new manual page X509_STORE_get_by_subject(3)

author: schwarze <> 2021-08-02 16:21:11 +0000
committer: schwarze <> 2021-08-02 16:21:11 +0000
commit: 81222eb9d0105d482a5bbb50d4bafd1cf5810f8d (patch)
tree: cc08f0659fd6d8b548a0a0f141250e99adc8e450 /src
parent: b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc (diff)
download: openbsd-81222eb9d0105d482a5bbb50d4bafd1cf5810f8d.tar.gz
openbsd-81222eb9d0105d482a5bbb50d4bafd1cf5810f8d.tar.bz2
openbsd-81222eb9d0105d482a5bbb50d4bafd1cf5810f8d.zip
5 files changed, 212 insertions, 12 deletions
diff --git a/src/lib/libcrypto/man/X509_CRL_new.3 b/src/lib/libcrypto/man/X509_CRL_new.3
index d6a43f1741..4d3f97afdb 100644
--- a/src/lib/libcrypto/man/X509_CRL_new.3
+++ b/src/lib/libcrypto/man/X509_CRL_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CRL_new.3,v 1.11 2021/07/19 13:16:43 schwarze Exp $
+.\" $OpenBSD: X509_CRL_new.3,v 1.12 2021/08/02 16:21:11 schwarze Exp $
 .\"
 .\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 19 2021 $
+.Dd $Mdocdate: August 2 2021 $
 .Dt X509_CRL_NEW 3
 .Os
 .Sh NAME
@@ -120,7 +120,8 @@ returns 1 on success or 0 on error.
 .Xr X509_new 3 ,
 .Xr X509_OBJECT_get0_X509_CRL 3 ,
 .Xr X509_REVOKED_new 3 ,
-.Xr X509_STORE_CTX_set0_crls 3
+.Xr X509_STORE_CTX_set0_crls 3 ,
+.Xr X509_STORE_get1_crls 3
 .Sh STANDARDS
 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
 Certificate Revocation List (CRL) Profile, section 5: CRL and CRL
diff --git a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3
index fc51696ac8..ef3dbd1bba 100644
--- a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3
+++ b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.10 2021/07/31 14:54:34 schwarze Exp $
+.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.11 2021/08/02 16:21:11 schwarze Exp $
 .\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 31 2021 $
+.Dd $Mdocdate: August 2 2021 $
 .Dt X509_OBJECT_GET0_X509 3
 .Os
 .Sh NAME
@@ -228,11 +228,9 @@ or no match is found.
 .Xr X509_LOOKUP_new 3 ,
 .Xr X509_NAME_new 3 ,
 .Xr X509_STORE_get0_objects 3 ,
+.Xr X509_STORE_get_by_subject 3 ,
 .Xr X509_STORE_load_locations 3 ,
 .Xr X509_STORE_new 3
-.\" The type X509_OBJECT is also used
-.\" by the following undocumented public function:
-.\" X509_STORE_get_by_subject
 .Sh HISTORY
 .Fn X509_OBJECT_up_ref_count
 and
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
index 1bc90b5ac4..f285045194 100644
--- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.23 2021/07/22 19:09:26 schwarze Exp $
+.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.24 2021/08/02 16:21:11 schwarze Exp $
 .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 22 2021 $
+.Dd $Mdocdate: August 2 2021 $
 .Dt X509_STORE_CTX_NEW 3
 .Os
 .Sh NAME
@@ -319,6 +319,7 @@ if no set of additional certificates was provided.
