Document three more functions recently made public by jsing@

as requested by jsing@, and also document six more related functions that have already been public before that. OpenSSL fails to document any of these.
author: schwarze <> 2018-02-11 20:59:30 +0000
committer: schwarze <> 2018-02-11 20:59:30 +0000
commit: 95150ccab60dc90f32fc3d09c09ba1af1ad6a112 (patch)
tree: 0fb8f0328fbb404349fbe10f7e03496eb5a15b26 /src
parent: b79e04fbebdea85b138b8a70588f181bd8c37110 (diff)
download: openbsd-95150ccab60dc90f32fc3d09c09ba1af1ad6a112.tar.gz
openbsd-95150ccab60dc90f32fc3d09c09ba1af1ad6a112.tar.bz2
openbsd-95150ccab60dc90f32fc3d09c09ba1af1ad6a112.zip
1 files changed, 185 insertions, 18 deletions
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index b459e75863..04f38c8ec5 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,8 +1,25 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.6 2018/02/11 03:33:21 schwarze Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.7 2018/02/11 20:59:30 schwarze Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
 .\" and Viktor Dukhovni <viktor@dukhovni.org>.
 .\" Copyright (c) 2009, 2013, 2014, 2015, 2016, 2017 The OpenSSL Project.
 .\" All rights reserved.
@@ -55,6 +72,10 @@
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
+.Nm X509_VERIFY_PARAM_new ,
+.Nm X509_VERIFY_PARAM_free ,
+.Nm X509_VERIFY_PARAM_get0_name ,
+.Nm X509_VERIFY_PARAM_set1_name ,
 .Nm X509_VERIFY_PARAM_set_flags ,
 .Nm X509_VERIFY_PARAM_clear_flags ,
 .Nm X509_VERIFY_PARAM_get_flags ,
@@ -71,10 +92,32 @@
 .Nm X509_VERIFY_PARAM_get0_peername ,
 .Nm X509_VERIFY_PARAM_set1_email ,
 .Nm X509_VERIFY_PARAM_set1_ip ,
-.Nm X509_VERIFY_PARAM_set1_ip_asc
+.Nm X509_VERIFY_PARAM_set1_ip_asc ,
+.Nm X509_VERIFY_PARAM_add0_table ,
+.Nm X509_VERIFY_PARAM_lookup ,
+.Nm X509_VERIFY_PARAM_get_count ,
+.Nm X509_VERIFY_PARAM_get0 ,
+.Nm X509_VERIFY_PARAM_table_cleanup
 .Nd X509 verification parameters
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
+.Ft X509_VERIFY_PARAM *
+.Fo X509_VERIFY_PARAM_new
+.Fa void
+.Fc
+.Ft void
+.Fo X509_VERIFY_PARAM_free
+.Fa "X509_VERIFY_PARAM *param"
+.Fc
+.Ft const char *
+.Fo X509_VERIFY_PARAM_get0_name
+.Fa "const X509_VERIFY_PARAM *param"
+.Fc
+.Ft int
+.Fo X509_VERIFY_PARAM_set1_name
+.Fa "X509_VERIFY_PARAM *param"
+.Fa "const char *name"
+.Fc
 .Ft int
 .Fo X509_VERIFY_PARAM_set_flags
 .Fa "X509_VERIFY_PARAM *param"
@@ -161,14 +204,77 @@
 .Fa "X509_VERIFY_PARAM *param"
 .Fa "const char *ipasc"
 .Fc
+.Ft int
+.Fo X509_VERIFY_PARAM_add0_table
+.Fa "X509_VERIFY_PARAM *param"
+.Fc
+.Ft const X509_VERIFY_PARAM *
+.Fo X509_VERIFY_PARAM_lookup
+.Fa "const char *name"
+.Fc
+.Ft int
+.Fo X509_VERIFY_PARAM_get_count
+.Fa void
+.Fc
+.Ft const X509_VERIFY_PARAM *
+.Fo X509_VERIFY_PARAM_get0
+.Fa "int id"
+.Fc
+.Ft void
+.Fo X509_VERIFY_PARAM_table_cleanup
+.Fa void
+.Fc
 .Sh DESCRIPTION
-These functions manipulate the
+These functions manipulate an
 .Vt X509_VERIFY_PARAM
-structure associated with a certificate verification operation.
