1 files changed, 0 insertions, 355 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
deleted file mode 100644
index f285045194..0000000000
--- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ /dev/null
@@ -1,355 +0,0 @@
-.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.24 2021/08/02 16:21:11 schwarze Exp $
-.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
-.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
-.\" and Rich Salz <rsalz@openssl.org>.
-.\" Copyright (c) 2009, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: August 2 2021 $
-.Dt X509_STORE_CTX_NEW 3
-.Os
-.Sh NAME
-.Nm X509_STORE_CTX_new ,
-.Nm X509_STORE_CTX_init ,
-.Nm X509_STORE_CTX_cleanup ,
-.Nm X509_STORE_CTX_free ,
-.Nm X509_STORE_CTX_get0_store ,
-.Nm X509_STORE_CTX_set0_trusted_stack ,
-.Nm X509_STORE_CTX_trusted_stack ,
-.Nm X509_STORE_CTX_set_cert ,
-.Nm X509_STORE_CTX_get0_cert ,
-.\" X509_STORE_CTX_get0_chain moved to X509_STORE_CTX_get_error(3)
-.Nm X509_STORE_CTX_set_chain ,
-.Nm X509_STORE_CTX_set0_untrusted ,
-.Nm X509_STORE_CTX_get0_untrusted ,
-.Nm X509_STORE_CTX_set0_crls
-.Nd X509_STORE_CTX initialisation
-.Sh SYNOPSIS
-.In openssl/x509_vfy.h
-.Ft X509_STORE_CTX *
-.Fn X509_STORE_CTX_new void
-.Ft int
-.Fo X509_STORE_CTX_init
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509_STORE *store"
-.Fa "X509 *x"
-.Fa "STACK_OF(X509) *untrusted"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_cleanup
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_free
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft X509_STORE *
-.Fo X509_STORE_CTX_get0_store
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set0_trusted_stack
-.Fa "X509_STORE_CTX *ctx"
-.Fa "STACK_OF(X509) *trusted"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_trusted_stack
-.Fa "X509_STORE_CTX *ctx"
-.Fa "STACK_OF(X509) *trusted"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set_cert
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509 *x"
-.Fc
-.Ft X509 *
-.Fo X509_STORE_CTX_get0_cert
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set_chain
-.Fa "X509_STORE_CTX *ctx"
-.Fa "STACK_OF(X509) *untrusted"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set0_untrusted
-.Fa "X509_STORE_CTX *ctx"
-.Fa "STACK_OF(X509) *untrusted"
-.Fc
-.Ft STACK_OF(X509) *
-.Fo X509_STORE_CTX_get0_untrusted
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set0_crls
-.Fa "X509_STORE_CTX *ctx"
-.Fa "STACK_OF(X509_CRL) *crls"
-.Fc
-.Sh DESCRIPTION
-These functions set up an
-.Vt X509_STORE_CTX
-object for subsequent use by
-.Xr X509_verify_cert 3 .
-.Pp
-.Fn X509_STORE_CTX_new
-allocates an empty
-.Vt X509_STORE_CTX
-object not yet containing the subobjects required for normal operation.
-.Pp
-.Fn X509_STORE_CTX_init
-needs to be called on each new
-.Fa ctx
-before any of the other functions become useful.
-It prepares
-.Fa ctx
-for one single verification operation using
-.Xr X509_verify_cert 3 .
-The trusted certificate
-.Fa store
-to be used, the end entity certificate
-.Fa x
-to be verified, and a set of additional
-.Fa untrusted
-certificates, to be used for building the chain,
-can be supplied, or any or all of them can be set to
-.Dv NULL .
-The three pointers passed in are stored internally, the three objects
-pointed to are not copied, their reference count is not incremented,
-and the caller remains responsible for managing their storage and for
-not freeing them before
-.Fn X509_STORE_CTX_free
-is called on
-.Fa ctx .