 .Xr X509_STORE_CTX_get_error 3 ,
 .Xr X509_STORE_CTX_get_ex_new_index 3 ,
 .Xr X509_STORE_CTX_set_flags 3 ,
+.Xr X509_STORE_get_by_subject 3 ,
 .Xr X509_STORE_new 3 ,
 .Xr X509_STORE_set1_param 3 ,
 .Xr X509_verify_cert 3 ,
diff --git a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
new file mode 100644
index 0000000000..f9da13fba4
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
@@ -0,0 +1,199 @@
+.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.1 2021/08/02 16:21:11 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 2 2021 $
+.Dt X509_STORE_GET_BY_SUBJECT 3
+.Os
+.Sh NAME
+.Nm X509_STORE_get_by_subject ,
+.Nm X509_STORE_get1_certs ,
+.Nm X509_STORE_get1_crls ,
+.Nm X509_STORE_CTX_get1_issuer
+.Nd retrieve objects from a certificate store
+.Sh SYNOPSIS
+.In openssl/x509_vfy.h
+.Ft int
+.Fo X509_STORE_get_by_subject
+.Fa "X509_STORE_CTX *ctx"
+.Fa "int type"
+.Fa "X509_NAME *name"
+.Fa "X509_OBJECT *object"
+.Fc
+.Ft STACK_OF(X509) *
+.Fo X509_STORE_get1_certs
+.Fa "X509_STORE_CTX *ctx"
+.Fa "X509_NAME *name"
+.Fc
+.Ft STACK_OF(X509_CRL) *
+.Fo X509_STORE_get1_crls
+.Fa "X509_STORE_CTX *ctx"
+.Fa "X509_NAME *name"
+.Fc
+.Ft int
+.Fo X509_STORE_CTX_get1_issuer
+.Fa "X509 **issuer"
+.Fa "X509_STORE_CTX *ctx"
+.Fa "X509 *certificate"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_STORE_get_by_subject
+retrieves the first object having a matching
+.Fa type
+and
+.Fa name
+from the
+.Vt X509_STORE
+associated with the
+.Fa ctx .
+The
+.Fa type
+can be
+.Dv X509_LU_X509
+to retrieve a certificate or
+.Dv X509_LU_CRL
+to retrieve a revocation list.
+.Pp
+If the store does not yet contain a matching object or if the type is
+.Dv X509_LU_CRL ,
+.Xr X509_LOOKUP_by_subject 3
+is called on
+.Vt X509_LOOKUP
+objects associated with the store until a match is found,
+which may add zero or more objects to the store.
+.Pp
+In case of success, the content of the
+.Fa object
+provided by the caller is overwritten with a pointer to the first
+match, and the reference count of that certificate or revocation
+list is incremented by 1.
+Avoiding a memory leak by making sure the provided
+.Fa object
+is empty is the responsibility of the caller.
+.Pp
+.Fn X509_STORE_get1_certs
+retrieves all certificates matching the subject
+.Vt name
+from the
+.Vt X509_STORE
+associated with
+.Fa ctx .
+If there are none yet,
+.Fn X509_STORE_get_by_subject
+is called to try and add some.
+In case of success, the reference counts of all certificates
+added to the returned array are incremented by 1.
+.Pp
+.Fn X509_STORE_get1_crls
+is similar except that it operates on certificate revocation lists
+rather than on certificates and that it always calls
+.Fn X509_STORE_get_by_subject ,
+even if the
+.Vt X509_STORE
+already contains a matching revocation list.
+.Pp
+.Fn X509_STORE_CTX_get1_issuer
+retrieves the
+.Fa issuer
+CA certificate for the given
+.Fa certificate
+from the
+.Vt X509_STORE
+associated with
+.Fa ctx .
+Internally, the issuer name is retrieved with
+.Xr X509_get_issuer_name 3
+and the candidate issuer CA certificate with
+.Fn X509_STORE_get_by_subject
+using that issuer name.
+.Xr X509_check_issued 3
+or a user-supplied replacement function is used to check whether the
+.Fa certificate
+was indeed issued using the
+.Fa issuer
+CA certificate before returning it.
+If verification parameters associated with
+.Fa ctx
+encourage checking of validity times, CAs with a valid time are
+preferred, but if no matching CA has a valid time, one with an
+invalid time is accepted anyway.
+.Sh RETURN VALUES
+.Fn X509_STORE_get_by_subject
+returns 1 if a match is found or 0 on failure.
+In addition to simply not finding a match,
+it may also fail due to memory allocation failure in
+.Xr X509_LOOKUP_by_subject 3 .
+If
+.Fa ctx
+contains any
+.Vt X509_LOOKUP
+object using a user-defined
+.Vt X509_LOOKUP_METHOD ,
+it might also return negative values for internal errors.
+.Pp
+.Fn X509_STORE_get1_certs
+returns a newly allocated and populated array of certificates or
+.Dv NULL
+on failure.
