1 files changed, 222 insertions, 0 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
new file mode 100644
index 0000000000..1f60bad142
--- /dev/null
+++ b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
@@ -0,0 +1,222 @@
+.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.1 2019/04/05 18:29:43 schwarze Exp $
+.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" and Rob Stradling <rob.stradling@comodo.com>.
+.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: April 5 2019 $
+.Dt SSL_CTX_ADD1_CHAIN_CERT 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set0_chain ,
+.Nm SSL_CTX_set1_chain ,
+.Nm SSL_CTX_add0_chain_cert ,
+.Nm SSL_CTX_add1_chain_cert ,
+.Nm SSL_CTX_get0_chain_certs ,
+.Nm SSL_CTX_clear_chain_certs ,
+.Nm SSL_set0_chain ,
+.Nm SSL_set1_chain ,
+.Nm SSL_add0_chain_cert ,
+.Nm SSL_add1_chain_cert ,
+.Nm SSL_get0_chain_certs ,
+.Nm SSL_clear_chain_certs
+.Nd extra chain certificate processing
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fo SSL_CTX_set0_chain
+.Fa "SSL_CTX *ctx"
+.Fa "STACK_OF(X509) *chain"
+.Fc
+.Ft int
+.Fo SSL_CTX_set1_chain
+.Fa "SSL_CTX *ctx"
+.Fa "STACK_OF(X509) *chain"
+.Fc
+.Ft int
+.Fo SSL_CTX_add0_chain_cert
+.Fa "SSL_CTX *ctx"
+.Fa "X509 *cert"
+.Fc
+.Ft int
+.Fo SSL_CTX_add1_chain_cert
+.Fa "SSL_CTX *ctx"
+.Fa "X509 *cert"
+.Fc
+.Ft int
+.Fo SSL_CTX_get0_chain_certs
+.Fa "SSL_CTX *ctx"
+.Fa "STACK_OF(X509) **chain"
+.Fc
+.Ft int
+.Fo SSL_CTX_clear_chain_certs
+.Fa "SSL_CTX *ctx"
+.Fc
+.Ft int
+.Fo SSL_set0_chain
+.Fa "SSL *ssl"
+.Fa "STACK_OF(X509) *chain"
+.Fc
+.Ft int
+.Fo SSL_set1_chain
+.Fa "SSL *ssl"
+.Fa "STACK_OF(X509) *chain"
+.Fc
+.Ft int
+.Fo SSL_add0_chain_cert
+.Fa "SSL *ssl"
+.Fa "X509 *cert"
+.Fc
+.Ft int
+.Fo SSL_add1_chain_cert
+.Fa "SSL *ssl"
+.Fa "X509 *cert"
+.Fc
+.Ft int
+.Fo SSL_get0_chain_certs
+.Fa "SSL *ssl"
+.Fa "STACK_OF(X509) **chain"
+.Fc
+.Ft int
+.Fo SSL_clear_chain_certs
+.Fa "SSL *ssl"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_CTX_set0_chain
+and
+.Fn SSL_CTX_set1_chain
+set the certificate chain associated with the current certificate of
+.Fa ctx
+to
+.Fa chain .
+The
+.Fa chain
+is not supposed to include the current certificate itself.
+.Pp
+.Fn SSL_CTX_add0_chain_cert
+and
+.Fn SSL_CTX_add1_chain_cert
+append the single certificate
+.Fa cert
+to the chain associated with the current certificate of
+.Fa ctx .
+.Pp
+.Fn SSL_CTX_get0_chain_certs
+retrieves the chain associated with the current certificate of
+.Fa ctx .
+.Pp
+.Fn SSL_CTX_clear_chain_certs
+clears the existing chain associated with the current certificate of
+.Fa ctx ,
+if any.
+This is equivalent to calling
+.Fn SSL_CTX_set0_chain
+with
+.Fa chain
+set to
+.Dv NULL .
+.Pp
+Each of these functions operates on the
+.Em current
+end entity (i.e. server or client) certificate.
+This is the last certificate loaded or selected on the corresponding
+.Fa ctx
+structure, for example using
+.Xr SSL_CTX_use_certificate 3 .
+.Pp
+.Fn SSL_set0_chain ,
+.Fn SSL_set1_chain ,
+.Fn SSL_add0_chain_cert ,
+.Fn SSL_add1_chain_cert ,
+.Fn SSL_get0_chain_certs ,
+and
+.Fn SSL_clear_chain_certs
+are similar except that they operate on the
+.Fa ssl
+connection.
+.Pp
+The functions containing a
+.Sy 1
+in their name increment the reference count of the supplied certificate
+or chain, so it must be freed at some point after the operation.
