document X509_STORE_load_mem(3) and X509_STORE_add_lookup(3)

author: schwarze <> 2021-08-01 15:37:53 +0000
committer: schwarze <> 2021-08-01 15:37:53 +0000
commit: b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc (patch)
tree: 82460fc724928b6390515e701581fa02f3ad5d17 /src
parent: 423bef53cfd7915a03c5008c18e313a77bd5d1ac (diff)
download: openbsd-b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc.tar.gz
openbsd-b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc.tar.bz2
openbsd-b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc.zip
1 files changed, 67 insertions, 7 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_load_locations.3 b/src/lib/libcrypto/man/X509_STORE_load_locations.3
index bc2a3e2de8..4dbfb5fce4 100644
--- a/src/lib/libcrypto/man/X509_STORE_load_locations.3
+++ b/src/lib/libcrypto/man/X509_STORE_load_locations.3
@@ -1,8 +1,8 @@
-.\" $OpenBSD: X509_STORE_load_locations.3,v 1.7 2021/03/12 05:18:00 jsg Exp $
+.\" $OpenBSD: X509_STORE_load_locations.3,v 1.8 2021/08/01 15:37:53 schwarze Exp $
 .\" full merge up to:
 .\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
-.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2017, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,12 +16,14 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 12 2021 $
+.Dd $Mdocdate: August 1 2021 $
 .Dt X509_STORE_LOAD_LOCATIONS 3
 .Os
 .Sh NAME
 .Nm X509_STORE_load_locations ,
-.Nm X509_STORE_set_default_paths
+.Nm X509_STORE_set_default_paths ,
+.Nm X509_STORE_load_mem ,
+.Nm X509_STORE_add_lookup
 .Nd configure files and directories used by a certificate store
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
@@ -35,11 +37,22 @@
 .Fo X509_STORE_set_default_paths
 .Fa "X509_STORE *store"
 .Fc
+.Ft int
+.Fo X509_STORE_load_mem
+.Fa "X509_STORE *store"
+.Fa "void *buffer"
+.Fa "int length"
+.Fc
+.Ft X509_LOOKUP *
+.Fo X509_STORE_add_lookup
+.Fa "X509_STORE *store"
+.Fa "X509_LOOKUP_METHOD *method"
+.Fc
 .Sh DESCRIPTION
 .Fn X509_STORE_load_locations
 instructs the
 .Fa store
-to use the PEM file
+to use the PEM
 .Fa file
 and all the PEM files in the directories
 contained in the colon-separated list
@@ -85,6 +98,35 @@ except that it operates directly on an
 .Vt X509_STORE
 object, rather than on the store used by an SSL context.
 See that manual page for more information.
+.Pp
+The above functions are wrappers around
+.Xr X509_LOOKUP_load_file 3
+and
+.Xr X509_LOOKUP_add_dir 3 .
+.Pp
+.Fn X509_STORE_load_mem
+instructs the
+.Fa store
+to use the certificates contained in the memory
+.Fa buffer
+of the given
+.Fa length
+for certificate lookup.
+It is a wrapper around
+.Xr X509_LOOKUP_add_mem 3 .
+.Pp
+.Fn X509_STORE_add_lookup
+checks whether the
+.Fa store
+already contains an
+.Vt X509_LOOKUP
+object using the given
+.Fa method ;
+if it does, no action occurs.
+Otherwise, a new
+.Vt X509_LOOKUP
+object is allocated, added, and returned.
+This function is used internally by all the functions listed above.
 .Sh RETURN VALUES
 .Fn X509_STORE_load_locations
 returns 1 if all files and directories specified were successfully
@@ -97,6 +139,18 @@ directories failed, or if both arguments were
 .Fn X509_STORE_set_default_paths
 returns 0 for some error conditions and 1 otherwise, not just for
 success, but also for various cases of failure.
+.Pp
+.Fn X509_STORE_load_mem
+returns 1 for success or 0 for failure.
+In particular, parse errors or lack of memory can cause failure.
+.Pp
+.Fn X509_STORE_add_lookup
+returns the existing or new lookup object or
+.Dv NULL
+on failure.