+It fails if no match is found, if
+.Fn X509_STORE_get_by_subject
+fails, or if memory allocation fails.
+.Pp
+.Fn X509_STORE_get1_crls
+returns a newly allocated and populated array of CRLs or
+.Dv NULL
+on failure.
+It fails if
+.Fn X509_STORE_get_by_subject
+finds no new match, even if the associated
+.Vt X509_STORE
+already contains matching CRLs, or if memory allocation fails.
+.Pp
+.Fn X509_STORE_CTX_get1_issuer
+returns 1 if a matching
+.Fa issuer
+CA certificate is found or 0 otherwise.
+If
+.Fa ctx
+contains any
+.Vt X509_LOOKUP
+object using a user-defined
+.Vt X509_LOOKUP_METHOD ,
+it might also return negative values for internal errors.
+.Sh SEE ALSO
+.Xr STACK_OF 3 ,
+.Xr X509_check_issued 3 ,
+.Xr X509_CRL_new 3 ,
+.Xr X509_get_issuer_name 3 ,
+.Xr X509_LOOKUP_by_subject 3 ,
+.Xr X509_NAME_new 3 ,
+.Xr X509_new 3 ,
+.Xr X509_OBJECT_retrieve_by_subject 3 ,
+.Xr X509_STORE_CTX_new 3 ,
+.Xr X509_VERIFY_PARAM_set_flags 3
+.Sh HISTORY
+.Fn X509_STORE_get_by_subject
+first appeared in SSLeay 0.8.0 and has been available since
+.Ox 2.4 .
+.Pp
+.Fn X509_STORE_CTX_get1_issuer
+first appeared in OpenSSL 0.9.6 and has been available since
+.Ox 2.9 .
+.Pp
+.Fn X509_STORE_get1_certs
+and
+.Fn X509_STORE_get1_crls
+first appeared in OpenSSL 1.0.0 and have been available since
+.Ox 4.9 .
diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3
index efd4db5359..0afbae374a 100644
--- a/src/lib/libcrypto/man/X509_new.3
+++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_new.3,v 1.29 2021/07/31 14:54:34 schwarze Exp $
+.\" $OpenBSD: X509_new.3,v 1.30 2021/08/02 16:21:11 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 31 2021 $
+.Dd $Mdocdate: August 2 2021 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
@@ -204,6 +204,7 @@ if an error occurs.
 .Xr X509_SIG_new 3 ,
 .Xr X509_sign 3 ,
 .Xr X509_STORE_CTX_new 3 ,
+.Xr X509_STORE_get_by_subject 3 ,
 .Xr X509_STORE_new 3 ,
 .Xr X509_TRUST_set 3
 .Sh STANDARDS
author	schwarze <>	2021-08-02 16:21:11 +0000
committer	schwarze <>	2021-08-02 16:21:11 +0000
commit	81222eb9d0105d482a5bbb50d4bafd1cf5810f8d (patch)
tree	cc08f0659fd6d8b548a0a0f141250e99adc8e450 /src
parent	b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc (diff)
download	openbsd-81222eb9d0105d482a5bbb50d4bafd1cf5810f8d.tar.gz openbsd-81222eb9d0105d482a5bbb50d4bafd1cf5810f8d.tar.bz2 openbsd-81222eb9d0105d482a5bbb50d4bafd1cf5810f8d.zip

diff --git a/src/lib/libcrypto/man/X509_CRL_new.3 b/src/lib/libcrypto/man/X509_CRL_new.3 index d6a43f1741..4d3f97afdb 100644 --- a/src/lib/libcrypto/man/X509_CRL_new.3 +++ b/src/lib/libcrypto/man/X509_CRL_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_CRL_new.3,v 1.11 2021/07/19 13:16:43 schwarze Exp $	1	.\" $OpenBSD: X509_CRL_new.3,v 1.12 2021/08/02 16:21:11 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016, 2018 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 19 2021 $	17	.Dd $Mdocdate: August 2 2021 $
18	.Dt X509_CRL_NEW 3	18	.Dt X509_CRL_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -120,7 +120,8 @@ returns 1 on success or 0 on error.