+object associated with a certificate verification operation.
+.Pp
+.Fn X509_VERIFY_PARAM_new
+allocates and initializes an empty
+.Vt X509_VERIFY_PARAM
+object.
+.Pp
+.Fn X509_VERIFY_PARAM_free
+clears all data contained in
+.Fa param
+and releases all memory used by it.
+If
+.Fa param
+is a
+.Dv NULL
+pointer, no action occurs.
+.Pp
+.Fn X509_VERIFY_PARAM_get0_name
+returns the name of the given
+.Fa param
+object, usually describing its purpose, for example
+.Qq default ,
+.Qq pkcs7 ,
+.Qq smime_sign ,
+.Qq ssl_client ,
+or
+.Qq ssl_server .
+For user-defined objects, the returned pointer may be
+.Dv NULL
+even if the object is otherwise valid.
+.Pp
+.Fn X509_VERIFY_PARAM_set1_name
+sets the name of
+.Fa param
+to a copy of
+.Fa name ,
+or to
+.Dv NULL
+if
+.Fa name
+is
+.Dv NULL .
+This function is quite dangerous because it invalidates pointers
+previously returned from
+.Fn X509_VERIFY_PARAM_get0_name .
 .Pp
-The
 .Fn X509_VERIFY_PARAM_set_flags
-function sets the flags in
+sets the flags in
 .Fa param
 by OR'ing it with
 .Fa flags .
@@ -283,11 +389,6 @@ When wildcard matching is not disabled, or when a reference identifier
 specifies a parent domain (starts with ".") rather than a hostname, the
 peer name may be a wildcard name or a sub-domain of the reference
 identifier respectively.
-The return string is allocated by the library and is no longer valid
-once the associated
-.Fa param
-argument is freed.
-Applications must not free the return value.
 .Pp
 .Fn X509_VERIFY_PARAM_set1_email
 sets the expected RFC822 email address to
@@ -324,7 +425,54 @@ The
 argument is a NUL-terminal ASCII string:
 dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6.
 The condensed "::" notation is supported for IPv6 addresses.
+.Pp
+.Fn X509_VERIFY_PARAM_add0_table
+adds
+.Fa param
+to a static list of
+.Vt X509_VERIFY_PARAM
+objects maintained by the library.
+This function is extremely dangerous because contrary to the name
+of the function, if the list already contains an object that happens
+to have the same name, that old object is not only silently removed
+from the list, but also silently freed, which may silently invalidate
+various pointers existing elsewhere in the program.
+.Pp
+.Fn X509_VERIFY_PARAM_lookup
+searches this list for an object of the given
+.Fa name .
+If no match is found, the predefined objects built-in to the library
+are also inspected.
+.Pp
+.Fn X509_VERIFY_PARAM_get_count
+returns the sum of the number of objects on this list and the number
+of predefined objects built-in to the library.
+Note that this is not necessarily the total number of
+.Vt X509_VERIFY_PARAM
+objects existing in the program because there may be additional such
+objects that were never added to the list.
+.Pp
+.Fn X509_VERIFY_PARAM_get0
+accesses predefined and user-defined objects using
+.Fa id
+as an index, useful for looping over objects without knowing their names.
+An argument less than the number of predefined objects selects
+one of the predefined objects; a higher argument selects an object
+from the list.
+.Pp
+.Fn X509_VERIFY_PARAM_table_cleanup
+deletes all objects from this list.
+It is extremely dangerous because it also invalidates all data that
+was contained in all objects that were on the list and because it
+frees all these objects, which may invalidate various pointers
+existing elsewhere in the program.
 .Sh RETURN VALUES
+.Fn X509_VERIFY_PARAM_new
+returns a pointer to the new object, or
+.Dv NULL
+on allocation failure.