+Those containing a
+.Sy 0
+do not increment reference counts and the supplied certificate or chain
+must not be freed after the operation.
+.Pp
+The chains associated with an
+.Vt SSL_CTX
+structure are copied to the new
+.Vt SSL
+structure when
+.Xr SSL_new 3
+is called.
+Existing
+.Vt SSL
+structures are not affected by any chains subsequently changed
+in the parent
+.Vt SSL_CTX .
+.Pp
+One chain can be set for each key type supported by a server.
+So, for example, an RSA and a DSA certificate can (and often will) have
+different chains.
+.Pp
+If any certificates are added using these functions, no certificates
+added using
+.Xr SSL_CTX_add_extra_chain_cert 3
+will be used.
+.Sh RETURN VALUES
+These functions return 1 for success or 0 for failure.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_add_extra_chain_cert 3 ,
+.Xr SSL_CTX_use_certificate 3
+.Sh HISTORY
+These functions first appeared in OpenSSL 1.0.2
+and have been available since
+.Ox 6.5 .

diff --git a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 new file mode 100644 index 0000000000..1f60bad142 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
@@ -0,0 +1,222 @@
	1	.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.1 2019/04/05 18:29:43 schwarze Exp $
	2	.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
	3	.\"
	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
	5	.\" and Rob Stradling <rob.stradling@comodo.com>.
	6	.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved.
	7	.\"
	8	.\" Redistribution and use in source and binary forms, with or without
	9	.\" modification, are permitted provided that the following conditions
	10	.\" are met:
	11	.\"
	12	.\" 1. Redistributions of source code must retain the above copyright
	13	.\" notice, this list of conditions and the following disclaimer.
	14	.\"
	15	.\" 2. Redistributions in binary form must reproduce the above copyright
	16	.\" notice, this list of conditions and the following disclaimer in
	17	.\" the documentation and/or other materials provided with the
	18	.\" distribution.
	19	.\"
	20	.\" 3. All advertising materials mentioning features or use of this
	21	.\" software must display the following acknowledgment:
	22	.\" "This product includes software developed by the OpenSSL Project
	23	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	24	.\"
	25	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	.\" endorse or promote products derived from this software without
	27	.\" prior written permission. For written permission, please contact
	28	.\" openssl-core@openssl.org.
	29	.\"
	30	.\" 5. Products derived from this software may not be called "OpenSSL"
	31	.\" nor may "OpenSSL" appear in their names without prior written
	32	.\" permission of the OpenSSL Project.
	33	.\"
	34	.\" 6. Redistributions of any form whatsoever must retain the following
	35	.\" acknowledgment:
	36	.\" "This product includes software developed by the OpenSSL Project
	37	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	38	.\"
	39	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	51	.\"
	52	.Dd $Mdocdate: April 5 2019 $
	53	.Dt SSL_CTX_ADD1_CHAIN_CERT 3
	54	.Os
	55	.Sh NAME
	56	.Nm SSL_CTX_set0_chain ,
	57	.Nm SSL_CTX_set1_chain ,
	58	.Nm SSL_CTX_add0_chain_cert ,
	59	.Nm SSL_CTX_add1_chain_cert ,
	60	.Nm SSL_CTX_get0_chain_certs ,
	61	.Nm SSL_CTX_clear_chain_certs ,
	62	.Nm SSL_set0_chain ,
	63	.Nm SSL_set1_chain ,
	64	.Nm SSL_add0_chain_cert ,
	65	.Nm SSL_add1_chain_cert ,
	66	.Nm SSL_get0_chain_certs ,
	67	.Nm SSL_clear_chain_certs
	68	.Nd extra chain certificate processing
	69	.Sh SYNOPSIS
	70	.In openssl/ssl.h
	71	.Ft int
	72	.Fo SSL_CTX_set0_chain
	73	.Fa "SSL_CTX *ctx"
	74	.Fa "STACK_OF(X509) *chain"
	75	.Fc
	76	.Ft int
	77	.Fo SSL_CTX_set1_chain
