Move the explanations related to *ptree closer together and correct

the lie that *ptree is set upon success - in some cases of success, it is set to NULL, whereas in some cases of failure, a non-trivial tree may be returned. beck@ pointed out that statements related to *ptree were scattered all over the place, and this patch works for him.
author: schwarze <> 2021-07-30 15:01:40 +0000
committer: schwarze <> 2021-07-30 15:01:40 +0000
commit: f9d12ac132435716ba1d1886ac306596071b29e0 (patch)
tree: f62b313175ae7b76e216fe44b028e031884d6034 /src
parent: 83cd735c2e833bc9c4575ab3849251b6e849c4a0 (diff)
download: openbsd-f9d12ac132435716ba1d1886ac306596071b29e0.tar.gz
openbsd-f9d12ac132435716ba1d1886ac306596071b29e0.tar.bz2
openbsd-f9d12ac132435716ba1d1886ac306596071b29e0.zip
1 files changed, 19 insertions, 16 deletions
diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3
index 445f22ddea..e4b3be0d43 100644
--- a/src/lib/libcrypto/man/X509_policy_check.3
+++ b/src/lib/libcrypto/man/X509_policy_check.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_policy_check.3,v 1.4 2021/07/29 12:39:47 schwarze Exp $
+.\" $OpenBSD: X509_policy_check.3,v 1.5 2021/07/30 15:01:40 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 29 2021 $
+.Dd $Mdocdate: July 30 2021 $
 .Dt X509_POLICY_CHECK 3
 .Os
 .Sh NAME
@@ -44,9 +44,6 @@ The
 input argument contains the prospective certification path
 according to RFC 5280 paragraph 6.1.1(a), starting with the
 target certificate and ending with the trust anchor.
-If a policy tree is returned, the reference count of each of the
-.Fa certs
-is incremented by 1.
 .Pp
 The
 .Fa policy_oids
@@ -79,7 +76,14 @@ as defined by RFC 5280 paragraph 6.1.1(e).
 It disables policy mapping in the certification path.
 .El
 .Pp
-Upon success, a pointer to the
+Upon success and in some cases of failure, the storage location pointed to by
+.Fa pexplicit_policy
+is set to 1 if
+.Dv X509_V_FLAG_EXPLICIT_POLICY
+was requested.
+Otherwise, it is set to 0.
+.Pp
+In many cases of success and in a few cases of failure, a pointer to the
 .Vt valid_policy_tree
 output value mentioned in RFC 5280 section 6.1.6 is returned in
 .Pf * Fa ptree .
@@ -94,23 +98,22 @@ of
 and an empty
 .Fa qualifier_set .
 .Pp
-Upon success and in some cases of failure, the storage location pointed to by
+If a policy tree is returned, the reference count of each of the
-.Fa pexplicit_policy
+.Fa certs
-is set to 1 if
+is incremented by 1.
-.Dv X509_V_FLAG_EXPLICIT_POLICY
+In that case, the caller is responsible for calling
-was requested.
-Otherwise, it is set to 0.
-.Pp
 .Fn X509_policy_tree_free
-releases all memory used by the
+to release all memory used by the
 .Fa tree
-and decrements the reference counts
+and to decrement the reference counts
 of the certificates referenced from it by 1.
 If
 .Fa tree
 is a
 .Dv NULL
-pointer, no action occurs.
+pointer,
+.Fn X509_policy_tree_free
+has no effect.
 .Sh RETURN VALUES
 .Fn X509_policy_check
 returns these values:
author	schwarze <>	2021-07-30 15:01:40 +0000
committer	schwarze <>	2021-07-30 15:01:40 +0000
commit	f9d12ac132435716ba1d1886ac306596071b29e0 (patch)
tree	f62b313175ae7b76e216fe44b028e031884d6034 /src
parent	83cd735c2e833bc9c4575ab3849251b6e849c4a0 (diff)
download	openbsd-f9d12ac132435716ba1d1886ac306596071b29e0.tar.gz openbsd-f9d12ac132435716ba1d1886ac306596071b29e0.tar.bz2 openbsd-f9d12ac132435716ba1d1886ac306596071b29e0.zip

diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3 index 445f22ddea..e4b3be0d43 100644 --- a/src/lib/libcrypto/man/X509_policy_check.3 +++ b/src/lib/libcrypto/man/X509_policy_check.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_policy_check.3,v 1.4 2021/07/29 12:39:47 schwarze Exp $	1	.\" $OpenBSD: X509_policy_check.3,v 1.5 2021/07/30 15:01:40 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 29 2021 $	17	.Dd $Mdocdate: July 30 2021 $
18	.Dt X509_POLICY_CHECK 3	18	.Dt X509_POLICY_CHECK 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -44,9 +44,6 @@ The
44	input argument contains the prospective certification path	44	input argument contains the prospective certification path
45	according to RFC 5280 paragraph 6.1.1(a), starting with the	45	according to RFC 5280 paragraph 6.1.1(a), starting with the
46	target certificate and ending with the trust anchor.	46	target certificate and ending with the trust anchor.
47	If a policy tree is returned, the reference count of each of the
48	.Fa certs
49	is incremented by 1.
50	.Pp	47	.Pp
51	The	48	The
52	.Fa policy_oids	49	.Fa policy_oids
@@ -79,7 +76,14 @@ as defined by RFC 5280 paragraph 6.1.1(e).
79	It disables policy mapping in the certification path.	76	It disables policy mapping in the certification path.
80	.El	77	.El
81	.Pp	78	.Pp
82	Upon success, a pointer to the	79	Upon success and in some cases of failure, the storage location pointed to by
		80	.Fa pexplicit_policy
		81	is set to 1 if
		82	.Dv X509_V_FLAG_EXPLICIT_POLICY
		83	was requested.
		84	Otherwise, it is set to 0.
		85	.Pp
		86	In many cases of success and in a few cases of failure, a pointer to the
83	.Vt valid_policy_tree	87	.Vt valid_policy_tree
84	output value mentioned in RFC 5280 section 6.1.6 is returned in	88	output value mentioned in RFC 5280 section 6.1.6 is returned in
85	.Pf * Fa ptree .	89	.Pf * Fa ptree .
@@ -94,23 +98,22 @@ of
94	and an empty	98	and an empty
95	.Fa qualifier_set .	99	.Fa qualifier_set .
96	.Pp	100	.Pp
97	Upon success and in some cases of failure, the storage location pointed to by	101	If a policy tree is returned, the reference count of each of the
98	.Fa pexplicit_policy	102	.Fa certs
99	is set to 1 if	103	is incremented by 1.
100	.Dv X509_V_FLAG_EXPLICIT_POLICY	104	In that case, the caller is responsible for calling
101	was requested.
102	Otherwise, it is set to 0.
103	.Pp
104	.Fn X509_policy_tree_free	105	.Fn X509_policy_tree_free
105	releases all memory used by the	106	to release all memory used by the
106	.Fa tree	107	.Fa tree
107	and decrements the reference counts	108	and to decrement the reference counts
108	of the certificates referenced from it by 1.	109	of the certificates referenced from it by 1.
109	If	110	If
110	.Fa tree	111	.Fa tree
111	is a	112	is a
112	.Dv NULL	113	.Dv NULL
113	pointer, no action occurs.	114	pointer,
		115	.Fn X509_policy_tree_free
		116	has no effect.
114	.Sh RETURN VALUES	117	.Sh RETURN VALUES
115	.Fn X509_policy_check	118	.Fn X509_policy_check
116	returns these values:	119	returns these values: