1 files changed, 0 insertions, 192 deletions
diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3
deleted file mode 100644
index 5ea774a3ef..0000000000
--- a/src/lib/libcrypto/man/X509_policy_check.3
+++ /dev/null
@@ -1,192 +0,0 @@
-.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 11 2021 $
-.Dt X509_POLICY_CHECK 3
-.Os
-.Sh NAME
-.Nm X509_policy_check ,
-.Nm X509_policy_tree_free
-.Nd construct X.509 valid policy tree
-.Sh SYNOPSIS
-.In openssl/x509_vfy.h
-.Ft int
-.Fo X509_policy_check
-.Fa "X509_POLICY_TREE **ptree"
-.Fa "int *pexplicit_policy"
-.Fa "STACK_OF(X509) *certs"
-.Fa "STACK_OF(ASN1_OBJECT) *policy_oids"
-.Fa "unsigned int flags"
-.Fc
-.Ft void
-.Fn X509_policy_tree_free "X509_POLICY_TREE *tree"
-.Sh DESCRIPTION
-.Fn X509_policy_check
-performs those parts of Basic Certification Path Validation
-described in RFC 5280 section 6.1 that are related to the
-construction of the valid policy tree.
-.Pp
-The
-.Fa certs
-input argument contains the prospective certification path
-according to RFC 5280 paragraph 6.1.1(a), starting with the
-target certificate and ending with the trust anchor.
-.Pp
-The
-.Fa policy_oids
-input argument contains the
-.Va user-initial-policy-set
-according to RFC 5280 section 6.1.1(c).
-It specifies a set of certificate policies acceptable to the certificate user.
-.Pp
-The
-.Fa flags
-argument can contain zero or more of the following constants, OR'ed together:
-.Bl -tag -width Ds
-.It Dv X509_V_FLAG_EXPLICIT_POLICY
-Set
-.Va initial-explicit-policy
-as defined by RFC 5280 paragraph 6.1.1(f).
-It requires the path to be valid for at least one of the
-.Fa policy_oids .
-.It Dv X509_V_FLAG_INHIBIT_ANY
-Set
-.Va initial-any-policy-inhibit
-as defined by RFC 5280 paragraph 6.1.1(g).
-It causes the
-.Sy anyPolicy
-OID to be skipped if it is encountered in a certificate.
-.It Dv X509_V_FLAG_INHIBIT_MAP
-Set
-.Va initial-policy-mapping-inhibit
-as defined by RFC 5280 paragraph 6.1.1(e).
-It disables policy mapping in the certification path.
-.El
-.Pp
-Upon success and in some cases of failure, the storage location pointed to by
-.Fa pexplicit_policy
-is set to 1 if
-.Dv X509_V_FLAG_EXPLICIT_POLICY
-was requested.
-Otherwise, it is set to 0.
-.Pp
-In many cases of success and in a few cases of failure, a pointer to the
-.Vt valid_policy_tree
-output value mentioned in RFC 5280 section 6.1.6 is returned in
-.Pf * Fa ptree .
-It contains one level for each of the
-.Fa certs ,
-in reverse order: level 0 corresponds to the trust anchor,
-the last level corresponds to the target certificate.
-Level 0 is initialized to contain a single node with a
-.Fa valid_policy
-of
-.Sy anyPolicy
-and an empty
-.Fa qualifier_set .
-.Pp
-If a policy tree is returned, the reference count of each of the
-.Fa certs
-is incremented by 1.
-In that case, the caller is responsible for calling
-.Fn X509_policy_tree_free
-to release all memory used by the
-.Fa tree
-and to decrement the reference counts
-of the certificates referenced from it by 1.
-If
-.Fa tree
-is a
-.Dv NULL
-pointer,
-.Fn X509_policy_tree_free
-has no effect.
-.Sh RETURN VALUES
-.Fn X509_policy_check
-returns these values:
-.Bl -tag -width 2n
-.It \-2
-Validation failed because
-.Dv X509_V_FLAG_EXPLICIT_POLICY
-was requested but the resulting policy tree
-or the resulting user policy set would have been empty.
-In this case,
-.Pf * Fa pexplicit_policy
-is set to 1.
-If the resulting tree is empty,
-.Pf * Fa ptree
-is set to
-.Dv NULL ;
-otherwise, it is set to the resulting tree.