-.Pp
-.Fn X509_STORE_CTX_cleanup
-internally cleans up
-.Fa ctx ,
-returning it to an empty state similar to the one after
-.Fn X509_STORE_CTX_new .
-It can then be reused with a new call to
-.Fn X509_STORE_CTX_init .
-.Pp
-.Fn X509_STORE_CTX_free
-calls
-.Fn X509_STORE_CTX_cleanup
-and frees the storage pointed to by
-.Fa ctx .
-If
-.Fa ctx
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn X509_STORE_CTX_get0_store
-returns the internal pointer to the trusted certificate
-.Fa store
-that was set with
-.Fn X509_STORE_CTX_init .
-.Pp
-.Fn X509_STORE_CTX_set0_trusted_stack
-sets the set of
-.Fa trusted
-certificates used by
-.Fa ctx .
-This is an alternative way of specifying trusted certificates instead of
-using the
-.Fa store .
-.Fn X509_STORE_CTX_trusted_stack
-is a deprecated alias for
-.Fn X509_STORE_CTX_set0_trusted_stack .
-.Pp
-.Fn X509_STORE_CTX_set_cert
-sets the certificate to be verified in
-.Fa ctx
-to
-.Fa x ,
-overriding the certificate that was set with
-.Fn X509_STORE_CTX_init .
-Again, the certificate is not copied
-and its reference count is not incremented.
-.Pp
-.Fn X509_STORE_CTX_get0_cert
-retrieves the internal pointer to the certificate being verified by
-.Fa ctx ,
-i.e. the last one set using either
-.Fn X509_STORE_CTX_init
-or
-.Fn X509_STORE_CTX_set_cert .
-.Pp
-.Fn X509_STORE_CTX_set_chain
-and
-.Fn X509_STORE_CTX_set0_untrusted
-are identical and set the additional,
-.Fa untrusted
-certificates used by
-.Fa ctx ,
-overriding the set of additional, untrusted certificates that was set with
-.Fn X509_STORE_CTX_init .
-Again, the set and the certificates contained in it are not copied
-and their reference counts are not incremented.
-.Pp
-.Fn X509_STORE_CTX_get0_untrusted
-retrieves the internal pointer
-to the set of additional, untrusted certificates associated with
-.Fa ctx ,
-i.e. the last one set using either
-.Fn X509_STORE_CTX_init ,
-.Fn X509_STORE_CTX_set_chain ,
-or
-.Fn X509_STORE_CTX_set0_untrusted .
-.Pp
-.Fn X509_STORE_CTX_set0_crls
-sets a set of
-.Fa crls
-to use during certificate verification.
-These CRLs will only be used if CRL verification is enabled in the
-associated
-.Vt X509_VERIFY_PARAM
-structure.
-This might be used where additional "useful" CRLs are supplied as part
-of a protocol, for example in a PKCS#7 structure.
-.Pp
-Legacy applications might implicitly use an
-.Vt X509_STORE_CTX
-like this:
-.Bd -literal -offset indent
-X509_STORE_CTX ctx;
-X509_STORE_CTX_init(&ctx, store, cert, chain);
-.Ed
-.Pp
-This is
-.Sy not
-recommended in new applications.
-They should instead do:
-.Bd -literal -offset indent
-X509_STORE_CTX *ctx;
-ctx = X509_STORE_CTX_new();
-if (ctx == NULL)
-        /* Bad error */
-X509_STORE_CTX_init(ctx, store, cert, chain);
-.Ed
-.Sh RETURN VALUES
-.Fn X509_STORE_CTX_new
-returns a newly allocated context or
-.Dv NULL
-if an error occurred.
-.Pp
-.Fn X509_STORE_CTX_init
-returns 1 for success or 0 if an error occurred.
-.Pp
-.Fn X509_STORE_CTX_get0_store
-returns the internal pointer to the trusted certificate store or
-.Dv NULL
-if none was set.