+When using the built-in
+.Vt X509_LOOKUP_METHOD
+objects, the only reason for failure is lack of memory.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa /etc/ssl/cert.pem
@@ -109,15 +163,21 @@ default directory for
 .Sh SEE ALSO
 .Xr SSL_CTX_load_verify_locations 3 ,
 .Xr X509_LOOKUP_hash_dir 3 ,
+.Xr X509_LOOKUP_new 3 ,
 .Xr X509_STORE_new 3 ,
 .Xr X509_STORE_set1_param 3 ,
 .Xr X509_STORE_set_verify_cb 3
 .Sh HISTORY
-.Fn X509_STORE_load_locations
+.Fn X509_STORE_load_locations ,
+.Fn X509_STORE_set_default_paths ,
 and
-.Fn X509_STORE_set_default_paths
+.Fn X509_STORE_add_lookup
 first appeared in SSLeay 0.8.0 and have been available since
 .Ox 2.4 .
+.Pp
+.Fn X509_STORE_load_mem
+first appeared in
+.Ox 5.7 .
 .Sh BUGS
 By the time that adding a directory is found to have failed,
 the file and some other directories may already have been successfully loaded,
author	schwarze <>	2021-08-01 15:37:53 +0000
committer	schwarze <>	2021-08-01 15:37:53 +0000
commit	b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc (patch)
tree	82460fc724928b6390515e701581fa02f3ad5d17 /src
parent	423bef53cfd7915a03c5008c18e313a77bd5d1ac (diff)
download	openbsd-b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc.tar.gz openbsd-b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc.tar.bz2 openbsd-b85d89d9efa9dbbd419a658bc5cc5b6711c5a1dc.zip

diff --git a/src/lib/libcrypto/man/X509_STORE_load_locations.3 b/src/lib/libcrypto/man/X509_STORE_load_locations.3 index bc2a3e2de8..4dbfb5fce4 100644 --- a/src/lib/libcrypto/man/X509_STORE_load_locations.3 +++ b/src/lib/libcrypto/man/X509_STORE_load_locations.3
@@ -1,8 +1,8 @@
1	.\" $OpenBSD: X509_STORE_load_locations.3,v 1.7 2021/03/12 05:18:00 jsg Exp $	1	.\" $OpenBSD: X509_STORE_load_locations.3,v 1.8 2021/08/01 15:37:53 schwarze Exp $
2	.\" full merge up to:	2	.\" full merge up to:
3	.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000	3	.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
4	.\"	4	.\"
5	.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>	5	.\" Copyright (c) 2017, 2021 Ingo Schwarze <schwarze@openbsd.org>
6	.\"	6	.\"
7	.\" Permission to use, copy, modify, and distribute this software for any	7	.\" Permission to use, copy, modify, and distribute this software for any
8	.\" purpose with or without fee is hereby granted, provided that the above	8	.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,12 +16,14 @@
16	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	16	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	17	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18	.\"	18	.\"
19	.Dd $Mdocdate: March 12 2021 $	19	.Dd $Mdocdate: August 1 2021 $
20	.Dt X509_STORE_LOAD_LOCATIONS 3	20	.Dt X509_STORE_LOAD_LOCATIONS 3
21	.Os	21	.Os
22	.Sh NAME	22	.Sh NAME
23	.Nm X509_STORE_load_locations ,	23	.Nm X509_STORE_load_locations ,
24	.Nm X509_STORE_set_default_paths	24	.Nm X509_STORE_set_default_paths ,
		25	.Nm X509_STORE_load_mem ,
		26	.Nm X509_STORE_add_lookup
25	.Nd configure files and directories used by a certificate store	27	.Nd configure files and directories used by a certificate store
26	.Sh SYNOPSIS	28	.Sh SYNOPSIS
27	.In openssl/x509_vfy.h	29	.In openssl/x509_vfy.h
@@ -35,11 +37,22 @@
35	.Fo X509_STORE_set_default_paths	37	.Fo X509_STORE_set_default_paths
36	.Fa "X509_STORE *store"	38	.Fa "X509_STORE *store"
37	.Fc	39	.Fc
		40	.Ft int
		41	.Fo X509_STORE_load_mem
		42	.Fa "X509_STORE *store"
		43	.Fa "void *buffer"
		44	.Fa "int length"
		45	.Fc
		46	.Ft X509_LOOKUP *
		47	.Fo X509_STORE_add_lookup
		48	.Fa "X509_STORE *store"
		49	.Fa "X509_LOOKUP_METHOD *method"
		50	.Fc
38	.Sh DESCRIPTION	51	.Sh DESCRIPTION
39	.Fn X509_STORE_load_locations	52	.Fn X509_STORE_load_locations
40	instructs the	53	instructs the
41	.Fa store	54	.Fa store
42	to use the PEM file	55	to use the PEM
43	.Fa file	56	.Fa file
44	and all the PEM files in the directories	57	and all the PEM files in the directories
45	contained in the colon-separated list	58	contained in the colon-separated list
@@ -85,6 +98,35 @@ except that it operates directly on an
85	.Vt X509_STORE	98	.Vt X509_STORE
86	object, rather than on the store used by an SSL context.	99	object, rather than on the store used by an SSL context.
