1 files changed, 0 insertions, 256 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3
deleted file mode 100644
index 8c27deea5d..0000000000
--- a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3
+++ /dev/null
@@ -1,256 +0,0 @@
-.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.8 2024/06/07 05:51:39 tb Exp $
-.\"
-.\" Copyright (c) 2021, 2022 Ingo Schwarze <schwarze@openbsd.org>
-.\" Copyright (c) 2023 Job Snijders <job@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 7 2024 $
-.Dt X509_STORE_CTX_SET_VERIFY 3
-.Os
-.Sh NAME
-.Nm X509_STORE_CTX_verify_fn ,
-.Nm X509_STORE_CTX_set_verify ,
-.Nm X509_STORE_CTX_get_verify ,
-.Nm X509_STORE_set_verify ,
-.Nm X509_STORE_set_verify_func ,
-.Nm X509_STORE_get_verify ,
-.Nm X509_STORE_CTX_check_issued_fn ,
-.Nm X509_STORE_set_check_issued ,
-.Nm X509_STORE_get_check_issued ,
-.Nm X509_STORE_CTX_get_check_issued
-.Nd user-defined certificate chain verification function
-.Sh SYNOPSIS
-.In openssl/x509_vfy.h
-.Ft typedef int
-.Fo (*X509_STORE_CTX_verify_fn)
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_CTX_set_verify
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509_STORE_CTX_verify_fn verify"
-.Fc
-.Ft X509_STORE_CTX_verify_fn
-.Fo X509_STORE_CTX_get_verify
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft void
-.Fo X509_STORE_set_verify
-.Fa "X509_STORE *store"
-.Fa "X509_STORE_CTX_verify_fn verify"
-.Fc
-.Ft void
-.Fo X509_STORE_set_verify_func
-.Fa "X509_STORE *store"
-.Fa "X509_STORE_CTX_verify_fn verify"
-.Fc
-.Ft X509_STORE_CTX_verify_fn
-.Fo X509_STORE_get_verify
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Ft typedef int
-.Fo (*X509_STORE_CTX_check_issued_fn)
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509 *subject"
-.Fa "X509 *issuer"
-.Fc
-.Ft void
-.Fo X509_STORE_set_check_issued
-.Fa "X509_STORE *store"
-.Fa "X509_STORE_CTX_check_issued_fn check_issued"
-.Fc
-.Ft X509_STORE_CTX_check_issued_fn
-.Fo X509_STORE_get_check_issued
-.Fa "X509_STORE *store"
-.Fc
-.Ft X509_STORE_CTX_check_issued_fn
-.Fo X509_STORE_CTX_get_check_issued
-.Fa "X509_STORE_CTX *ctx"
-.Fc
-.Sh DESCRIPTION
-.Fn X509_STORE_CTX_set_verify
-configures
-.Fa ctx
-to use the
-.Fa verify
-argument as the X.509 certificate chain verification function instead
-of the default verification function built into the library when
-.Xr X509_verify_cert 3
-is called.
-.Pp
-The
-.Fa verify
-function provided by the user is only called if the
-.Dv X509_V_FLAG_LEGACY_VERIFY
-or
-.Dv X509_V_FLAG_NO_ALT_CHAINS
-flag was set on
-.Fa ctx
-using
-.Xr X509_STORE_CTX_set_flags 3
-or
-.Xr X509_VERIFY_PARAM_set_flags 3 .
-Otherwise, it is ignored and a different algorithm is used that does
-not support replacing the verification function.
-.Pp
-.Fn X509_STORE_set_verify
-saves the function pointer
-.Fa verify
-in the given
-.Fa store
-object.
-That pointer will be copied to an
-.Vt X509_STORE_CTX
-object when
-.Fa store
-is later passed as an argument to
-.Xr X509_STORE_CTX_init 3 .
-.Pp
-.Fn X509_STORE_set_verify_func
-is an alias for
-.Fn X509_STORE_set_verify
-implemented as a macro.
-.Pp
-.Fn X509_STORE_set_check_issued
-saves the function pointer
-.Fa check_issued
-in the given
-.Fa store
-object.
-That pointer will be copied to an
-.Vt X509_STORE_CTX
-object when
-.Fa store
-is later passed as an argument to
-.Fn X509_STORE_CTX_init 3 .