-.Pp
-.Fn X509_STORE_CTX_get0_cert
-returns the internal pointer to the certificate to be verified or
-.Dv NULL
-if no such certificate was set.
-.Pp
-.Fn X509_STORE_CTX_get0_untrusted
-returns the internal pointer
-to the set of additional, untrusted certificates or
-.Dv NULL
-if no set of additional certificates was provided.
-.Sh SEE ALSO
-.Xr X509_CRL_new 3 ,
-.Xr X509_STORE_CTX_get_error 3 ,
-.Xr X509_STORE_CTX_get_ex_new_index 3 ,
-.Xr X509_STORE_CTX_set_flags 3 ,
-.Xr X509_STORE_get_by_subject 3 ,
-.Xr X509_STORE_new 3 ,
-.Xr X509_STORE_set1_param 3 ,
-.Xr X509_verify_cert 3 ,
-.Xr X509_VERIFY_PARAM_set_flags 3
-.Sh HISTORY
-.Fn X509_STORE_CTX_init ,
-.Fn X509_STORE_CTX_cleanup ,
-.Fn X509_STORE_CTX_set_cert ,
-and
-.Fn X509_STORE_CTX_set_chain
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn X509_STORE_CTX_new
-and
-.Fn X509_STORE_CTX_free
-first appeared in OpenSSL 0.9.5 and have been available since
-.Ox 2.7 .
-.Pp
-.Fn X509_STORE_CTX_trusted_stack
-first appeared in OpenSSL 0.9.6 and has been available since
-.Ox 2.9 .
-.Pp
-.Fn X509_STORE_CTX_get0_store
-first appeared in OpenSSL 1.0.2.
-.Fn X509_STORE_CTX_set0_trusted_stack ,
-.Fn X509_STORE_CTX_get0_cert ,
-.Fn X509_STORE_CTX_set0_untrusted ,
-and
-.Fn X509_STORE_CTX_get0_untrusted
-first appeared in OpenSSL 1.1.0.
-These functions have been available since
-.Ox 6.3 .

diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 deleted file mode 100644 index f285045194..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ /dev/null
@@ -1,355 +0,0 @@
1	.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.24 2021/08/02 16:21:11 schwarze Exp $
2	.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100
3	.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
4	.\"
5	.\" This file is a derived work.
6	.\" The changes are covered by the following Copyright and license:
7	.\"
8	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
9	.\"
10	.\" Permission to use, copy, modify, and distribute this software for any
11	.\" purpose with or without fee is hereby granted, provided that the above
12	.\" copyright notice and this permission notice appear in all copies.
13	.\"
14	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21	.\"
22	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
23	.\" and Rich Salz <rsalz@openssl.org>.
24	.\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved.
25	.\"
26	.\" Redistribution and use in source and binary forms, with or without
27	.\" modification, are permitted provided that the following conditions
28	.\" are met:
29	.\"
30	.\" 1. Redistributions of source code must retain the above copyright
31	.\" notice, this list of conditions and the following disclaimer.
32	.\"
33	.\" 2. Redistributions in binary form must reproduce the above copyright
34	.\" notice, this list of conditions and the following disclaimer in
35	.\" the documentation and/or other materials provided with the
36	.\" distribution.
37	.\"
38	.\" 3. All advertising materials mentioning features or use of this
39	.\" software must display the following acknowledgment:
40	.\" "This product includes software developed by the OpenSSL Project
41	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
42	.\"
43	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
44	.\" endorse or promote products derived from this software without
45	.\" prior written permission. For written permission, please contact
46	.\" openssl-core@openssl.org.
47	.\"
48	.\" 5. Products derived from this software may not be called "OpenSSL"
49	.\" nor may "OpenSSL" appear in their names without prior written
50	.\" permission of the OpenSSL Project.