87	See that manual page for more information.	100	See that manual page for more information.
		101	.Pp
		102	The above functions are wrappers around
		103	.Xr X509_LOOKUP_load_file 3
		104	and
		105	.Xr X509_LOOKUP_add_dir 3 .
		106	.Pp
		107	.Fn X509_STORE_load_mem
		108	instructs the
		109	.Fa store
		110	to use the certificates contained in the memory
		111	.Fa buffer
		112	of the given
		113	.Fa length
		114	for certificate lookup.
		115	It is a wrapper around
		116	.Xr X509_LOOKUP_add_mem 3 .
		117	.Pp
		118	.Fn X509_STORE_add_lookup
		119	checks whether the
		120	.Fa store
		121	already contains an
		122	.Vt X509_LOOKUP
		123	object using the given
		124	.Fa method ;
		125	if it does, no action occurs.
		126	Otherwise, a new
		127	.Vt X509_LOOKUP
		128	object is allocated, added, and returned.
		129	This function is used internally by all the functions listed above.
88	.Sh RETURN VALUES	130	.Sh RETURN VALUES
89	.Fn X509_STORE_load_locations	131	.Fn X509_STORE_load_locations
90	returns 1 if all files and directories specified were successfully	132	returns 1 if all files and directories specified were successfully
@@ -97,6 +139,18 @@ directories failed, or if both arguments were
97	.Fn X509_STORE_set_default_paths	139	.Fn X509_STORE_set_default_paths
98	returns 0 for some error conditions and 1 otherwise, not just for	140	returns 0 for some error conditions and 1 otherwise, not just for
99	success, but also for various cases of failure.	141	success, but also for various cases of failure.
		142	.Pp
		143	.Fn X509_STORE_load_mem
		144	returns 1 for success or 0 for failure.
		145	In particular, parse errors or lack of memory can cause failure.
		146	.Pp
		147	.Fn X509_STORE_add_lookup
		148	returns the existing or new lookup object or
		149	.Dv NULL
		150	on failure.
		151	When using the built-in
		152	.Vt X509_LOOKUP_METHOD
		153	objects, the only reason for failure is lack of memory.
100	.Sh FILES	154	.Sh FILES
101	.Bl -tag -width Ds	155	.Bl -tag -width Ds
102	.It Pa /etc/ssl/cert.pem	156	.It Pa /etc/ssl/cert.pem
@@ -109,15 +163,21 @@ default directory for
109	.Sh SEE ALSO	163	.Sh SEE ALSO
110	.Xr SSL_CTX_load_verify_locations 3 ,	164	.Xr SSL_CTX_load_verify_locations 3 ,
111	.Xr X509_LOOKUP_hash_dir 3 ,	165	.Xr X509_LOOKUP_hash_dir 3 ,
		166	.Xr X509_LOOKUP_new 3 ,
112	.Xr X509_STORE_new 3 ,	167	.Xr X509_STORE_new 3 ,
113	.Xr X509_STORE_set1_param 3 ,	168	.Xr X509_STORE_set1_param 3 ,
114	.Xr X509_STORE_set_verify_cb 3	169	.Xr X509_STORE_set_verify_cb 3
115	.Sh HISTORY	170	.Sh HISTORY
116	.Fn X509_STORE_load_locations	171	.Fn X509_STORE_load_locations ,
		172	.Fn X509_STORE_set_default_paths ,
117	and	173	and
118	.Fn X509_STORE_set_default_paths	174	.Fn X509_STORE_add_lookup
119	first appeared in SSLeay 0.8.0 and have been available since	175	first appeared in SSLeay 0.8.0 and have been available since
120	.Ox 2.4 .	176	.Ox 2.4 .
		177	.Pp
		178	.Fn X509_STORE_load_mem
		179	first appeared in
		180	.Ox 5.7 .
121	.Sh BUGS	181	.Sh BUGS
122	By the time that adding a directory is found to have failed,	182	By the time that adding a directory is found to have failed,
123	the file and some other directories may already have been successfully loaded,	183	the file and some other directories may already have been successfully loaded,