	78	.Fa "SSL_CTX *ctx"
	79	.Fa "STACK_OF(X509) *chain"
	80	.Fc
	81	.Ft int
	82	.Fo SSL_CTX_add0_chain_cert
	83	.Fa "SSL_CTX *ctx"
	84	.Fa "X509 *cert"
	85	.Fc
	86	.Ft int
	87	.Fo SSL_CTX_add1_chain_cert
	88	.Fa "SSL_CTX *ctx"
	89	.Fa "X509 *cert"
	90	.Fc
	91	.Ft int
	92	.Fo SSL_CTX_get0_chain_certs
	93	.Fa "SSL_CTX *ctx"
	94	.Fa "STACK_OF(X509) **chain"
	95	.Fc
	96	.Ft int
	97	.Fo SSL_CTX_clear_chain_certs
	98	.Fa "SSL_CTX *ctx"
	99	.Fc
	100	.Ft int
	101	.Fo SSL_set0_chain
	102	.Fa "SSL *ssl"
	103	.Fa "STACK_OF(X509) *chain"
	104	.Fc
	105	.Ft int
	106	.Fo SSL_set1_chain
	107	.Fa "SSL *ssl"
	108	.Fa "STACK_OF(X509) *chain"
	109	.Fc
	110	.Ft int
	111	.Fo SSL_add0_chain_cert
	112	.Fa "SSL *ssl"
	113	.Fa "X509 *cert"
	114	.Fc
	115	.Ft int
	116	.Fo SSL_add1_chain_cert
	117	.Fa "SSL *ssl"
	118	.Fa "X509 *cert"
	119	.Fc
	120	.Ft int
	121	.Fo SSL_get0_chain_certs
	122	.Fa "SSL *ssl"
	123	.Fa "STACK_OF(X509) **chain"
	124	.Fc
	125	.Ft int
	126	.Fo SSL_clear_chain_certs
	127	.Fa "SSL *ssl"
	128	.Fc
	129	.Sh DESCRIPTION
	130	.Fn SSL_CTX_set0_chain
	131	and
	132	.Fn SSL_CTX_set1_chain
	133	set the certificate chain associated with the current certificate of
	134	.Fa ctx
	135	to
	136	.Fa chain .
	137	The
	138	.Fa chain
	139	is not supposed to include the current certificate itself.
	140	.Pp
	141	.Fn SSL_CTX_add0_chain_cert
	142	and
	143	.Fn SSL_CTX_add1_chain_cert
	144	append the single certificate
	145	.Fa cert
	146	to the chain associated with the current certificate of
	147	.Fa ctx .
	148	.Pp
	149	.Fn SSL_CTX_get0_chain_certs
	150	retrieves the chain associated with the current certificate of
	151	.Fa ctx .
	152	.Pp
	153	.Fn SSL_CTX_clear_chain_certs
	154	clears the existing chain associated with the current certificate of
	155	.Fa ctx ,
	156	if any.
	157	This is equivalent to calling
	158	.Fn SSL_CTX_set0_chain
	159	with
	160	.Fa chain
	161	set to
	162	.Dv NULL .
	163	.Pp
	164	Each of these functions operates on the
	165	.Em current
	166	end entity (i.e. server or client) certificate.
	167	This is the last certificate loaded or selected on the corresponding
	168	.Fa ctx
	169	structure, for example using
	170	.Xr SSL_CTX_use_certificate 3 .
	171	.Pp
	172	.Fn SSL_set0_chain ,
	173	.Fn SSL_set1_chain ,
	174	.Fn SSL_add0_chain_cert ,
	175	.Fn SSL_add1_chain_cert ,
	176	.Fn SSL_get0_chain_certs ,
	177	and
	178	.Fn SSL_clear_chain_certs
	179	are similar except that they operate on the
	180	.Fa ssl
	181	connection.
	182	.Pp
	183	The functions containing a
	184	.Sy 1
	185	in their name increment the reference count of the supplied certificate
	186	or chain, so it must be freed at some point after the operation.
	187	Those containing a
	188	.Sy 0
	189	do not increment reference counts and the supplied certificate or chain
	190	must not be freed after the operation.
	191	.Pp
	192	The chains associated with an
	193	.Vt SSL_CTX
	194	structure are copied to the new
	195	.Vt SSL
	196	structure when
	197	.Xr SSL_new 3
	198	is called.
	199	Existing
	200	.Vt SSL
	201	structures are not affected by any chains subsequently changed
	202	in the parent
	203	.Vt SSL_CTX .
	204	.Pp
	205	One chain can be set for each key type supported by a server.
	206	So, for example, an RSA and a DSA certificate can (and often will) have
	207	different chains.
	208	.Pp
	209	If any certificates are added using these functions, no certificates
	210	added using
	211	.Xr SSL_CTX_add_extra_chain_cert 3
	212	will be used.
	213	.Sh RETURN VALUES
	214	These functions return 1 for success or 0 for failure.
	215	.Sh SEE ALSO
	216	.Xr ssl 3 ,
	217	.Xr SSL_CTX_add_extra_chain_cert 3 ,
	218	.Xr SSL_CTX_use_certificate 3
	219	.Sh HISTORY
	220	These functions first appeared in OpenSSL 1.0.2
	221	and have been available since
	222	.Ox 6.5 .