51	.\"
52	.\" 6. Redistributions of any form whatsoever must retain the following
53	.\" acknowledgment:
54	.\" "This product includes software developed by the OpenSSL Project
55	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
56	.\"
57	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
58	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
59	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
60	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
61	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
62	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
63	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
64	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
65	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
66	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
69	.\"
70	.Dd $Mdocdate: August 2 2021 $
71	.Dt X509_STORE_CTX_NEW 3
72	.Os
73	.Sh NAME
74	.Nm X509_STORE_CTX_new ,
75	.Nm X509_STORE_CTX_init ,
76	.Nm X509_STORE_CTX_cleanup ,
77	.Nm X509_STORE_CTX_free ,
78	.Nm X509_STORE_CTX_get0_store ,
79	.Nm X509_STORE_CTX_set0_trusted_stack ,
80	.Nm X509_STORE_CTX_trusted_stack ,
81	.Nm X509_STORE_CTX_set_cert ,
82	.Nm X509_STORE_CTX_get0_cert ,
83	.\" X509_STORE_CTX_get0_chain moved to X509_STORE_CTX_get_error(3)
84	.Nm X509_STORE_CTX_set_chain ,
85	.Nm X509_STORE_CTX_set0_untrusted ,
86	.Nm X509_STORE_CTX_get0_untrusted ,
87	.Nm X509_STORE_CTX_set0_crls
88	.Nd X509_STORE_CTX initialisation
89	.Sh SYNOPSIS
90	.In openssl/x509_vfy.h
91	.Ft X509_STORE_CTX *
92	.Fn X509_STORE_CTX_new void
93	.Ft int
94	.Fo X509_STORE_CTX_init
95	.Fa "X509_STORE_CTX *ctx"
96	.Fa "X509_STORE *store"
97	.Fa "X509 *x"
98	.Fa "STACK_OF(X509) *untrusted"
99	.Fc
100	.Ft void
101	.Fo X509_STORE_CTX_cleanup
102	.Fa "X509_STORE_CTX *ctx"
103	.Fc
104	.Ft void
105	.Fo X509_STORE_CTX_free
106	.Fa "X509_STORE_CTX *ctx"
107	.Fc
108	.Ft X509_STORE *
109	.Fo X509_STORE_CTX_get0_store
110	.Fa "X509_STORE_CTX *ctx"
111	.Fc
112	.Ft void
113	.Fo X509_STORE_CTX_set0_trusted_stack
114	.Fa "X509_STORE_CTX *ctx"
115	.Fa "STACK_OF(X509) *trusted"
116	.Fc
117	.Ft void
118	.Fo X509_STORE_CTX_trusted_stack
119	.Fa "X509_STORE_CTX *ctx"
120	.Fa "STACK_OF(X509) *trusted"
121	.Fc
122	.Ft void
123	.Fo X509_STORE_CTX_set_cert
124	.Fa "X509_STORE_CTX *ctx"
125	.Fa "X509 *x"
126	.Fc
127	.Ft X509 *
128	.Fo X509_STORE_CTX_get0_cert
129	.Fa "X509_STORE_CTX *ctx"
130	.Fc
131	.Ft void
132	.Fo X509_STORE_CTX_set_chain
133	.Fa "X509_STORE_CTX *ctx"
134	.Fa "STACK_OF(X509) *untrusted"
135	.Fc
136	.Ft void
137	.Fo X509_STORE_CTX_set0_untrusted
138	.Fa "X509_STORE_CTX *ctx"
139	.Fa "STACK_OF(X509) *untrusted"
140	.Fc
141	.Ft STACK_OF(X509) *
142	.Fo X509_STORE_CTX_get0_untrusted
143	.Fa "X509_STORE_CTX *ctx"
144	.Fc
145	.Ft void
146	.Fo X509_STORE_CTX_set0_crls
147	.Fa "X509_STORE_CTX *ctx"
148	.Fa "STACK_OF(X509_CRL) *crls"
149	.Fc
150	.Sh DESCRIPTION
151	These functions set up an
152	.Vt X509_STORE_CTX
153	object for subsequent use by
154	.Xr X509_verify_cert 3 .
