1 files changed, 0 insertions, 199 deletions
diff --git a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
deleted file mode 100644
index f9da13fba4..0000000000
--- a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3
+++ /dev/null
@@ -1,199 +0,0 @@
-.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.1 2021/08/02 16:21:11 schwarze Exp $
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: August 2 2021 $
-.Dt X509_STORE_GET_BY_SUBJECT 3
-.Os
-.Sh NAME
-.Nm X509_STORE_get_by_subject ,
-.Nm X509_STORE_get1_certs ,
-.Nm X509_STORE_get1_crls ,
-.Nm X509_STORE_CTX_get1_issuer
-.Nd retrieve objects from a certificate store
-.Sh SYNOPSIS
-.In openssl/x509_vfy.h
-.Ft int
-.Fo X509_STORE_get_by_subject
-.Fa "X509_STORE_CTX *ctx"
-.Fa "int type"
-.Fa "X509_NAME *name"
-.Fa "X509_OBJECT *object"
-.Fc
-.Ft STACK_OF(X509) *
-.Fo X509_STORE_get1_certs
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509_NAME *name"
-.Fc
-.Ft STACK_OF(X509_CRL) *
-.Fo X509_STORE_get1_crls
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509_NAME *name"
-.Fc
-.Ft int
-.Fo X509_STORE_CTX_get1_issuer
-.Fa "X509 **issuer"
-.Fa "X509_STORE_CTX *ctx"
-.Fa "X509 *certificate"
-.Fc
-.Sh DESCRIPTION
-.Fn X509_STORE_get_by_subject
-retrieves the first object having a matching
-.Fa type
-and
-.Fa name
-from the
-.Vt X509_STORE
-associated with the
-.Fa ctx .
-The
-.Fa type
-can be
-.Dv X509_LU_X509
-to retrieve a certificate or
-.Dv X509_LU_CRL
-to retrieve a revocation list.
-.Pp
-If the store does not yet contain a matching object or if the type is
-.Dv X509_LU_CRL ,
-.Xr X509_LOOKUP_by_subject 3
-is called on
-.Vt X509_LOOKUP
-objects associated with the store until a match is found,
-which may add zero or more objects to the store.
-.Pp
-In case of success, the content of the
-.Fa object
-provided by the caller is overwritten with a pointer to the first
-match, and the reference count of that certificate or revocation
-list is incremented by 1.
-Avoiding a memory leak by making sure the provided
-.Fa object
-is empty is the responsibility of the caller.
-.Pp
-.Fn X509_STORE_get1_certs
-retrieves all certificates matching the subject
-.Vt name
-from the
-.Vt X509_STORE
-associated with
-.Fa ctx .
-If there are none yet,
-.Fn X509_STORE_get_by_subject
-is called to try and add some.
-In case of success, the reference counts of all certificates
-added to the returned array are incremented by 1.
-.Pp
-.Fn X509_STORE_get1_crls
-is similar except that it operates on certificate revocation lists
-rather than on certificates and that it always calls
-.Fn X509_STORE_get_by_subject ,
-even if the
-.Vt X509_STORE
-already contains a matching revocation list.
-.Pp
-.Fn X509_STORE_CTX_get1_issuer
-retrieves the
-.Fa issuer
-CA certificate for the given
-.Fa certificate
-from the
-.Vt X509_STORE
-associated with
-.Fa ctx .
-Internally, the issuer name is retrieved with
-.Xr X509_get_issuer_name 3
-and the candidate issuer CA certificate with
-.Fn X509_STORE_get_by_subject
-using that issuer name.
-.Xr X509_check_issued 3
-or a user-supplied replacement function is used to check whether the
-.Fa certificate
-was indeed issued using the
-.Fa issuer
-CA certificate before returning it.
-If verification parameters associated with
-.Fa ctx
-encourage checking of validity times, CAs with a valid time are
-preferred, but if no matching CA has a valid time, one with an
-invalid time is accepted anyway.
-.Sh RETURN VALUES
-.Fn X509_STORE_get_by_subject
-returns 1 if a match is found or 0 on failure.
-In addition to simply not finding a match,
-it may also fail due to memory allocation failure in
-.Xr X509_LOOKUP_by_subject 3 .
-If
-.Fa ctx
-contains any
-.Vt X509_LOOKUP
-object using a user-defined
-.Vt X509_LOOKUP_METHOD ,
-it might also return negative values for internal errors.