+.Pp
+.Fn X509_VERIFY_PARAM_set1_name ,
 .Fn X509_VERIFY_PARAM_set_flags ,
 .Fn X509_VERIFY_PARAM_clear_flags ,
 .Fn X509_VERIFY_PARAM_set_purpose ,
@@ -335,20 +483,39 @@ The condensed "::" notation is supported for IPv6 addresses.
 .Fn X509_VERIFY_PARAM_add1_host ,
 .Fn X509_VERIFY_PARAM_set1_email ,
 .Fn X509_VERIFY_PARAM_set1_ip ,
+.Fn X509_VERIFY_PARAM_set1_ip_asc ,
 and
-.Fn X509_VERIFY_PARAM_set1_ip_asc
+.Fn X509_VERIFY_PARAM_add0_table
 return 1 for success or 0 for failure.
 .Pp
 .Fn X509_VERIFY_PARAM_get_flags
 returns the current verification flags.
 .Pp
-.Fn X509_VERIFY_PARAM_set_time
-and
-.Fn X509_VERIFY_PARAM_set_depth
-do not return values.
-.Pp
 .Fn X509_VERIFY_PARAM_get_depth
 returns the current verification depth.
+.Pp
+.Fn X509_VERIFY_PARAM_get0_name
+and
+.Fn X509_VERIFY_PARAM_get0_peername
+return pointers to strings that are only valid
+during the lifetime of the given
+.Fa param
+object and that must not be freed by the application program.
+.Pp
+.Fn X509_VERIFY_PARAM_lookup
+and
+.Fn X509_VERIFY_PARAM_get0
+return a pointer to an existing built-in or user-defined object, or
+.Dv NULL
+if no object with the given
+.Fa name
+is found, or if
+.Fa id
+is at least
+.Fn X509_VERIFY_PARAM_get_count .
+.Pp
+.Fn X509_VERIFY_PARAM_get_count
+returns a number of objects.
 .Sh VERIFICATION FLAGS
 The verification flags consists of zero or more of the following
 flags OR'ed together.
author	schwarze <>	2018-02-11 20:59:30 +0000
committer	schwarze <>	2018-02-11 20:59:30 +0000
commit	95150ccab60dc90f32fc3d09c09ba1af1ad6a112 (patch)
tree	0fb8f0328fbb404349fbe10f7e03496eb5a15b26 /src
parent	b79e04fbebdea85b138b8a70588f181bd8c37110 (diff)
download	openbsd-95150ccab60dc90f32fc3d09c09ba1af1ad6a112.tar.gz openbsd-95150ccab60dc90f32fc3d09c09ba1af1ad6a112.tar.bz2 openbsd-95150ccab60dc90f32fc3d09c09ba1af1ad6a112.zip

diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index b459e75863..04f38c8ec5 100644 --- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,8 +1,25 @@
1	.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.6 2018/02/11 03:33:21 schwarze Exp $	1	.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.7 2018/02/11 20:59:30 schwarze Exp $
2	.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500	2	.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
3	.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100	3	.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
4	.\"	4	.\"
5	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>	5	.\" This file is a derived work.
		6	.\" The changes are covered by the following Copyright and license:
		7	.\"
		8	.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
		9	.\"
		10	.\" Permission to use, copy, modify, and distribute this software for any
		11	.\" purpose with or without fee is hereby granted, provided that the above
		12	.\" copyright notice and this permission notice appear in all copies.
		13	.\"
		14	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		15	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		16	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		17	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		18	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		19	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		20	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		21	.\"
		22	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
6	.\" and Viktor Dukhovni <viktor@dukhovni.org>.	23	.\" and Viktor Dukhovni <viktor@dukhovni.org>.
7	.\" Copyright (c) 2009, 2013, 2014, 2015, 2016, 2017 The OpenSSL Project.	24	.\" Copyright (c) 2009, 2013, 2014, 2015, 2016, 2017 The OpenSSL Project.
8	.\" All rights reserved.	25	.\" All rights reserved.