-.It \-1
-At least one of the
-.Fa certs
-contains invalid or inconsistent extensions.
-.Pf * Fa ptree
-is set to
-.Dv NULL
-and
-.Pf * Fa pexplicit_policy
-to 0.
-.It 0
-Internal error.
-For example, setting up the policy caches failed, or memory allocation
-failed while constructing the tree.
-.Pf * Fa ptree
-is set to
-.Dv NULL
-and
-.Pf * Fa pexplicit_policy
-may or may not be set.
-.It 1
-Validation succeeded and
-.Pf * Fa ptree
-and
-.Pf * Fa pexplicit_policy
-have been set.
-In the special cases that the
-.Fa certs
-argument contains exactly one certificate or that
-.Dv X509_V_FLAG_EXPLICIT_POLICY
-was not requested and at least one of the certificates contains no
-certificate policies or the resulting policy tree would have been empty,
-.Pf * Fa ptree
-is set to
-.Dv NULL
-and
-.Pf * Fa pexplicit_policy
-to 0.
-.El
-.Sh SEE ALSO
-.Xr ASN1_OBJECT_new 3 ,
-.Xr OBJ_nid2obj 3 ,
-.Xr STACK_OF 3 ,
-.Xr X509_check_purpose 3 ,
-.Xr X509_check_trust 3 ,
-.Xr X509_new 3 ,
-.Xr X509_policy_tree_get0_policies 3 ,
-.Xr X509_policy_tree_level_count 3 ,
-.Xr X509_verify_cert 3
-.Sh STANDARDS
-RFC 5280: Internet X.509 Public Key Infrastructure Certificate
-and Certificate Revocation List (CRL) Profile,
-section 6.1: Basic Path Validation
-.Sh HISTORY
-.Fn X509_policy_check
-and
-.Fn X509_policy_tree_free
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .

diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3 deleted file mode 100644 index 5ea774a3ef..0000000000 --- a/src/lib/libcrypto/man/X509_policy_check.3 +++ /dev/null
@@ -1,192 +0,0 @@
1	.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $
2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: November 11 2021 $
18	.Dt X509_POLICY_CHECK 3
19	.Os
20	.Sh NAME
21	.Nm X509_policy_check ,
22	.Nm X509_policy_tree_free
23	.Nd construct X.509 valid policy tree
24	.Sh SYNOPSIS
25	.In openssl/x509_vfy.h
26	.Ft int
27	.Fo X509_policy_check
28	.Fa "X509_POLICY_TREE **ptree"
29	.Fa "int *pexplicit_policy"
30	.Fa "STACK_OF(X509) *certs"
31	.Fa "STACK_OF(ASN1_OBJECT) *policy_oids"
32	.Fa "unsigned int flags"
33	.Fc
34	.Ft void
35	.Fn X509_policy_tree_free "X509_POLICY_TREE *tree"
36	.Sh DESCRIPTION
37	.Fn X509_policy_check
38	performs those parts of Basic Certification Path Validation
39	described in RFC 5280 section 6.1 that are related to the
40	construction of the valid policy tree.
41	.Pp
42	The
43	.Fa certs
44	input argument contains the prospective certification path
45	according to RFC 5280 paragraph 6.1.1(a), starting with the
46	target certificate and ending with the trust anchor.
47	.Pp
48	The
49	.Fa policy_oids
50	input argument contains the
51	.Va user-initial-policy-set
52	according to RFC 5280 section 6.1.1(c).
53	It specifies a set of certificate policies acceptable to the certificate user.
54	.Pp
55	The
56	.Fa flags
57	argument can contain zero or more of the following constants, OR'ed together:
58	.Bl -tag -width Ds
59	.It Dv X509_V_FLAG_EXPLICIT_POLICY
60	Set
61	.Va initial-explicit-policy
62	as defined by RFC 5280 paragraph 6.1.1(f).
63	It requires the path to be valid for at least one of the
64	.Fa policy_oids .
65	.It Dv X509_V_FLAG_INHIBIT_ANY
66	Set
67	.Va initial-any-policy-inhibit
68	as defined by RFC 5280 paragraph 6.1.1(g).