-.Pp
-.Fn X509_STORE_get1_certs
-returns a newly allocated and populated array of certificates or
-.Dv NULL
-on failure.
-It fails if no match is found, if
-.Fn X509_STORE_get_by_subject
-fails, or if memory allocation fails.
-.Pp
-.Fn X509_STORE_get1_crls
-returns a newly allocated and populated array of CRLs or
-.Dv NULL
-on failure.
-It fails if
-.Fn X509_STORE_get_by_subject
-finds no new match, even if the associated
-.Vt X509_STORE
-already contains matching CRLs, or if memory allocation fails.
-.Pp
-.Fn X509_STORE_CTX_get1_issuer
-returns 1 if a matching
-.Fa issuer
-CA certificate is found or 0 otherwise.
-If
-.Fa ctx
-contains any
-.Vt X509_LOOKUP
-object using a user-defined
-.Vt X509_LOOKUP_METHOD ,
-it might also return negative values for internal errors.
-.Sh SEE ALSO
-.Xr STACK_OF 3 ,
-.Xr X509_check_issued 3 ,
-.Xr X509_CRL_new 3 ,
-.Xr X509_get_issuer_name 3 ,
-.Xr X509_LOOKUP_by_subject 3 ,
-.Xr X509_NAME_new 3 ,
-.Xr X509_new 3 ,
-.Xr X509_OBJECT_retrieve_by_subject 3 ,
-.Xr X509_STORE_CTX_new 3 ,
-.Xr X509_VERIFY_PARAM_set_flags 3
-.Sh HISTORY
-.Fn X509_STORE_get_by_subject
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn X509_STORE_CTX_get1_issuer
-first appeared in OpenSSL 0.9.6 and has been available since
-.Ox 2.9 .
-.Pp
-.Fn X509_STORE_get1_certs
-and
-.Fn X509_STORE_get1_crls
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .

diff --git a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 deleted file mode 100644 index f9da13fba4..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 +++ /dev/null
@@ -1,199 +0,0 @@
1	.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.1 2021/08/02 16:21:11 schwarze Exp $
2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: August 2 2021 $
18	.Dt X509_STORE_GET_BY_SUBJECT 3
19	.Os
20	.Sh NAME
21	.Nm X509_STORE_get_by_subject ,
22	.Nm X509_STORE_get1_certs ,
23	.Nm X509_STORE_get1_crls ,
24	.Nm X509_STORE_CTX_get1_issuer
25	.Nd retrieve objects from a certificate store
26	.Sh SYNOPSIS
27	.In openssl/x509_vfy.h
28	.Ft int
29	.Fo X509_STORE_get_by_subject
30	.Fa "X509_STORE_CTX *ctx"
31	.Fa "int type"
32	.Fa "X509_NAME *name"
33	.Fa "X509_OBJECT *object"
34	.Fc
35	.Ft STACK_OF(X509) *
36	.Fo X509_STORE_get1_certs
37	.Fa "X509_STORE_CTX *ctx"
38	.Fa "X509_NAME *name"
39	.Fc
40	.Ft STACK_OF(X509_CRL) *
41	.Fo X509_STORE_get1_crls
42	.Fa "X509_STORE_CTX *ctx"
43	.Fa "X509_NAME *name"
44	.Fc
45	.Ft int
46	.Fo X509_STORE_CTX_get1_issuer
47	.Fa "X509 **issuer"
48	.Fa "X509_STORE_CTX *ctx"
49	.Fa "X509 *certificate"
50	.Fc
51	.Sh DESCRIPTION
52	.Fn X509_STORE_get_by_subject
53	retrieves the first object having a matching
54	.Fa type
55	and
56	.Fa name
57	from the
58	.Vt X509_STORE
59	associated with the
60	.Fa ctx .
61	The
62	.Fa type
63	can be
64	.Dv X509_LU_X509
65	to retrieve a certificate or
66	.Dv X509_LU_CRL
67	to retrieve a revocation list.
68	.Pp
69	If the store does not yet contain a matching object or if the type is
70	.Dv X509_LU_CRL ,
71	.Xr X509_LOOKUP_by_subject 3
72	is called on
73	.Vt X509_LOOKUP
74	objects associated with the store until a match is found,
75	which may add zero or more objects to the store.
76	.Pp
77	In case of success, the content of the
78	.Fa object
79	provided by the caller is overwritten with a pointer to the first
80	match, and the reference count of that certificate or revocation
81	list is incremented by 1.