@@ -55,6 +72,10 @@
55	.Dt X509_VERIFY_PARAM_SET_FLAGS 3	72	.Dt X509_VERIFY_PARAM_SET_FLAGS 3
56	.Os	73	.Os
57	.Sh NAME	74	.Sh NAME
		75	.Nm X509_VERIFY_PARAM_new ,
		76	.Nm X509_VERIFY_PARAM_free ,
		77	.Nm X509_VERIFY_PARAM_get0_name ,
		78	.Nm X509_VERIFY_PARAM_set1_name ,
58	.Nm X509_VERIFY_PARAM_set_flags ,	79	.Nm X509_VERIFY_PARAM_set_flags ,
59	.Nm X509_VERIFY_PARAM_clear_flags ,	80	.Nm X509_VERIFY_PARAM_clear_flags ,
60	.Nm X509_VERIFY_PARAM_get_flags ,	81	.Nm X509_VERIFY_PARAM_get_flags ,
@@ -71,10 +92,32 @@
71	.Nm X509_VERIFY_PARAM_get0_peername ,	92	.Nm X509_VERIFY_PARAM_get0_peername ,
72	.Nm X509_VERIFY_PARAM_set1_email ,	93	.Nm X509_VERIFY_PARAM_set1_email ,
73	.Nm X509_VERIFY_PARAM_set1_ip ,	94	.Nm X509_VERIFY_PARAM_set1_ip ,
74	.Nm X509_VERIFY_PARAM_set1_ip_asc	95	.Nm X509_VERIFY_PARAM_set1_ip_asc ,
		96	.Nm X509_VERIFY_PARAM_add0_table ,
		97	.Nm X509_VERIFY_PARAM_lookup ,
		98	.Nm X509_VERIFY_PARAM_get_count ,
		99	.Nm X509_VERIFY_PARAM_get0 ,
		100	.Nm X509_VERIFY_PARAM_table_cleanup
75	.Nd X509 verification parameters	101	.Nd X509 verification parameters
76	.Sh SYNOPSIS	102	.Sh SYNOPSIS
77	.In openssl/x509_vfy.h	103	.In openssl/x509_vfy.h
		104	.Ft X509_VERIFY_PARAM *
		105	.Fo X509_VERIFY_PARAM_new
		106	.Fa void
		107	.Fc
		108	.Ft void
		109	.Fo X509_VERIFY_PARAM_free
		110	.Fa "X509_VERIFY_PARAM *param"
		111	.Fc
		112	.Ft const char *
		113	.Fo X509_VERIFY_PARAM_get0_name
		114	.Fa "const X509_VERIFY_PARAM *param"
		115	.Fc
		116	.Ft int
		117	.Fo X509_VERIFY_PARAM_set1_name
		118	.Fa "X509_VERIFY_PARAM *param"
		119	.Fa "const char *name"
		120	.Fc
78	.Ft int	121	.Ft int
79	.Fo X509_VERIFY_PARAM_set_flags	122	.Fo X509_VERIFY_PARAM_set_flags
80	.Fa "X509_VERIFY_PARAM *param"	123	.Fa "X509_VERIFY_PARAM *param"
@@ -161,14 +204,77 @@
161	.Fa "X509_VERIFY_PARAM *param"	204	.Fa "X509_VERIFY_PARAM *param"
162	.Fa "const char *ipasc"	205	.Fa "const char *ipasc"
163	.Fc	206	.Fc
		207	.Ft int
		208	.Fo X509_VERIFY_PARAM_add0_table
		209	.Fa "X509_VERIFY_PARAM *param"
		210	.Fc
		211	.Ft const X509_VERIFY_PARAM *
		212	.Fo X509_VERIFY_PARAM_lookup
		213	.Fa "const char *name"
		214	.Fc
		215	.Ft int
		216	.Fo X509_VERIFY_PARAM_get_count
		217	.Fa void
		218	.Fc
		219	.Ft const X509_VERIFY_PARAM *
		220	.Fo X509_VERIFY_PARAM_get0
		221	.Fa "int id"
		222	.Fc
		223	.Ft void
		224	.Fo X509_VERIFY_PARAM_table_cleanup
		225	.Fa void
		226	.Fc
164	.Sh DESCRIPTION	227	.Sh DESCRIPTION
165	These functions manipulate the	228	These functions manipulate an
166	.Vt X509_VERIFY_PARAM	229	.Vt X509_VERIFY_PARAM
167	structure associated with a certificate verification operation.	230	object associated with a certificate verification operation.