155	.Pp
156	.Fn X509_STORE_CTX_new
157	allocates an empty
158	.Vt X509_STORE_CTX
159	object not yet containing the subobjects required for normal operation.
160	.Pp
161	.Fn X509_STORE_CTX_init
162	needs to be called on each new
163	.Fa ctx
164	before any of the other functions become useful.
165	It prepares
166	.Fa ctx
167	for one single verification operation using
168	.Xr X509_verify_cert 3 .
169	The trusted certificate
170	.Fa store
171	to be used, the end entity certificate
172	.Fa x
173	to be verified, and a set of additional
174	.Fa untrusted
175	certificates, to be used for building the chain,
176	can be supplied, or any or all of them can be set to
177	.Dv NULL .
178	The three pointers passed in are stored internally, the three objects
179	pointed to are not copied, their reference count is not incremented,
180	and the caller remains responsible for managing their storage and for
181	not freeing them before
182	.Fn X509_STORE_CTX_free
183	is called on
184	.Fa ctx .
185	.Pp
186	.Fn X509_STORE_CTX_cleanup
187	internally cleans up
188	.Fa ctx ,
189	returning it to an empty state similar to the one after
190	.Fn X509_STORE_CTX_new .
191	It can then be reused with a new call to
192	.Fn X509_STORE_CTX_init .
193	.Pp
194	.Fn X509_STORE_CTX_free
195	calls
196	.Fn X509_STORE_CTX_cleanup
197	and frees the storage pointed to by
198	.Fa ctx .
199	If
200	.Fa ctx
201	is a
202	.Dv NULL
203	pointer, no action occurs.
204	.Pp
205	.Fn X509_STORE_CTX_get0_store
206	returns the internal pointer to the trusted certificate
207	.Fa store
208	that was set with
209	.Fn X509_STORE_CTX_init .
210	.Pp
211	.Fn X509_STORE_CTX_set0_trusted_stack
212	sets the set of
213	.Fa trusted
214	certificates used by
215	.Fa ctx .
216	This is an alternative way of specifying trusted certificates instead of
217	using the
218	.Fa store .
219	.Fn X509_STORE_CTX_trusted_stack
220	is a deprecated alias for
221	.Fn X509_STORE_CTX_set0_trusted_stack .
222	.Pp
223	.Fn X509_STORE_CTX_set_cert
224	sets the certificate to be verified in
225	.Fa ctx
226	to
227	.Fa x ,
228	overriding the certificate that was set with
229	.Fn X509_STORE_CTX_init .
230	Again, the certificate is not copied
231	and its reference count is not incremented.
232	.Pp
233	.Fn X509_STORE_CTX_get0_cert
234	retrieves the internal pointer to the certificate being verified by
235	.Fa ctx ,
236	i.e. the last one set using either
237	.Fn X509_STORE_CTX_init
238	or
239	.Fn X509_STORE_CTX_set_cert .
240	.Pp
241	.Fn X509_STORE_CTX_set_chain
242	and
243	.Fn X509_STORE_CTX_set0_untrusted
244	are identical and set the additional,
245	.Fa untrusted
246	certificates used by
247	.Fa ctx ,
248	overriding the set of additional, untrusted certificates that was set with
249	.Fn X509_STORE_CTX_init .
250	Again, the set and the certificates contained in it are not copied
251	and their reference counts are not incremented.
252	.Pp
253	.Fn X509_STORE_CTX_get0_untrusted
254	retrieves the internal pointer
255	to the set of additional, untrusted certificates associated with
256	.Fa ctx ,
257	i.e. the last one set using either
258	.Fn X509_STORE_CTX_init ,
259	.Fn X509_STORE_CTX_set_chain ,
260	or
261	.Fn X509_STORE_CTX_set0_untrusted .