82	Avoiding a memory leak by making sure the provided
83	.Fa object
84	is empty is the responsibility of the caller.
85	.Pp
86	.Fn X509_STORE_get1_certs
87	retrieves all certificates matching the subject
88	.Vt name
89	from the
90	.Vt X509_STORE
91	associated with
92	.Fa ctx .
93	If there are none yet,
94	.Fn X509_STORE_get_by_subject
95	is called to try and add some.
96	In case of success, the reference counts of all certificates
97	added to the returned array are incremented by 1.
98	.Pp
99	.Fn X509_STORE_get1_crls
100	is similar except that it operates on certificate revocation lists
101	rather than on certificates and that it always calls
102	.Fn X509_STORE_get_by_subject ,
103	even if the
104	.Vt X509_STORE
105	already contains a matching revocation list.
106	.Pp
107	.Fn X509_STORE_CTX_get1_issuer
108	retrieves the
109	.Fa issuer
110	CA certificate for the given
111	.Fa certificate
112	from the
113	.Vt X509_STORE
114	associated with
115	.Fa ctx .
116	Internally, the issuer name is retrieved with
117	.Xr X509_get_issuer_name 3
118	and the candidate issuer CA certificate with
119	.Fn X509_STORE_get_by_subject
120	using that issuer name.
121	.Xr X509_check_issued 3
122	or a user-supplied replacement function is used to check whether the
123	.Fa certificate
124	was indeed issued using the
125	.Fa issuer
126	CA certificate before returning it.
127	If verification parameters associated with
128	.Fa ctx
129	encourage checking of validity times, CAs with a valid time are
130	preferred, but if no matching CA has a valid time, one with an
131	invalid time is accepted anyway.
132	.Sh RETURN VALUES
133	.Fn X509_STORE_get_by_subject
134	returns 1 if a match is found or 0 on failure.
135	In addition to simply not finding a match,
136	it may also fail due to memory allocation failure in
137	.Xr X509_LOOKUP_by_subject 3 .
138	If
139	.Fa ctx
140	contains any
141	.Vt X509_LOOKUP
142	object using a user-defined
143	.Vt X509_LOOKUP_METHOD ,
144	it might also return negative values for internal errors.
145	.Pp
146	.Fn X509_STORE_get1_certs
147	returns a newly allocated and populated array of certificates or
148	.Dv NULL
149	on failure.
150	It fails if no match is found, if
151	.Fn X509_STORE_get_by_subject
152	fails, or if memory allocation fails.
153	.Pp
154	.Fn X509_STORE_get1_crls
155	returns a newly allocated and populated array of CRLs or
156	.Dv NULL
157	on failure.
158	It fails if
159	.Fn X509_STORE_get_by_subject
160	finds no new match, even if the associated
161	.Vt X509_STORE
162	already contains matching CRLs, or if memory allocation fails.
163	.Pp
164	.Fn X509_STORE_CTX_get1_issuer
165	returns 1 if a matching
166	.Fa issuer
167	CA certificate is found or 0 otherwise.
168	If
169	.Fa ctx
170	contains any
171	.Vt X509_LOOKUP
172	object using a user-defined
173	.Vt X509_LOOKUP_METHOD ,
174	it might also return negative values for internal errors.
175	.Sh SEE ALSO
176	.Xr STACK_OF 3 ,
177	.Xr X509_check_issued 3 ,
178	.Xr X509_CRL_new 3 ,
179	.Xr X509_get_issuer_name 3 ,
180	.Xr X509_LOOKUP_by_subject 3 ,
181	.Xr X509_NAME_new 3 ,
182	.Xr X509_new 3 ,
183	.Xr X509_OBJECT_retrieve_by_subject 3 ,
184	.Xr X509_STORE_CTX_new 3 ,
185	.Xr X509_VERIFY_PARAM_set_flags 3
186	.Sh HISTORY
187	.Fn X509_STORE_get_by_subject
188	first appeared in SSLeay 0.8.0 and has been available since
189	.Ox 2.4 .
190	.Pp
191	.Fn X509_STORE_CTX_get1_issuer
192	first appeared in OpenSSL 0.9.6 and has been available since
193	.Ox 2.9 .
194	.Pp
195	.Fn X509_STORE_get1_certs
196	and
197	.Fn X509_STORE_get1_crls
198	first appeared in OpenSSL 1.0.0 and have been available since
199	.Ox 4.9 .