diff options
| author | tb <> | 2022-05-10 19:44:29 +0000 |
|---|---|---|
| committer | tb <> | 2022-05-10 19:44:29 +0000 |
| commit | dc315965463c2c4b824e23781058a706a42066d2 (patch) | |
| tree | a33ff6f960cc02b06713e57a048508da2295c766 /src | |
| parent | 60292e3c622f4c29a5af160d34b90580ef8c6d03 (diff) | |
| download | openbsd-dc315965463c2c4b824e23781058a706a42066d2.tar.gz openbsd-dc315965463c2c4b824e23781058a706a42066d2.tar.bz2 openbsd-dc315965463c2c4b824e23781058a706a42066d2.zip | |
Add a BUGS section to describe the problem of potential lies and
indicating a workaround.
input/ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/man/X509_check_ca.3 | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/lib/libcrypto/man/X509_check_ca.3 b/src/lib/libcrypto/man/X509_check_ca.3 index b78e349084..114bac69e7 100644 --- a/src/lib/libcrypto/man/X509_check_ca.3 +++ b/src/lib/libcrypto/man/X509_check_ca.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_check_ca.3,v 1.6 2022/02/18 01:41:17 jsg Exp $ | 1 | .\" $OpenBSD: X509_check_ca.3,v 1.7 2022/05/10 19:44:29 tb Exp $ |
| 2 | .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 | 2 | .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>. | 4 | .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>. |
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 50 | .\" | 50 | .\" |
| 51 | .Dd $Mdocdate: February 18 2022 $ | 51 | .Dd $Mdocdate: May 10 2022 $ |
| 52 | .Dt X509_CHECK_CA 3 | 52 | .Dt X509_CHECK_CA 3 |
| 53 | .Os | 53 | .Os |
| 54 | .Sh NAME | 54 | .Sh NAME |
| @@ -93,6 +93,7 @@ that it is a CA certificate | |||
| 93 | .Xr BASIC_CONSTRAINTS_new 3 , | 93 | .Xr BASIC_CONSTRAINTS_new 3 , |
| 94 | .Xr EXTENDED_KEY_USAGE_new 3 , | 94 | .Xr EXTENDED_KEY_USAGE_new 3 , |
| 95 | .Xr X509_check_issued 3 , | 95 | .Xr X509_check_issued 3 , |
| 96 | .Xr X509_check_purpose 3 , | ||
| 96 | .Xr X509_EXTENSION_new 3 , | 97 | .Xr X509_EXTENSION_new 3 , |
| 97 | .Xr X509_new 3 , | 98 | .Xr X509_new 3 , |
| 98 | .Xr X509_verify_cert 3 | 99 | .Xr X509_verify_cert 3 |
| @@ -100,3 +101,17 @@ that it is a CA certificate | |||
| 100 | .Fn X509_check_ca | 101 | .Fn X509_check_ca |
| 101 | first appeared in OpenSSL 0.9.7f and has been available since | 102 | first appeared in OpenSSL 0.9.7f and has been available since |
| 102 | .Ox 3.8 . | 103 | .Ox 3.8 . |
| 104 | .Sh BUGS | ||
| 105 | If | ||
| 106 | .Fn X509_check_ca | ||
| 107 | fails to cache X509v3 extension values, the return value may | ||
| 108 | be incorrect. | ||
| 109 | An application should | ||
| 110 | call | ||
| 111 | .Xr X509_check_purpose 3 | ||
| 112 | with a | ||
| 113 | .Fa purpose | ||
| 114 | argument of \-1, | ||
| 115 | ensuring that the X509v3 extensions are cached, | ||
| 116 | before calling | ||
| 117 | .Fn X509_check_ca . | ||