9aa4299de4237c15d63e4a201a02c594 (diff)
download	openbsd-a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac.tar.gz openbsd-a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac.tar.bz2 openbsd-a3400b9c38f0bdafb1f2a52b6823e26bd5fcc0ac.zip