summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/man/X509_check_trust.346
1 files changed, 43 insertions, 3 deletions
diff --git a/src/lib/libcrypto/man/X509_check_trust.3 b/src/lib/libcrypto/man/X509_check_trust.3
index c34f7f7370..f6a5dbe5b2 100644
--- a/src/lib/libcrypto/man/X509_check_trust.3
+++ b/src/lib/libcrypto/man/X509_check_trust.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: X509_check_trust.3,v 1.3 2021/07/28 07:37:04 jmc Exp $ 1.\" $OpenBSD: X509_check_trust.3,v 1.4 2021/10/29 11:25:37 schwarze Exp $
2.\" 2.\"
3.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> 3.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4.\" 4.\"
@@ -14,11 +14,12 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: July 28 2021 $ 17.Dd $Mdocdate: October 29 2021 $
18.Dt X509_CHECK_TRUST 3 18.Dt X509_CHECK_TRUST 3
19.Os 19.Os
20.Sh NAME 20.Sh NAME
21.Nm X509_check_trust 21.Nm X509_check_trust ,
22.Nm X509_TRUST_set_default
22.Nd check whether a certificate is trusted 23.Nd check whether a certificate is trusted
23.Sh SYNOPSIS 24.Sh SYNOPSIS
24.In openssl/x509.h 25.In openssl/x509.h
@@ -28,6 +29,12 @@
28.Fa "int trust" 29.Fa "int trust"
29.Fa "int flags" 30.Fa "int flags"
30.Fc 31.Fc
32.Ft int
33.Fo "(*X509_TRUST_set_default(int (*handler)(int, X509 *, int)))"
34.Fa "int trust"
35.Fa "X509 *certificate"
36.Fa "int flags"
37.Fc
31.Sh DESCRIPTION 38.Sh DESCRIPTION
32.Fn X509_check_trust 39.Fn X509_check_trust
33checks whether the 40checks whether the
@@ -176,6 +183,27 @@ identifiers listed above, or it may have installed additional,
176user-supplied checking functions for user-defined 183user-supplied checking functions for user-defined
177.Fa trust 184.Fa trust
178identifiers not listed above. 185identifiers not listed above.
186.Pp
187If the function
188.Fn X509_TRUST_set_default
189was called, the
190.Fa handler
191function passed to it is used instead of the standard algorithm,
192but only in the case where the
193.Fa trust
194argument of
195.Fn X509_check_trust
196is invalid.
197The compatibility step is not used used in this case.
198.Pp
199If the return value of the first call to
200.Fn X509_TRUST_set_default
201is saved and passed back to
202.Fn X509_TRUST_set_default
203later on, the standard behaviour
204of using the standard algorithm for invalid
205.Fa trust
206arguments is restored.
179.Sh RETURN VALUES 207.Sh RETURN VALUES
180.Fn X509_check_trust 208.Fn X509_check_trust
181returns the following values: 209returns the following values:
@@ -194,6 +222,16 @@ The
194is neither trusted nor explicitly rejected, 222is neither trusted nor explicitly rejected,
195which implies that it is not trusted. 223which implies that it is not trusted.
196.El 224.El
225.Pp
226.Fn X509_TRUST_set_default
227returns a pointer to the handler function for invalid
228.Fa trust
229that was installed before the call, which may either be a pointer
230to a function installed by a previous call to
231.Fn X509_TRUST_set_default
232or a pointer to the built-in function implementing the standard algorithm if
233.Fn X509_TRUST_set_default
234was never called before.
197.Sh SEE ALSO 235.Sh SEE ALSO
198.Xr PEM_read_X509_AUX 3 , 236.Xr PEM_read_X509_AUX 3 ,
199.Xr X509_add1_trust_object 3 , 237.Xr X509_add1_trust_object 3 ,
@@ -205,5 +243,7 @@ which implies that it is not trusted.
205.Xr X509_VERIFY_PARAM_set_trust 3 243.Xr X509_VERIFY_PARAM_set_trust 3
206.Sh HISTORY 244.Sh HISTORY
207.Fn X509_check_trust 245.Fn X509_check_trust
246and
247.Fn X509_TRUST_set_default
208first appeared in OpenSSL 0.9.5 and has been available since 248first appeared in OpenSSL 0.9.5 and has been available since
209.Ox 2.7 . 249.Ox 2.7 .
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:39:15 +0000