120	.Xr X509_new 3 ,	120	.Xr X509_new 3 ,
121	.Xr X509_OBJECT_get0_X509_CRL 3 ,	121	.Xr X509_OBJECT_get0_X509_CRL 3 ,
122	.Xr X509_REVOKED_new 3 ,	122	.Xr X509_REVOKED_new 3 ,
123	.Xr X509_STORE_CTX_set0_crls 3	123	.Xr X509_STORE_CTX_set0_crls 3 ,
		124	.Xr X509_STORE_get1_crls 3
124	.Sh STANDARDS	125	.Sh STANDARDS
125	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and	126	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
126	Certificate Revocation List (CRL) Profile, section 5: CRL and CRL	127	Certificate Revocation List (CRL) Profile, section 5: CRL and CRL


diff --git a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 index fc51696ac8..ef3dbd1bba 100644 --- a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 +++ b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.10 2021/07/31 14:54:34 schwarze Exp $	1	.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.11 2021/08/02 16:21:11 schwarze Exp $
2	.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>	2	.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
3	.\"	3	.\"
4	.\" Permission to use, copy, modify, and distribute this software for any	4	.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
13	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	13	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	14	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15	.\"	15	.\"
16	.Dd $Mdocdate: July 31 2021 $	16	.Dd $Mdocdate: August 2 2021 $
17	.Dt X509_OBJECT_GET0_X509 3	17	.Dt X509_OBJECT_GET0_X509 3
18	.Os	18	.Os
19	.Sh NAME	19	.Sh NAME
@@ -228,11 +228,9 @@ or no match is found.
228	.Xr X509_LOOKUP_new 3 ,	228	.Xr X509_LOOKUP_new 3 ,
229	.Xr X509_NAME_new 3 ,	229	.Xr X509_NAME_new 3 ,
230	.Xr X509_STORE_get0_objects 3 ,	230	.Xr X509_STORE_get0_objects 3 ,
		231	.Xr X509_STORE_get_by_subject 3 ,
231	.Xr X509_STORE_load_locations 3 ,	232	.Xr X509_STORE_load_locations 3 ,
232	.Xr X509_STORE_new 3	233	.Xr X509_STORE_new 3
233	.\" The type X509_OBJECT is also used
234	.\" by the following undocumented public function:
235	.\" X509_STORE_get_by_subject
236	.Sh HISTORY	234	.Sh HISTORY
237	.Fn X509_OBJECT_up_ref_count	235	.Fn X509_OBJECT_up_ref_count
238	and	236	and


diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 index 1bc90b5ac4..f285045194 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.23 2021/07/22 19:09:26 schwarze Exp $	1	.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.24 2021/08/02 16:21:11 schwarze Exp $
2	.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100	2	.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100	3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\"	4	.\"
@@ -67,7 +67,7 @@
67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
69	.\"	69	.\"
70	.Dd $Mdocdate: July 22 2021 $	70	.Dd $Mdocdate: August 2 2021 $
71	.Dt X509_STORE_CTX_NEW 3	71	.Dt X509_STORE_CTX_NEW 3
72	.Os	72	.Os
73	.Sh NAME	73	.Sh NAME
@@ -319,6 +319,7 @@ if no set of additional certificates was provided.
319	.Xr X509_STORE_CTX_get_error 3 ,	319	.Xr X509_STORE_CTX_get_error 3 ,
320	.Xr X509_STORE_CTX_get_ex_new_index 3 ,	320	.Xr X509_STORE_CTX_get_ex_new_index 3 ,
321	.Xr X509_STORE_CTX_set_flags 3 ,	321	.Xr X509_STORE_CTX_set_flags 3 ,
		322	.Xr X509_STORE_get_by_subject 3 ,
322	.Xr X509_STORE_new 3 ,	323	.Xr X509_STORE_new 3 ,
323	.Xr X509_STORE_set1_param 3 ,	324	.Xr X509_STORE_set1_param 3 ,
324	.Xr X509_verify_cert 3 ,	325	.Xr X509_verify_cert 3 ,


diff --git a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 new file mode 100644 index 0000000000..f9da13fba4 --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
@@ -0,0 +1,199 @@
		1	.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.1 2021/08/02 16:21:11 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: August 2 2021 $
		18	.Dt X509_STORE_GET_BY_SUBJECT 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509_STORE_get_by_subject ,
		22	.Nm X509_STORE_get1_certs ,
		23	.Nm X509_STORE_get1_crls ,
		24	.Nm X509_STORE_CTX_get1_issuer
		25	.Nd retrieve objects from a certificate store
		26	.Sh SYNOPSIS
		27	.In openssl/x509_vfy.h
		28	.Ft int
		29	.Fo X509_STORE_get_by_subject
		30	.Fa "X509_STORE_CTX *ctx"
		31	.Fa "int type"
		32	.Fa "X509_NAME *name"
		33	.Fa "X509_OBJECT *object"
		34	.Fc
		35	.Ft STACK_OF(X509) *
		36	.Fo X509_STORE_get1_certs
		37	.Fa "X509_STORE_CTX *ctx"
		38	.Fa "X509_NAME *name"
		39	.Fc
		40	.Ft STACK_OF(X509_CRL) *
		41	.Fo X509_STORE_get1_crls
		42	.Fa "X509_STORE_CTX *ctx"
		43	.Fa "X509_NAME *name"
		44	.Fc
		45	.Ft int
		46	.Fo X509_STORE_CTX_get1_issuer
		47	.Fa "X509 **issuer"
		48	.Fa "X509_STORE_CTX *ctx"
		49	.Fa "X509 *certificate"
		50	.Fc
		51	.Sh DESCRIPTION
		52	.Fn X509_STORE_get_by_subject
		53	retrieves the first object having a matching
		54	.Fa type
		55	and
		56	.Fa name
		57	from the
		58	.Vt X509_STORE
		59	associated with the
		60	.Fa ctx .
		61	The
		62	.Fa type
		63	can be
		64	.Dv X509_LU_X509
		65	to retrieve a certificate or
		66	.Dv X509_LU_CRL
		67	to retrieve a revocation list.
		68	.Pp
		69	If the store does not yet contain a matching object or if the type is
		70	.Dv X509_LU_CRL ,
		71	.Xr X509_LOOKUP_by_subject 3
		72	is called on
		73	.Vt X509_LOOKUP
		74	objects associated with the store until a match is found,
		75	which may add zero or more objects to the store.
		76	.Pp
		77	In case of success, the content of the
		78	.Fa object
		79	provided by the caller is overwritten with a pointer to the first
		80	match, and the reference count of that certificate or revocation
		81	list is incremented by 1.
		82	Avoiding a memory leak by making sure the provided
		83	.Fa object
		84	is empty is the responsibility of the caller.
		85	.Pp
		86	.Fn X509_STORE_get1_certs
		87	retrieves all certificates matching the subject
		88	.Vt name
		89	from the
		90	.Vt X509_STORE
		91	associated with
		92	.Fa ctx .
		93	If there are none yet,
		94	.Fn X509_STORE_get_by_subject
		95	is called to try and add some.
		96	In case of success, the reference counts of all certificates
		97	added to the returned array are incremented by 1.
		98	.Pp
		99	.Fn X509_STORE_get1_crls
		100	is similar except that it operates on certificate revocation lists
		101	rather than on certificates and that it always calls
		102	.Fn X509_STORE_get_by_subject ,
		103	even if the
		104	.Vt X509_STORE
		105	already contains a matching revocation list.
		106	.Pp
		107	.Fn X509_STORE_CTX_get1_issuer
		108	retrieves the
		109	.Fa issuer
		110	CA certificate for the given
		111	.Fa certificate
		112	from the
		113	.Vt X509_STORE
		114	associated with
		115	.Fa ctx .
		116	Internally, the issuer name is retrieved with
		117	.Xr X509_get_issuer_name 3
		118	and the candidate issuer CA certificate with
		119	.Fn X509_STORE_get_by_subject
		120	using that issuer name.
		121	.Xr X509_check_issued 3
		122	or a user-supplied replacement function is used to check whether the
		123	.Fa certificate
		124	was indeed issued using the
		125	.Fa issuer
		126	CA certificate before returning it.
		127	If verification parameters associated with
		128	.Fa ctx
		129	encourage checking of validity times, CAs with a valid time are
		130	preferred, but if no matching CA has a valid time, one with an
		131	invalid time is accepted anyway.
		132	.Sh RETURN VALUES
		133	.Fn X509_STORE_get_by_subject
		134	returns 1 if a match is found or 0 on failure.
		135	In addition to simply not finding a match,
		136	it may also fail due to memory allocation failure in
		137	.Xr X509_LOOKUP_by_subject 3 .
		138	If
		139	.Fa ctx
		140	contains any
		141	.Vt X509_LOOKUP
		142	object using a user-defined
		143	.Vt X509_LOOKUP_METHOD ,
		144	it might also return negative values for internal errors.
		145	.Pp
		146	.Fn X509_STORE_get1_certs
		147	returns a newly allocated and populated array of certificates or
		148	.Dv NULL
		149	on failure.
		150	It fails if no match is found, if
		151	.Fn X509_STORE_get_by_subject
		152	fails, or if memory allocation fails.
		153	.Pp
		154	.Fn X509_STORE_get1_crls
		155	returns a newly allocated and populated array of CRLs or
		156	.Dv NULL
		157	on failure.
		158	It fails if
		159	.Fn X509_STORE_get_by_subject
		160	finds no new match, even if the associated
		161	.Vt X509_STORE
		162	already contains matching CRLs, or if memory allocation fails.
		163	.Pp
		164	.Fn X509_STORE_CTX_get1_issuer
		165	returns 1 if a matching
		166	.Fa issuer
		167	CA certificate is found or 0 otherwise.
		168	If
		169	.Fa ctx
		170	contains any
		171	.Vt X509_LOOKUP
		172	object using a user-defined
		173	.Vt X509_LOOKUP_METHOD ,
		174	it might also return negative values for internal errors.
		175	.Sh SEE ALSO
		176	.Xr STACK_OF 3 ,
		177	.Xr X509_check_issued 3 ,
		178	.Xr X509_CRL_new 3 ,
		179	.Xr X509_get_issuer_name 3 ,
		180	.Xr X509_LOOKUP_by_subject 3 ,
		181	.Xr X509_NAME_new 3 ,
		182	.Xr X509_new 3 ,
		183	.Xr X509_OBJECT_retrieve_by_subject 3 ,
		184	.Xr X509_STORE_CTX_new 3 ,
		185	.Xr X509_VERIFY_PARAM_set_flags 3
		186	.Sh HISTORY
		187	.Fn X509_STORE_get_by_subject
		188	first appeared in SSLeay 0.8.0 and has been available since
		189	.Ox 2.4 .
		190	.Pp
		191	.Fn X509_STORE_CTX_get1_issuer
		192	first appeared in OpenSSL 0.9.6 and has been available since
		193	.Ox 2.9 .
		194	.Pp
		195	.Fn X509_STORE_get1_certs
		196	and
		197	.Fn X509_STORE_get1_crls
		198	first appeared in OpenSSL 1.0.0 and have been available since
		199	.Ox 4.9 .


diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 index efd4db5359..0afbae374a 100644 --- a/src/lib/libcrypto/man/X509_new.3 +++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_new.3,v 1.29 2021/07/31 14:54:34 schwarze Exp $	1	.\" $OpenBSD: X509_new.3,v 1.30 2021/08/02 16:21:11 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -66,7 +66,7 @@
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"	68	.\"
69	.Dd $Mdocdate: July 31 2021 $	69	.Dd $Mdocdate: August 2 2021 $
70	.Dt X509_NEW 3	70	.Dt X509_NEW 3
71	.Os	71	.Os
72	.Sh NAME	72	.Sh NAME
@@ -204,6 +204,7 @@ if an error occurs.
204	.Xr X509_SIG_new 3 ,	204	.Xr X509_SIG_new 3 ,
205	.Xr X509_sign 3 ,	205	.Xr X509_sign 3 ,
206	.Xr X509_STORE_CTX_new 3 ,	206	.Xr X509_STORE_CTX_new 3 ,
		207	.Xr X509_STORE_get_by_subject 3 ,
207	.Xr X509_STORE_new 3 ,	208	.Xr X509_STORE_new 3 ,
208	.Xr X509_TRUST_set 3	209	.Xr X509_TRUST_set 3
209	.Sh STANDARDS	210	.Sh STANDARDS