-.Pp
-The
-.Fa check_issued
-function provided by the user should check whether a given certificate
-.Fa subject
-was issued using the CA certificate
-.Fa issuer ,
-and must return 0 on failure and 1 on success.
-The default implementation ignores the
-.Fa ctx
-argument and returns success if and only if
-.Xr X509_check_issued 3
-returns
-.Dv X509_V_OK .
-It is important to pay close attention to the order of the
-.Fa issuer
-and
-.Fa subject
-arguments.
-In
-.Xr X509_check_issued 3
-the
-.Fa issuer
-precedes the
-.Fa subject
-while in
-.Fn check_issued
-the
-.Fa subject
-comes first.
-.Sh RETURN VALUES
-.Fn X509_STORE_CTX_verify_fn
-is supposed to return 1 to indicate that the chain is valid
-or 0 if it is not or if an error occurred.
-.Pp
-.Fn X509_STORE_CTX_get_verify
-returns a function pointer previously set with
-.Fn X509_STORE_CTX_set_verify
-or
-.Xr X509_STORE_CTX_init 3 ,
-or
-.Dv NULL
-if
-.Fa ctx
-is uninitialized.
-.Pp
-.Fn X509_STORE_get_verify
-returns the function pointer previously set with
-.Fn X509_STORE_set_verify ,
-or
-.Dv NULL
-if that function was not called on the
-.Fa store .
-.Pp
-.Fn X509_STORE_get_check_issued
-returns the function pointer previously set with
-.Fn X509_STORE_set_check_issued ,
-or
-.Dv NULL
-if that function was not called on the
-.Fa store .
-.Pp
-.Fn X509_STORE_CTX_get_check_issued
-returns the
-.Fn check_issued
-function pointer set on the
-.Vt X509_STORE_CTX .
-This is either the
-.Fn check_issued
-function inherited from the
-.Fa store
-used in
-.Xr X509_STORE_CTX_init 3
-or the library's default implementation.
-.Sh SEE ALSO
-.Xr X509_check_issued 3 ,
-.Xr X509_STORE_CTX_init 3 ,
-.Xr X509_STORE_CTX_set_error 3 ,
-.Xr X509_STORE_CTX_set_flags 3 ,
-.Xr X509_STORE_CTX_set_verify_cb 3 ,
-.Xr X509_STORE_new 3 ,
-.Xr X509_STORE_set_flags 3 ,
-.Xr X509_STORE_set_verify_cb 3 ,
-.Xr X509_verify_cert 3 ,
-.Xr X509_VERIFY_PARAM_set_flags 3
-.Sh HISTORY
-.Fn X509_STORE_set_verify_func
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn X509_STORE_CTX_set_verify
-and
-.Fn X509_STORE_CTX_get_verify
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 7.1 .
-.Pp
-.Fn X509_STORE_CTX_verify_fn ,
-.Fn X509_STORE_set_verify ,
-and
-.Fn X509_STORE_get_verify
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 7.2 .
-.Pp
-.Fn X509_STORE_set_check_issued ,
-.Fn X509_STORE_get_check_issued ,
-and
-.Fn X509_STORE_CTX_get_check_issued
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 7.3 .
-.Sh BUGS
-The reversal of order of
-.Fa subject
-and
-.Fa issuer
-between
-.Fn check_issued
-and
-.Xr X509_check_issued 3
-is very confusing.
-It has led to bugs and will cause many more.

diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 deleted file mode 100644 index 8c27deea5d..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 +++ /dev/null
@@ -1,256 +0,0 @@
1	.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.8 2024/06/07 05:51:39 tb Exp $
2	.\"
3	.\" Copyright (c) 2021, 2022 Ingo Schwarze <schwarze@openbsd.org>
4	.\" Copyright (c) 2023 Job Snijders <job@openbsd.org>
5	.\"
6	.\" Permission to use, copy, modify, and distribute this software for any
7	.\" purpose with or without fee is hereby granted, provided that the above
8	.\" copyright notice and this permission notice appear in all copies.