		231	.Pp
		232	.Fn X509_VERIFY_PARAM_new
		233	allocates and initializes an empty
		234	.Vt X509_VERIFY_PARAM
		235	object.
		236	.Pp
		237	.Fn X509_VERIFY_PARAM_free
		238	clears all data contained in
		239	.Fa param
		240	and releases all memory used by it.
		241	If
		242	.Fa param
		243	is a
		244	.Dv NULL
		245	pointer, no action occurs.
		246	.Pp
		247	.Fn X509_VERIFY_PARAM_get0_name
		248	returns the name of the given
		249	.Fa param
		250	object, usually describing its purpose, for example
		251	.Qq default ,
		252	.Qq pkcs7 ,
		253	.Qq smime_sign ,
		254	.Qq ssl_client ,
		255	or
		256	.Qq ssl_server .
		257	For user-defined objects, the returned pointer may be
		258	.Dv NULL
		259	even if the object is otherwise valid.
		260	.Pp
		261	.Fn X509_VERIFY_PARAM_set1_name
		262	sets the name of
		263	.Fa param
		264	to a copy of
		265	.Fa name ,
		266	or to
		267	.Dv NULL
		268	if
		269	.Fa name
		270	is
		271	.Dv NULL .
		272	This function is quite dangerous because it invalidates pointers
		273	previously returned from
		274	.Fn X509_VERIFY_PARAM_get0_name .
168	.Pp	275	.Pp
169	The
170	.Fn X509_VERIFY_PARAM_set_flags	276	.Fn X509_VERIFY_PARAM_set_flags
171	function sets the flags in	277	sets the flags in
172	.Fa param	278	.Fa param
173	by OR'ing it with	279	by OR'ing it with
174	.Fa flags .	280	.Fa flags .
@@ -283,11 +389,6 @@ When wildcard matching is not disabled, or when a reference identifier
283	specifies a parent domain (starts with ".") rather than a hostname, the	389	specifies a parent domain (starts with ".") rather than a hostname, the
284	peer name may be a wildcard name or a sub-domain of the reference	390	peer name may be a wildcard name or a sub-domain of the reference
285	identifier respectively.	391	identifier respectively.
286	The return string is allocated by the library and is no longer valid
287	once the associated
288	.Fa param
289	argument is freed.
290	Applications must not free the return value.
291	.Pp	392	.Pp
292	.Fn X509_VERIFY_PARAM_set1_email	393	.Fn X509_VERIFY_PARAM_set1_email
293	sets the expected RFC822 email address to	394	sets the expected RFC822 email address to
@@ -324,7 +425,54 @@ The
324	argument is a NUL-terminal ASCII string:	425	argument is a NUL-terminal ASCII string:
325	dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6.	426	dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6.
326	The condensed "::" notation is supported for IPv6 addresses.	427	The condensed "::" notation is supported for IPv6 addresses.
		428	.Pp
		429	.Fn X509_VERIFY_PARAM_add0_table
		430	adds
		431	.Fa param
		432	to a static list of
		433	.Vt X509_VERIFY_PARAM
		434	objects maintained by the library.
		435	This function is extremely dangerous because contrary to the name
		436	of the function, if the list already contains an object that happens
		437	to have the same name, that old object is not only silently removed
		438	from the list, but also silently freed, which may silently invalidate
		439	various pointers existing elsewhere in the program.
		440	.Pp
		441	.Fn X509_VERIFY_PARAM_lookup
		442	searches this list for an object of the given
		443	.Fa name .
		444	If no match is found, the predefined objects built-in to the library
		445	are also inspected.
		446	.Pp
		447	.Fn X509_VERIFY_PARAM_get_count
		448	returns the sum of the number of objects on this list and the number
		449	of predefined objects built-in to the library.