69	It causes the
70	.Sy anyPolicy
71	OID to be skipped if it is encountered in a certificate.
72	.It Dv X509_V_FLAG_INHIBIT_MAP
73	Set
74	.Va initial-policy-mapping-inhibit
75	as defined by RFC 5280 paragraph 6.1.1(e).
76	It disables policy mapping in the certification path.
77	.El
78	.Pp
79	Upon success and in some cases of failure, the storage location pointed to by
80	.Fa pexplicit_policy
81	is set to 1 if
82	.Dv X509_V_FLAG_EXPLICIT_POLICY
83	was requested.
84	Otherwise, it is set to 0.
85	.Pp
86	In many cases of success and in a few cases of failure, a pointer to the
87	.Vt valid_policy_tree
88	output value mentioned in RFC 5280 section 6.1.6 is returned in
89	.Pf * Fa ptree .
90	It contains one level for each of the
91	.Fa certs ,
92	in reverse order: level 0 corresponds to the trust anchor,
93	the last level corresponds to the target certificate.
94	Level 0 is initialized to contain a single node with a
95	.Fa valid_policy
96	of
97	.Sy anyPolicy
98	and an empty
99	.Fa qualifier_set .
100	.Pp
101	If a policy tree is returned, the reference count of each of the
102	.Fa certs
103	is incremented by 1.
104	In that case, the caller is responsible for calling
105	.Fn X509_policy_tree_free
106	to release all memory used by the
107	.Fa tree
108	and to decrement the reference counts
109	of the certificates referenced from it by 1.
110	If
111	.Fa tree
112	is a
113	.Dv NULL
114	pointer,
115	.Fn X509_policy_tree_free
116	has no effect.
117	.Sh RETURN VALUES
118	.Fn X509_policy_check
119	returns these values:
120	.Bl -tag -width 2n
121	.It \-2
122	Validation failed because
123	.Dv X509_V_FLAG_EXPLICIT_POLICY
124	was requested but the resulting policy tree
125	or the resulting user policy set would have been empty.
126	In this case,
127	.Pf * Fa pexplicit_policy
128	is set to 1.
129	If the resulting tree is empty,
130	.Pf * Fa ptree
131	is set to
132	.Dv NULL ;
133	otherwise, it is set to the resulting tree.
134	.It \-1
135	At least one of the
136	.Fa certs
137	contains invalid or inconsistent extensions.
138	.Pf * Fa ptree
139	is set to
140	.Dv NULL
141	and
142	.Pf * Fa pexplicit_policy
143	to 0.
144	.It 0
145	Internal error.
146	For example, setting up the policy caches failed, or memory allocation
147	failed while constructing the tree.
148	.Pf * Fa ptree
149	is set to
150	.Dv NULL
151	and
152	.Pf * Fa pexplicit_policy
153	may or may not be set.
154	.It 1
155	Validation succeeded and
156	.Pf * Fa ptree
157	and
158	.Pf * Fa pexplicit_policy
159	have been set.
160	In the special cases that the
161	.Fa certs
162	argument contains exactly one certificate or that
163	.Dv X509_V_FLAG_EXPLICIT_POLICY
164	was not requested and at least one of the certificates contains no
165	certificate policies or the resulting policy tree would have been empty,
166	.Pf * Fa ptree
167	is set to
168	.Dv NULL
169	and
170	.Pf * Fa pexplicit_policy
171	to 0.
172	.El
173	.Sh SEE ALSO
174	.Xr ASN1_OBJECT_new 3 ,
175	.Xr OBJ_nid2obj 3 ,
176	.Xr STACK_OF 3 ,
177	.Xr X509_check_purpose 3 ,
178	.Xr X509_check_trust 3 ,
179	.Xr X509_new 3 ,
180	.Xr X509_policy_tree_get0_policies 3 ,
181	.Xr X509_policy_tree_level_count 3 ,
182	.Xr X509_verify_cert 3
183	.Sh STANDARDS
184	RFC 5280: Internet X.509 Public Key Infrastructure Certificate
185	and Certificate Revocation List (CRL) Profile,
186	section 6.1: Basic Path Validation
187	.Sh HISTORY
188	.Fn X509_policy_check
189	and
190	.Fn X509_policy_tree_free
191	first appeared in OpenSSL 0.9.8 and have been available since
192	.Ox 4.5 .