9	.\"
10	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	.\"
18	.Dd $Mdocdate: June 7 2024 $
19	.Dt X509_STORE_CTX_SET_VERIFY 3
20	.Os
21	.Sh NAME
22	.Nm X509_STORE_CTX_verify_fn ,
23	.Nm X509_STORE_CTX_set_verify ,
24	.Nm X509_STORE_CTX_get_verify ,
25	.Nm X509_STORE_set_verify ,
26	.Nm X509_STORE_set_verify_func ,
27	.Nm X509_STORE_get_verify ,
28	.Nm X509_STORE_CTX_check_issued_fn ,
29	.Nm X509_STORE_set_check_issued ,
30	.Nm X509_STORE_get_check_issued ,
31	.Nm X509_STORE_CTX_get_check_issued
32	.Nd user-defined certificate chain verification function
33	.Sh SYNOPSIS
34	.In openssl/x509_vfy.h
35	.Ft typedef int
36	.Fo (*X509_STORE_CTX_verify_fn)
37	.Fa "X509_STORE_CTX *ctx"
38	.Fc
39	.Ft void
40	.Fo X509_STORE_CTX_set_verify
41	.Fa "X509_STORE_CTX *ctx"
42	.Fa "X509_STORE_CTX_verify_fn verify"
43	.Fc
44	.Ft X509_STORE_CTX_verify_fn
45	.Fo X509_STORE_CTX_get_verify
46	.Fa "X509_STORE_CTX *ctx"
47	.Fc
48	.Ft void
49	.Fo X509_STORE_set_verify
50	.Fa "X509_STORE *store"
51	.Fa "X509_STORE_CTX_verify_fn verify"
52	.Fc
53	.Ft void
54	.Fo X509_STORE_set_verify_func
55	.Fa "X509_STORE *store"
56	.Fa "X509_STORE_CTX_verify_fn verify"
57	.Fc
58	.Ft X509_STORE_CTX_verify_fn
59	.Fo X509_STORE_get_verify
60	.Fa "X509_STORE_CTX *ctx"
61	.Fc
62	.Ft typedef int
63	.Fo (*X509_STORE_CTX_check_issued_fn)
64	.Fa "X509_STORE_CTX *ctx"
65	.Fa "X509 *subject"
66	.Fa "X509 *issuer"
67	.Fc
68	.Ft void
69	.Fo X509_STORE_set_check_issued
70	.Fa "X509_STORE *store"
71	.Fa "X509_STORE_CTX_check_issued_fn check_issued"
72	.Fc
73	.Ft X509_STORE_CTX_check_issued_fn
74	.Fo X509_STORE_get_check_issued
75	.Fa "X509_STORE *store"
76	.Fc
77	.Ft X509_STORE_CTX_check_issued_fn
78	.Fo X509_STORE_CTX_get_check_issued
79	.Fa "X509_STORE_CTX *ctx"
80	.Fc
81	.Sh DESCRIPTION
82	.Fn X509_STORE_CTX_set_verify
83	configures
84	.Fa ctx
85	to use the
86	.Fa verify
87	argument as the X.509 certificate chain verification function instead
88	of the default verification function built into the library when
89	.Xr X509_verify_cert 3
90	is called.
91	.Pp
92	The
93	.Fa verify
94	function provided by the user is only called if the
95	.Dv X509_V_FLAG_LEGACY_VERIFY
96	or
97	.Dv X509_V_FLAG_NO_ALT_CHAINS
98	flag was set on
99	.Fa ctx
100	using
101	.Xr X509_STORE_CTX_set_flags 3
102	or
103	.Xr X509_VERIFY_PARAM_set_flags 3 .
104	Otherwise, it is ignored and a different algorithm is used that does
105	not support replacing the verification function.
106	.Pp
107	.Fn X509_STORE_set_verify
108	saves the function pointer
109	.Fa verify
110	in the given
111	.Fa store
112	object.
113	That pointer will be copied to an
114	.Vt X509_STORE_CTX
115	object when
116	.Fa store
117	is later passed as an argument to
118	.Xr X509_STORE_CTX_init 3 .
119	.Pp
120	.Fn X509_STORE_set_verify_func
121	is an alias for
122	.Fn X509_STORE_set_verify
123	implemented as a macro.
124	.Pp
125	.Fn X509_STORE_set_check_issued
126	saves the function pointer
127	.Fa check_issued
128	in the given
129	.Fa store
130	object.
131	That pointer will be copied to an
132	.Vt X509_STORE_CTX
133	object when
134	.Fa store
135	is later passed as an argument to
136	.Fn X509_STORE_CTX_init 3 .
137	.Pp
138	The
139	.Fa check_issued
140	function provided by the user should check whether a given certificate
141	.Fa subject
142	was issued using the CA certificate
143	.Fa issuer ,
144	and must return 0 on failure and 1 on success.
145	The default implementation ignores the
146	.Fa ctx
147	argument and returns success if and only if
148	.Xr X509_check_issued 3
149	returns
150	.Dv X509_V_OK .
151	It is important to pay close attention to the order of the
152	.Fa issuer
153	and
154	.Fa subject
155	arguments.
156	In
157	.Xr X509_check_issued 3
158	the
159	.Fa issuer
160	precedes the
161	.Fa subject
162	while in
163	.Fn check_issued
164	the
165	.Fa subject
166	comes first.
167	.Sh RETURN VALUES
168	.Fn X509_STORE_CTX_verify_fn
169	is supposed to return 1 to indicate that the chain is valid
170	or 0 if it is not or if an error occurred.
171	.Pp
172	.Fn X509_STORE_CTX_get_verify
173	returns a function pointer previously set with
174	.Fn X509_STORE_CTX_set_verify
175	or
176	.Xr X509_STORE_CTX_init 3 ,
177	or
178	.Dv NULL
179	if
180	.Fa ctx
181	is uninitialized.
182	.Pp
183	.Fn X509_STORE_get_verify
184	returns the function pointer previously set with
185	.Fn X509_STORE_set_verify ,
186	or
187	.Dv NULL
188	if that function was not called on the
189	.Fa store .
190	.Pp
191	.Fn X509_STORE_get_check_issued
192	returns the function pointer previously set with
193	.Fn X509_STORE_set_check_issued ,
194	or
195	.Dv NULL
196	if that function was not called on the
197	.Fa store .
198	.Pp
199	.Fn X509_STORE_CTX_get_check_issued
200	returns the
201	.Fn check_issued
202	function pointer set on the
203	.Vt X509_STORE_CTX .
204	This is either the
205	.Fn check_issued
206	function inherited from the
207	.Fa store
208	used in
209	.Xr X509_STORE_CTX_init 3
210	or the library's default implementation.
211	.Sh SEE ALSO
212	.Xr X509_check_issued 3 ,
213	.Xr X509_STORE_CTX_init 3 ,
214	.Xr X509_STORE_CTX_set_error 3 ,
215	.Xr X509_STORE_CTX_set_flags 3 ,
216	.Xr X509_STORE_CTX_set_verify_cb 3 ,
217	.Xr X509_STORE_new 3 ,
218	.Xr X509_STORE_set_flags 3 ,
219	.Xr X509_STORE_set_verify_cb 3 ,
220	.Xr X509_verify_cert 3 ,
221	.Xr X509_VERIFY_PARAM_set_flags 3
222	.Sh HISTORY
223	.Fn X509_STORE_set_verify_func
224	first appeared in SSLeay 0.8.0 and has been available since
225	.Ox 2.4 .
226	.Pp
227	.Fn X509_STORE_CTX_set_verify
228	and
229	.Fn X509_STORE_CTX_get_verify
230	first appeared in OpenSSL 1.1.0 and have been available since
231	.Ox 7.1 .
232	.Pp
233	.Fn X509_STORE_CTX_verify_fn ,
234	.Fn X509_STORE_set_verify ,
235	and
236	.Fn X509_STORE_get_verify
237	first appeared in OpenSSL 1.1.0 and have been available since
238	.Ox 7.2 .
239	.Pp
240	.Fn X509_STORE_set_check_issued ,
241	.Fn X509_STORE_get_check_issued ,
242	and
243	.Fn X509_STORE_CTX_get_check_issued
244	first appeared in OpenSSL 1.1.0 and have been available since
245	.Ox 7.3 .
246	.Sh BUGS
247	The reversal of order of
248	.Fa subject
249	and
250	.Fa issuer
251	between
252	.Fn check_issued
253	and
254	.Xr X509_check_issued 3
255	is very confusing.
256	It has led to bugs and will cause many more.