		450	Note that this is not necessarily the total number of
		451	.Vt X509_VERIFY_PARAM
		452	objects existing in the program because there may be additional such
		453	objects that were never added to the list.
		454	.Pp
		455	.Fn X509_VERIFY_PARAM_get0
		456	accesses predefined and user-defined objects using
		457	.Fa id
		458	as an index, useful for looping over objects without knowing their names.
		459	An argument less than the number of predefined objects selects
		460	one of the predefined objects; a higher argument selects an object
		461	from the list.
		462	.Pp
		463	.Fn X509_VERIFY_PARAM_table_cleanup
		464	deletes all objects from this list.
		465	It is extremely dangerous because it also invalidates all data that
		466	was contained in all objects that were on the list and because it
		467	frees all these objects, which may invalidate various pointers
		468	existing elsewhere in the program.
327	.Sh RETURN VALUES	469	.Sh RETURN VALUES
		470	.Fn X509_VERIFY_PARAM_new
		471	returns a pointer to the new object, or
		472	.Dv NULL
		473	on allocation failure.
		474	.Pp
		475	.Fn X509_VERIFY_PARAM_set1_name ,
328	.Fn X509_VERIFY_PARAM_set_flags ,	476	.Fn X509_VERIFY_PARAM_set_flags ,
329	.Fn X509_VERIFY_PARAM_clear_flags ,	477	.Fn X509_VERIFY_PARAM_clear_flags ,
330	.Fn X509_VERIFY_PARAM_set_purpose ,	478	.Fn X509_VERIFY_PARAM_set_purpose ,
@@ -335,20 +483,39 @@ The condensed "::" notation is supported for IPv6 addresses.
335	.Fn X509_VERIFY_PARAM_add1_host ,	483	.Fn X509_VERIFY_PARAM_add1_host ,
336	.Fn X509_VERIFY_PARAM_set1_email ,	484	.Fn X509_VERIFY_PARAM_set1_email ,
337	.Fn X509_VERIFY_PARAM_set1_ip ,	485	.Fn X509_VERIFY_PARAM_set1_ip ,
		486	.Fn X509_VERIFY_PARAM_set1_ip_asc ,
338	and	487	and
339	.Fn X509_VERIFY_PARAM_set1_ip_asc	488	.Fn X509_VERIFY_PARAM_add0_table
340	return 1 for success or 0 for failure.	489	return 1 for success or 0 for failure.
341	.Pp	490	.Pp
342	.Fn X509_VERIFY_PARAM_get_flags	491	.Fn X509_VERIFY_PARAM_get_flags
343	returns the current verification flags.	492	returns the current verification flags.
344	.Pp	493	.Pp
345	.Fn X509_VERIFY_PARAM_set_time
346	and
347	.Fn X509_VERIFY_PARAM_set_depth
348	do not return values.
349	.Pp
350	.Fn X509_VERIFY_PARAM_get_depth	494	.Fn X509_VERIFY_PARAM_get_depth
351	returns the current verification depth.	495	returns the current verification depth.
		496	.Pp
		497	.Fn X509_VERIFY_PARAM_get0_name
		498	and
		499	.Fn X509_VERIFY_PARAM_get0_peername
		500	return pointers to strings that are only valid
		501	during the lifetime of the given
		502	.Fa param
		503	object and that must not be freed by the application program.
		504	.Pp
		505	.Fn X509_VERIFY_PARAM_lookup
		506	and
		507	.Fn X509_VERIFY_PARAM_get0
		508	return a pointer to an existing built-in or user-defined object, or
		509	.Dv NULL
		510	if no object with the given
		511	.Fa name
		512	is found, or if
		513	.Fa id
		514	is at least
		515	.Fn X509_VERIFY_PARAM_get_count .
		516	.Pp
		517	.Fn X509_VERIFY_PARAM_get_count
		518	returns a number of objects.
352	.Sh VERIFICATION FLAGS	519	.Sh VERIFICATION FLAGS
353	The verification flags consists of zero or more of the following	520	The verification flags consists of zero or more of the following
354	flags OR'ed together.	521	flags OR'ed together.