diff options
| -rw-r--r-- | src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index f7466c4bd9..c97e60330b 100644 --- a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.17 2021/07/28 14:48:09 schwarze Exp $ | 1 | .\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.18 2021/07/29 09:14:23 schwarze Exp $ |
| 2 | .\" full merge up to: | 2 | .\" full merge up to: |
| 3 | .\" OpenSSL crypto/X509_STORE_CTX_get_error f0e0fd51 Apr 14 23:59:26 2016 -0400 | 3 | .\" OpenSSL crypto/X509_STORE_CTX_get_error f0e0fd51 Apr 14 23:59:26 2016 -0400 |
| 4 | .\" selective merge up to: | 4 | .\" selective merge up to: |
| @@ -70,7 +70,7 @@ | |||
| 70 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 70 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 71 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 71 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 72 | .\" | 72 | .\" |
| 73 | .Dd $Mdocdate: July 28 2021 $ | 73 | .Dd $Mdocdate: July 29 2021 $ |
| 74 | .Dt X509_STORE_CTX_GET_ERROR 3 | 74 | .Dt X509_STORE_CTX_GET_ERROR 3 |
| 75 | .Os | 75 | .Os |
| 76 | .Sh NAME | 76 | .Sh NAME |
| @@ -80,6 +80,7 @@ | |||
| 80 | .Nm X509_STORE_CTX_get_current_cert , | 80 | .Nm X509_STORE_CTX_get_current_cert , |
| 81 | .Nm X509_STORE_CTX_get0_current_issuer , | 81 | .Nm X509_STORE_CTX_get0_current_issuer , |
| 82 | .Nm X509_STORE_CTX_get0_current_crl , | 82 | .Nm X509_STORE_CTX_get0_current_crl , |
| 83 | .Nm X509_STORE_CTX_get0_parent_ctx , | ||
| 83 | .Nm X509_STORE_CTX_get0_chain , | 84 | .Nm X509_STORE_CTX_get0_chain , |
| 84 | .Nm X509_STORE_CTX_get_chain , | 85 | .Nm X509_STORE_CTX_get_chain , |
| 85 | .Nm X509_STORE_CTX_get1_chain , | 86 | .Nm X509_STORE_CTX_get1_chain , |
| @@ -114,6 +115,10 @@ | |||
| 114 | .Fo X509_STORE_CTX_get0_current_crl | 115 | .Fo X509_STORE_CTX_get0_current_crl |
| 115 | .Fa "X509_STORE_CTX *ctx" | 116 | .Fa "X509_STORE_CTX *ctx" |
| 116 | .Fc | 117 | .Fc |
| 118 | .Ft X509_STORE_CTX * | ||
| 119 | .Fo X509_STORE_CTX_get0_parent_ctx | ||
| 120 | .Fa "X509_STORE_CTX *ctx" | ||
| 121 | .Fc | ||
| 117 | .Ft STACK_OF(X509) * | 122 | .Ft STACK_OF(X509) * |
| 118 | .Fo X509_STORE_CTX_get0_chain | 123 | .Fo X509_STORE_CTX_get0_chain |
| 119 | .Fa "X509_STORE_CTX *ctx" | 124 | .Fa "X509_STORE_CTX *ctx" |
| @@ -185,6 +190,22 @@ returns the certificate revocation list that caused CRL checking to fail or | |||
| 185 | .Dv NULL | 190 | .Dv NULL |
| 186 | if no CRL is relevant. | 191 | if no CRL is relevant. |
| 187 | .Pp | 192 | .Pp |
| 193 | When, during certification path validation, the need arises to check | ||
| 194 | the validity of the certification path of a CRL issuer certificate, | ||
| 195 | the library creates a new, temporary | ||
| 196 | .Vt X509_STORE_CTX | ||
| 197 | object. | ||
| 198 | If | ||
| 199 | .Fn X509_STORE_CTX_get0_parent_ctx | ||
| 200 | is called on that temporary object, a pointer to the original | ||
| 201 | certification path validation context is returned. | ||
| 202 | This may be useful in callback functions called from | ||
| 203 | .Xr X509_verify_cert 3 | ||
| 204 | or from its subroutines to find out whether the callback is called | ||
| 205 | from the path validation of the target certificate or from the path | ||
| 206 | validation of a related CRL issuer certificate, and if the latter, | ||
| 207 | what the target certificate is. | ||
| 208 | .Pp | ||
| 188 | .Fn X509_STORE_CTX_get0_chain | 209 | .Fn X509_STORE_CTX_get0_chain |
| 189 | returns an internal pointer to a complete validate chain | 210 | returns an internal pointer to a complete validate chain |
| 190 | if a previous call to | 211 | if a previous call to |
| @@ -241,6 +262,14 @@ return the object which caused the error or | |||
| 241 | .Dv NULL | 262 | .Dv NULL |
| 242 | if no object of the requested kind is relevant to the error. | 263 | if no object of the requested kind is relevant to the error. |
| 243 | .Pp | 264 | .Pp |
| 265 | .Fn X509_STORE_CTX_get0_parent_ctx | ||
| 266 | returns the parent context or | ||
| 267 | .Dv NULL | ||
| 268 | if | ||
| 269 | .Fa ctx | ||
| 270 | is not a temporary child context | ||
| 271 | used for path validation of a CRL issuer certificate. | ||
| 272 | .Pp | ||
| 244 | .Fn X509_STORE_CTX_get0_chain , | 273 | .Fn X509_STORE_CTX_get0_chain , |
| 245 | .Fn X509_STORE_CTX_get_chain , | 274 | .Fn X509_STORE_CTX_get_chain , |
| 246 | and | 275 | and |
| @@ -467,9 +496,10 @@ and | |||
| 467 | first appeared in OpenSSL 0.9.8 and have been available since | 496 | first appeared in OpenSSL 0.9.8 and have been available since |
| 468 | .Ox 4.5 . | 497 | .Ox 4.5 . |
| 469 | .Pp | 498 | .Pp |
| 470 | .Fn X509_STORE_CTX_get0_current_issuer | 499 | .Fn X509_STORE_CTX_get0_current_issuer , |
| 500 | .Fn X509_STORE_CTX_get0_current_crl , | ||
| 471 | and | 501 | and |
| 472 | .Fn X509_STORE_CTX_get0_current_crl | 502 | .Fn X509_STORE_CTX_get0_parent_ctx |
| 473 | first appeared in OpenSSL 1.0.0 and have been available since | 503 | first appeared in OpenSSL 1.0.0 and have been available since |
| 474 | .Ox 4.9 . | 504 | .Ox 4.9 . |
| 475 | .Pp | 505 | .Pp |