add new manual page for X509_add1_trust_object(3) and X509_trust_clear(3)

author: schwarze <> 2021-07-08 12:30:27 +0000
committer: schwarze <> 2021-07-08 12:30:27 +0000
commit: 92ac5edde916fb03f49c27b01108f6c56a86c0bd (patch)
tree: 4c181e6a027b17ae8709ce12c9bfeb324915c7b1 /src
parent: 694df1a1691fda26bc57224b71881c2dc0ba7bc2 (diff)
download: openbsd-92ac5edde916fb03f49c27b01108f6c56a86c0bd.tar.gz
openbsd-92ac5edde916fb03f49c27b01108f6c56a86c0bd.tar.bz2
openbsd-92ac5edde916fb03f49c27b01108f6c56a86c0bd.zip
3 files changed, 87 insertions, 3 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 974fd918f3..ff7fc4fd95 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.173 2021/07/06 16:05:44 schwarze Exp $
+# $OpenBSD: Makefile,v 1.174 2021/07/08 12:30:27 schwarze Exp $
 .include <bsd.own.mk>
@@ -299,6 +299,7 @@ MAN=	\
        X509_STORE_set_verify_cb_func.3 \
        X509_STORE_set1_param.3 \
        X509_VERIFY_PARAM_set_flags.3 \
+        X509_add1_trust_object.3 \
        X509_check_ca.3 \
        X509_check_host.3 \
        X509_check_issued.3 \
diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3
index 4a0e24dfa2..52d5acef6e 100644
--- a/src/lib/libcrypto/man/X509_CINF_new.3
+++ b/src/lib/libcrypto/man/X509_CINF_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_CINF_new.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $
+.\"     $OpenBSD: X509_CINF_new.3,v 1.7 2021/07/08 12:30:27 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: July 8 2021 $
 .Dt X509_CINF_NEW 3
 .Os
 .Sh NAME
@@ -94,6 +94,7 @@ object, respectively, or
 if an error occurs.
 .Sh SEE ALSO
 .Xr d2i_X509_CINF 3 ,
+.Xr X509_add1_trust_object 3 ,
 .Xr X509_new 3
 .Sh STANDARDS
 RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
diff --git a/src/lib/libcrypto/man/X509_add1_trust_object.3 b/src/lib/libcrypto/man/X509_add1_trust_object.3
new file mode 100644
index 0000000000..ed21a6da37
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_add1_trust_object.3
@@ -0,0 +1,82 @@
+.\" $OpenBSD: X509_add1_trust_object.3,v 1.1 2021/07/08 12:30:27 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 8 2021 $
+.Dt X509_ADD1_TRUST_OBJECT 3
+.Os
+.Sh NAME
+.Nm X509_add1_trust_object ,
+.Nm X509_trust_clear
+.Nd mark an X.509 certificate as intended for a specific purpose
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo X509_add1_trust_object
+.Fa "X509 *x"
+.Fa "const ASN1_OBJECT *purpose"
+.Fc
+.Ft void
+.Fo X509_trust_clear
+.Fa "X509 *x"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_add1_trust_object
+appends a deep copy of the
+.Fa purpose
+object to the set of intended purposes that
+.Fa x
+contains as non-standard auxiliary data.
+The function
+.Xr OBJ_nid2obj 3
+can be used to create appropriate purpose objects from the
+.Dv NID_*
+constants mentioned in
+.Xr X509_check_purpose 3 ,
+even though the
+.Dv X509_PURPOSE_*
+constants listed in that manual page are not intended for use with
+.Fn X509_add1_trust_object .
+.Pp
+.Fn X509_trust_clear
+frees and removes all purpose objects
+contained in the non-standard auxiliary data of
+.Fa x .
+.Pp
+As an alternative to using the functions documented in the present
+manual page, X.509 certificate extensions can be used.
+At the price of higher complexity, those allow storing the purpose
+inside the certificate itself in a standard-conforming way rather than
+merely in non-standard auxiliary data associated with the certificate.
+See
+.Xr EXTENDED_KEY_USAGE_new 3
+for details.
+.Sh RETURN VALUES
+.Fn X509_add1_trust_object
+returns the new number of purposes that
+.Fa x
+is intended for, or 0 if an error occurs, in particular if memory
+allocation fails or if
+.Fa x
+does not contain a sub-object that can hold non-standard auxiliary data.
+.Sh SEE ALSO
+.Xr ASN1_OBJECT_new 3 ,
+.Xr EXTENDED_KEY_USAGE_new 3 ,
+.Xr OBJ_nid2obj 3 ,
+.Xr X509_CERT_AUX_new 3 ,
+.Xr X509_new 3
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.4 and have been available since
+.Ox 2.7 .
author	schwarze <>	2021-07-08 12:30:27 +0000
committer	schwarze <>	2021-07-08 12:30:27 +0000
commit	92ac5edde916fb03f49c27b01108f6c56a86c0bd (patch)
tree	4c181e6a027b17ae8709ce12c9bfeb324915c7b1 /src
parent	694df1a1691fda26bc57224b71881c2dc0ba7bc2 (diff)
download	openbsd-92ac5edde916fb03f49c27b01108f6c56a86c0bd.tar.gz openbsd-92ac5edde916fb03f49c27b01108f6c56a86c0bd.tar.bz2 openbsd-92ac5edde916fb03f49c27b01108f6c56a86c0bd.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 974fd918f3..ff7fc4fd95 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.173 2021/07/06 16:05:44 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.174 2021/07/08 12:30:27 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -299,6 +299,7 @@ MAN= \
299	X509_STORE_set_verify_cb_func.3 \	299	X509_STORE_set_verify_cb_func.3 \
300	X509_STORE_set1_param.3 \	300	X509_STORE_set1_param.3 \
301	X509_VERIFY_PARAM_set_flags.3 \	301	X509_VERIFY_PARAM_set_flags.3 \
		302	X509_add1_trust_object.3 \
302	X509_check_ca.3 \	303	X509_check_ca.3 \
303	X509_check_host.3 \	304	X509_check_host.3 \
304	X509_check_issued.3 \	305	X509_check_issued.3 \


diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3 index 4a0e24dfa2..52d5acef6e 100644 --- a/src/lib/libcrypto/man/X509_CINF_new.3 +++ b/src/lib/libcrypto/man/X509_CINF_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_CINF_new.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $	1	.\" $OpenBSD: X509_CINF_new.3,v 1.7 2021/07/08 12:30:27 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: June 6 2019 $	17	.Dd $Mdocdate: July 8 2021 $
18	.Dt X509_CINF_NEW 3	18	.Dt X509_CINF_NEW 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -94,6 +94,7 @@ object, respectively, or
94	if an error occurs.	94	if an error occurs.
95	.Sh SEE ALSO	95	.Sh SEE ALSO
96	.Xr d2i_X509_CINF 3 ,	96	.Xr d2i_X509_CINF 3 ,
		97	.Xr X509_add1_trust_object 3 ,
97	.Xr X509_new 3	98	.Xr X509_new 3
98	.Sh STANDARDS	99	.Sh STANDARDS
99	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and	100	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and


diff --git a/src/lib/libcrypto/man/X509_add1_trust_object.3 b/src/lib/libcrypto/man/X509_add1_trust_object.3 new file mode 100644 index 0000000000..ed21a6da37 --- /dev/null +++ b/src/lib/libcrypto/man/X509_add1_trust_object.3
@@ -0,0 +1,82 @@
		1	.\" $OpenBSD: X509_add1_trust_object.3,v 1.1 2021/07/08 12:30:27 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: July 8 2021 $
		18	.Dt X509_ADD1_TRUST_OBJECT 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509_add1_trust_object ,
		22	.Nm X509_trust_clear
		23	.Nd mark an X.509 certificate as intended for a specific purpose
		24	.Sh SYNOPSIS
		25	.In openssl/x509.h
		26	.Ft int
		27	.Fo X509_add1_trust_object
		28	.Fa "X509 *x"
		29	.Fa "const ASN1_OBJECT *purpose"
		30	.Fc
		31	.Ft void
		32	.Fo X509_trust_clear
		33	.Fa "X509 *x"
		34	.Fc
		35	.Sh DESCRIPTION
		36	.Fn X509_add1_trust_object
		37	appends a deep copy of the
		38	.Fa purpose
		39	object to the set of intended purposes that
		40	.Fa x
		41	contains as non-standard auxiliary data.
		42	The function
		43	.Xr OBJ_nid2obj 3
		44	can be used to create appropriate purpose objects from the
		45	.Dv NID_*
		46	constants mentioned in
		47	.Xr X509_check_purpose 3 ,
		48	even though the
		49	.Dv X509_PURPOSE_*
		50	constants listed in that manual page are not intended for use with
		51	.Fn X509_add1_trust_object .
		52	.Pp
		53	.Fn X509_trust_clear
		54	frees and removes all purpose objects
		55	contained in the non-standard auxiliary data of
		56	.Fa x .
		57	.Pp
		58	As an alternative to using the functions documented in the present
		59	manual page, X.509 certificate extensions can be used.
		60	At the price of higher complexity, those allow storing the purpose
		61	inside the certificate itself in a standard-conforming way rather than
		62	merely in non-standard auxiliary data associated with the certificate.
		63	See
		64	.Xr EXTENDED_KEY_USAGE_new 3
		65	for details.
		66	.Sh RETURN VALUES
		67	.Fn X509_add1_trust_object
		68	returns the new number of purposes that
		69	.Fa x
		70	is intended for, or 0 if an error occurs, in particular if memory
		71	allocation fails or if
		72	.Fa x
		73	does not contain a sub-object that can hold non-standard auxiliary data.
		74	.Sh SEE ALSO
		75	.Xr ASN1_OBJECT_new 3 ,
		76	.Xr EXTENDED_KEY_USAGE_new 3 ,
		77	.Xr OBJ_nid2obj 3 ,
		78	.Xr X509_CERT_AUX_new 3 ,
		79	.Xr X509_new 3
		80	.Sh HISTORY
		81	These functions first appeared in OpenSSL 0.9.4 and have been available since
		82	.Ox 2.7 .