1 files changed, 54 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/X509_verify_cert.3 b/src/lib/libcrypto/man/X509_verify_cert.3
new file mode 100644
index 0000000000..fd3d6bebda
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_verify_cert.3
@@ -0,0 +1,54 @@
+.Dd $Mdocdate: November 4 2016 $
+.Dt X509_VERIFY_CERT 3
+.Os
+.Sh NAME
+.Nm X509_verify_cert
+.Nd discover and verify X509 certificate chain
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo X509_verify_cert
+.Fa "X509_STORE_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn X509_verify_cert
+function attempts to discover and validate a certificate chain based on
+parameters in
+.Fa ctx .
+.Pp
+Applications rarely call this function directly, but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+SSL/TLS code.
+.Sh RETURN VALUES
+If a complete chain can be built and validated this function returns 1,
+otherwise it return 0.
+.Pp
+In exceptional circumstances, it can also return a negative code,
+but only if no certificate is set in
+.Fa ctx
+due to a programming error or if a retry operation is requested
+during internal lookups, which never happens with standard lookup
+methods.
+It is however recommended that application check for <= 0 return
+value on error.
+.Pp
+If the function fails, additional error information can be obtained
+by examining
+.Fa ctx ,
+for example using
+.Xr X509_STORE_CTX_get_error 3 .
+.Sh SEE ALSO
+.Xr X509_STORE_CTX_get_error 3
+and the
+.Cm verify
+entry in
+.Xr openssl 1
+.Sh HISTORY
+.Fn X509_verify_cert
+is available in all versions of SSLeay and OpenSSL.
+.Sh BUGS
+This function uses the header
+.In openssl/x509.h
+as opposed to most chain verification functions which use
+.In openssl/x509_vfy.h .

diff --git a/src/lib/libcrypto/man/X509_verify_cert.3 b/src/lib/libcrypto/man/X509_verify_cert.3 new file mode 100644 index 0000000000..fd3d6bebda --- /dev/null +++ b/src/lib/libcrypto/man/X509_verify_cert.3
@@ -0,0 +1,54 @@
	1	.Dd $Mdocdate: November 4 2016 $
	2	.Dt X509_VERIFY_CERT 3
	3	.Os
	4	.Sh NAME
	5	.Nm X509_verify_cert
	6	.Nd discover and verify X509 certificate chain
	7	.Sh SYNOPSIS
	8	.In openssl/x509.h
	9	.Ft int
	10	.Fo X509_verify_cert
	11	.Fa "X509_STORE_CTX *ctx"
	12	.Fc
	13	.Sh DESCRIPTION
	14	The
	15	.Fn X509_verify_cert
	16	function attempts to discover and validate a certificate chain based on
	17	parameters in
	18	.Fa ctx .
	19	.Pp
	20	Applications rarely call this function directly, but it is used by
	21	OpenSSL internally for certificate validation, in both the S/MIME and
	22	SSL/TLS code.
	23	.Sh RETURN VALUES
	24	If a complete chain can be built and validated this function returns 1,
	25	otherwise it return 0.
	26	.Pp
	27	In exceptional circumstances, it can also return a negative code,
	28	but only if no certificate is set in
	29	.Fa ctx
	30	due to a programming error or if a retry operation is requested
	31	during internal lookups, which never happens with standard lookup
	32	methods.
	33	It is however recommended that application check for <= 0 return
	34	value on error.
	35	.Pp
	36	If the function fails, additional error information can be obtained
	37	by examining
	38	.Fa ctx ,
	39	for example using
	40	.Xr X509_STORE_CTX_get_error 3 .
	41	.Sh SEE ALSO
	42	.Xr X509_STORE_CTX_get_error 3
	43	and the
	44	.Cm verify
	45	entry in
	46	.Xr openssl 1
	47	.Sh HISTORY
	48	.Fn X509_verify_cert
	49	is available in all versions of SSLeay and OpenSSL.
	50	.Sh BUGS
	51	This function uses the header
	52	.In openssl/x509.h
	53	as opposed to most chain verification functions which use
	54	.In openssl/x509_vfy.h .