262	.Pp
263	.Fn X509_STORE_CTX_set0_crls
264	sets a set of
265	.Fa crls
266	to use during certificate verification.
267	These CRLs will only be used if CRL verification is enabled in the
268	associated
269	.Vt X509_VERIFY_PARAM
270	structure.
271	This might be used where additional "useful" CRLs are supplied as part
272	of a protocol, for example in a PKCS#7 structure.
273	.Pp
274	Legacy applications might implicitly use an
275	.Vt X509_STORE_CTX
276	like this:
277	.Bd -literal -offset indent
278	X509_STORE_CTX ctx;
279	X509_STORE_CTX_init(&ctx, store, cert, chain);
280	.Ed
281	.Pp
282	This is
283	.Sy not
284	recommended in new applications.
285	They should instead do:
286	.Bd -literal -offset indent
287	X509_STORE_CTX *ctx;
288	ctx = X509_STORE_CTX_new();
289	if (ctx == NULL)
290	/* Bad error */
291	X509_STORE_CTX_init(ctx, store, cert, chain);
292	.Ed
293	.Sh RETURN VALUES
294	.Fn X509_STORE_CTX_new
295	returns a newly allocated context or
296	.Dv NULL
297	if an error occurred.
298	.Pp
299	.Fn X509_STORE_CTX_init
300	returns 1 for success or 0 if an error occurred.
301	.Pp
302	.Fn X509_STORE_CTX_get0_store
303	returns the internal pointer to the trusted certificate store or
304	.Dv NULL
305	if none was set.
306	.Pp
307	.Fn X509_STORE_CTX_get0_cert
308	returns the internal pointer to the certificate to be verified or
309	.Dv NULL
310	if no such certificate was set.
311	.Pp
312	.Fn X509_STORE_CTX_get0_untrusted
313	returns the internal pointer
314	to the set of additional, untrusted certificates or
315	.Dv NULL
316	if no set of additional certificates was provided.
317	.Sh SEE ALSO
318	.Xr X509_CRL_new 3 ,
319	.Xr X509_STORE_CTX_get_error 3 ,
320	.Xr X509_STORE_CTX_get_ex_new_index 3 ,
321	.Xr X509_STORE_CTX_set_flags 3 ,
322	.Xr X509_STORE_get_by_subject 3 ,
323	.Xr X509_STORE_new 3 ,
324	.Xr X509_STORE_set1_param 3 ,
325	.Xr X509_verify_cert 3 ,
326	.Xr X509_VERIFY_PARAM_set_flags 3
327	.Sh HISTORY
328	.Fn X509_STORE_CTX_init ,
329	.Fn X509_STORE_CTX_cleanup ,
330	.Fn X509_STORE_CTX_set_cert ,
331	and
332	.Fn X509_STORE_CTX_set_chain
333	first appeared in SSLeay 0.8.0 and have been available since
334	.Ox 2.4 .
335	.Pp
336	.Fn X509_STORE_CTX_new
337	and
338	.Fn X509_STORE_CTX_free
339	first appeared in OpenSSL 0.9.5 and have been available since
340	.Ox 2.7 .
341	.Pp
342	.Fn X509_STORE_CTX_trusted_stack
343	first appeared in OpenSSL 0.9.6 and has been available since
344	.Ox 2.9 .
345	.Pp
346	.Fn X509_STORE_CTX_get0_store
347	first appeared in OpenSSL 1.0.2.
348	.Fn X509_STORE_CTX_set0_trusted_stack ,
349	.Fn X509_STORE_CTX_get0_cert ,
350	.Fn X509_STORE_CTX_set0_untrusted ,
351	and
352	.Fn X509_STORE_CTX_get0_untrusted
353	first appeared in OpenSSL 1.1.0.
354	These functions have been available since
355	.Ox 6.3 .